X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fcertificates.nix;h=82ff52f04ba0f437966e6fdbff7472cb2bf6e645;hb=258dd18bac4bf5dd03cf1098ffa35cb954f9e015;hp=2bf27302edb8ae8ad435c7df8fb2f4c1d2bfc9ef;hpb=e7b890d0999fe54a99f84fe92d625d9d488358dc;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/certificates.nix b/modules/private/certificates.nix
index 2bf2730..82ff52f 100644
--- a/modules/private/certificates.nix
+++ b/modules/private/certificates.nix
@@ -12,7 +12,6 @@
           (lib.optionalString config.services.httpd.Inte.enable "systemctl reload httpdInte.service")
           (lib.optionalString config.services.nginx.enable "systemctl reload nginx.service")
         ];
-        plugins = [ "cert.pem" "chain.pem" "fullchain.pem" "full.pem" "key.pem" "account_key.json" "account_reg.json"];
       };
       description = "Default configuration for certificates";
     };
@@ -30,6 +29,7 @@
     myServices.databasesCerts = config.myServices.certificates.certConfig;
     myServices.ircCerts = config.myServices.certificates.certConfig;
 
+    security.acme.acceptTerms = true;
     security.acme.preliminarySelfsigned = true;
 
     security.acme.certs = {
@@ -39,18 +39,16 @@
     };
 
     systemd.services = lib.attrsets.mapAttrs' (k: v:
-      lib.attrsets.nameValuePair "acme-selfsigned-${k}" (lib.mkBefore { script =
-        (lib.optionalString (builtins.elem "cert.pem" v.plugins) ''
+      lib.attrsets.nameValuePair "acme-selfsigned-${k}" { script = lib.mkBefore ''
         cp $workdir/server.crt ${config.security.acme.certs."${k}".directory}/cert.pem
         chown '${v.user}:${v.group}' ${config.security.acme.certs."${k}".directory}/cert.pem
         chmod ${if v.allowKeysForGroup then "750" else "700"} ${config.security.acme.certs."${k}".directory}/cert.pem
-        '') +
-        (lib.optionalString (builtins.elem "chain.pem" v.plugins) ''
+
         cp $workdir/ca.crt ${config.security.acme.certs."${k}".directory}/chain.pem
         chown '${v.user}:${v.group}' ${config.security.acme.certs."${k}".directory}/chain.pem
         chmod ${if v.allowKeysForGroup then "750" else "700"} ${config.security.acme.certs."${k}".directory}/chain.pem
-        '')
-      ; })
+        '';
+      }
     ) config.security.acme.certs //
     lib.attrsets.mapAttrs' (k: data:
       lib.attrsets.nameValuePair "acme-${k}" {