Fix acme challenge folders

[perso/Immae/Config/Nix.git] / modules / private / monitoring / status.nix

diff --git a/modules/private/monitoring/status.nix b/modules/private/monitoring/status.nix
index ed4d6812857eca914ef7d6213fe8185cd164525d..e0bc0e1c29611954c3fe00949575dbb481a7b693 100644 (file)
--- a/modules/private/monitoring/status.nix
+++ b/modules/private/monitoring/status.nix
@@ -29,15 +29,20 @@
       recommendedGzipSettings = true;
       recommendedProxySettings = true;
       virtualHosts."status.immae.eu" = {
+        acmeRoot = config.security.acme.certs."${name}".webroot;
         useACMEHost = name;
         forceSSL = true;
         locations."/".proxyPass = "http://unix:/run/naemon-status/socket.sock:/";
       };
     };
-    security.acme.certs."${name}".extraDomains."status.immae.eu" = null;
+    security.acme.certs."${name}" = {
+      extraDomains."status.immae.eu" = null;
+      user = config.services.nginx.user;
+      group = config.services.nginx.group;
+    };
 
     myServices.certificates.enable = true;
-    networking.firewall.allowedTCPPorts = [ 80 443 18000 ];
+    networking.firewall.allowedTCPPorts = [ 80 443 ];
     systemd.services.naemon-status = {
       description = "Naemon status";
       after = [ "network.target" ];