Upgrade acme bot

[perso/Immae/Config/Nix.git] / modules / private / databases / openldap / default.nix

diff --git a/modules/private/databases/openldap/default.nix b/modules/private/databases/openldap/default.nix
index 22f6f7b3de3b8b5d9223b6034b3a203c32cc6a1d..d7d61db1f696598fd71a86d87e341e98ff0ca477 100644 (file)
--- a/modules/private/databases/openldap/default.nix
+++ b/modules/private/databases/openldap/default.nix
@@ -24,9 +24,9 @@ let
     overlay         syncprov
     syncprov-checkpoint 100 10
 
-    TLSCertificateFile    ${config.security.acme.directory}/ldap/cert.pem
-    TLSCertificateKeyFile ${config.security.acme.directory}/ldap/key.pem
-    TLSCACertificateFile  ${config.security.acme.directory}/ldap/fullchain.pem
+    TLSCertificateFile    ${config.security.acme2.certs.ldap.directory}/cert.pem
+    TLSCertificateKeyFile ${config.security.acme2.certs.ldap.directory}/key.pem
+    TLSCACertificateFile  ${config.security.acme2.certs.ldap.directory}/fullchain.pem
     TLSCACertificatePath  ${pkgs.cacert.unbundled}/etc/ssl/certs/
     #This makes openldap crash
     #TLSCipherSuite        DEFAULT
@@ -117,10 +117,10 @@ in
     users.users.openldap.extraGroups = [ "keys" ];
     networking.firewall.allowedTCPPorts = [ 636 389 ];
 
-    security.acme.certs."ldap" = config.myServices.databasesCerts // {
+    security.acme2.certs."ldap" = config.myServices.databasesCerts // {
       user = "openldap";
       group = "openldap";
-      plugins = [ "fullchain.pem" "key.pem" "cert.pem" "account_key.json" ];
+      plugins = [ "fullchain.pem" "key.pem" "cert.pem" "account_key.json" "account_reg.json" ];
       domain = "ldap.immae.eu";
       postRun = ''
         systemctl restart openldap.service