enableSSL = true;
sslServerCert = "/var/lib/acme/${vhostConf.certName}/cert.pem";
sslServerKey = "/var/lib/acme/${vhostConf.certName}/key.pem";
- sslServerChain = "/var/lib/acme/${vhostConf.certName}/fullchain.pem";
+ sslServerChain = "/var/lib/acme/${vhostConf.certName}/chain.pem";
logFormat = "combinedVhost";
listen = map (ip: { inherit ip; port = 443; }) cfg.ips;
hostName = builtins.head vhostConf.hosts;
services.myWebsites.TellesFlorian.integration.enable = true;
services.myWebsites.Florian.integration.enable = true;
- deployment.keys.apache-ldap = {
+ mySecrets.keys = [{
+ dest = "apache-ldap";
user = "wwwrun";
group = "wwwrun";
- permissions = "0700";
+ permissions = "0400";
text = ''
<Macro LDAPConnect>
<IfModule authnz_ldap_module>
</IfModule>
</Macro>
'';
- };
+ }];
services.myWebsites.apacheConfig = {
gzip = {
LDAPOpCacheTTL 600
</IfModule>
- Include /run/keys/apache-ldap
+ Include /var/secrets/apache-ldap
'';
};
global = {
install -d -m 0755 /var/lib/acme/acme-challenge
install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions
install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/adminer
+ install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/tmp/adminer
install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/mantisbt
install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/davical
+ install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/phpldapadmin
'';
};