X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;ds=inline;f=modules%2Fprivate%2Ftasks%2Fdefault.nix;h=c0cc87bc353000c2f05d2d49ac267d7517014677;hb=ea9c6fe8041faab128391a0c03ec3bde25e29fa3;hp=b345e5a3d0469270c7ff5926443eb0fba1fabfa7;hpb=d2e703c560bc029c3d607058de2935bbf1cb0559;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/tasks/default.nix b/modules/private/tasks/default.nix
index b345e5a..c0cc87b 100644
--- a/modules/private/tasks/default.nix
+++ b/modules/private/tasks/default.nix
@@ -1,10 +1,10 @@
-{ lib, pkgs, config, myconfig,  ... }:
+{ lib, pkgs, config,  ... }:
 let
   cfg = config.myServices.tasks;
   server_vardir = config.services.taskserver.dataDir;
   fqdn = "task.immae.eu";
   user = config.services.taskserver.user;
-  env = myconfig.env.tools.task;
+  env = config.myEnv.tools.task;
   group = config.services.taskserver.group;
   taskserver-user-certs = pkgs.runCommand "taskserver-user-certs" {} ''
     mkdir -p $out/bin
@@ -107,7 +107,7 @@ in {
           SetEnv TASKD_LDAP_DN       "${env.ldap.dn}"
           SetEnv TASKD_LDAP_PASSWORD "${env.ldap.password}"
           SetEnv TASKD_LDAP_BASE     "${env.ldap.base}"
-          SetEnv TASKD_LDAP_FILTER   "${env.ldap.search}"
+          SetEnv TASKD_LDAP_FILTER   "${env.ldap.filter}"
         '';
     }];
     services.websites.env.tools.watchPaths = [ "/var/secrets/webapps/tools-taskwarrior-web" ];
@@ -192,9 +192,9 @@ in {
 
     myServices.websites.webappDirs._task = ./www;
 
-    security.acme.certs."task" = config.myServices.certificates.certConfig // {
+    security.acme2.certs."task" = config.myServices.certificates.certConfig // {
       inherit user group;
-      plugins = [ "fullchain.pem" "key.pem" "cert.pem" "account_key.json" ];
+      plugins = [ "fullchain.pem" "key.pem" "cert.pem" "account_key.json" "account_reg.json" ];
       domain = fqdn;
       postRun = ''
         systemctl restart taskserver.service
@@ -244,9 +244,9 @@ in {
       inherit fqdn;
       listenHost = "::";
       pki.manual.ca.cert = "${server_vardir}/keys/ca.cert";
-      pki.manual.server.cert = "${config.security.acme.directory}/task/fullchain.pem";
-      pki.manual.server.crl = "${config.security.acme.directory}/task/invalid.crl";
-      pki.manual.server.key = "${config.security.acme.directory}/task/key.pem";
+      pki.manual.server.cert = "${config.security.acme2.certs.task.directory}/fullchain.pem";
+      pki.manual.server.crl = "${config.security.acme2.certs.task.directory}/invalid.crl";
+      pki.manual.server.key = "${config.security.acme2.certs.task.directory}/key.pem";
       requestLimit = 104857600;
     };