system.activationScripts = {
connexionswing_dev = mypkgs.connexionswing_dev.activationScript;
+ httpd = ''
+ install -d -m 0755 /var/lib/acme/acme-challenge
+ install -d -m 0755 /var/www
+ '';
};
services.httpd = let
withSSL = domain: {
enableSSL = true;
- sslServerCert = "/var/lib/acme/${domain}/full.pem"; # FIXME: cert only?
+ sslServerCert = "/var/lib/acme/${domain}/cert.pem";
sslServerKey = "/var/lib/acme/${domain}/key.pem";
sslServerChain = "/var/lib/acme/${domain}/fullchain.pem";
};
];
};
- # FIXME: environment variables ?
security.pam.services = let
pam_ldap = pkgs.pam_ldap;
pam_ldap_mysql = assert mylibs.checkEnv "NIXOPS_MYSQL_PAM_PASSWORD";