overlay syncprov
syncprov-checkpoint 100 10
- TLSCertificateFile ${config.security.acme.directory}/ldap/cert.pem
- TLSCertificateKeyFile ${config.security.acme.directory}/ldap/key.pem
- TLSCACertificateFile ${config.security.acme.directory}/ldap/fullchain.pem
+ TLSCertificateFile ${config.security.acme2.certs.ldap.directory}/cert.pem
+ TLSCertificateKeyFile ${config.security.acme2.certs.ldap.directory}/key.pem
+ TLSCACertificateFile ${config.security.acme2.certs.ldap.directory}/fullchain.pem
TLSCACertificatePath ${pkgs.cacert.unbundled}/etc/ssl/certs/
#This makes openldap crash
#TLSCipherSuite DEFAULT
users.users.openldap.extraGroups = [ "keys" ];
networking.firewall.allowedTCPPorts = [ 636 389 ];
- security.acme.certs."ldap" = config.myServices.databasesCerts // {
+ security.acme2.certs."ldap" = config.myServices.databasesCerts // {
user = "openldap";
group = "openldap";
- plugins = [ "fullchain.pem" "key.pem" "cert.pem" "account_key.json" ];
+ plugins = [ "fullchain.pem" "key.pem" "cert.pem" "account_key.json" "account_reg.json" ];
domain = "ldap.immae.eu";
postRun = ''
systemctl restart openldap.service