Use acme directory config rather than hardcoding the value

[perso/Immae/Config/Nix.git] / modules / private / databases / openldap / default.nix

diff --git a/modules/private/databases/openldap/default.nix b/modules/private/databases/openldap/default.nix
index 850f3ff3fbdbc1cd0f4acab3d34e3ddad12ea70c..46f85d26f0ca6f1da3358690ee5eee78334e97cb 100644 (file)
--- a/modules/private/databases/openldap/default.nix
+++ b/modules/private/databases/openldap/default.nix
@@ -33,9 +33,9 @@ let
     directory       ${cfg.dataDir}
     overlay         memberof
 
-    TLSCertificateFile    /var/lib/acme/ldap/cert.pem
-    TLSCertificateKeyFile /var/lib/acme/ldap/key.pem
-    TLSCACertificateFile  /var/lib/acme/ldap/fullchain.pem
+    TLSCertificateFile    ${config.security.acme.directory}/ldap/cert.pem
+    TLSCertificateKeyFile ${config.security.acme.directory}/ldap/key.pem
+    TLSCACertificateFile  ${config.security.acme.directory}/ldap/fullchain.pem
     TLSCACertificatePath  ${pkgs.cacert.unbundled}/etc/ssl/certs/
     #This makes openldap crash
     #TLSCipherSuite        DEFAULT