Upgrade acme bot

[perso/Immae/Config/Nix.git] / modules / private / tasks / default.nix

diff --git a/modules/private/tasks/default.nix b/modules/private/tasks/default.nix
index c4f065b20f33be7d14ed5a6b420387b3cf187d81..c0cc87bc353000c2f05d2d49ac267d7517014677 100644 (file)
--- a/modules/private/tasks/default.nix
+++ b/modules/private/tasks/default.nix
@@ -192,9 +192,9 @@ in {
 
     myServices.websites.webappDirs._task = ./www;
 
-    security.acme.certs."task" = config.myServices.certificates.certConfig // {
+    security.acme2.certs."task" = config.myServices.certificates.certConfig // {
       inherit user group;
-      plugins = [ "fullchain.pem" "key.pem" "cert.pem" "account_key.json" ];
+      plugins = [ "fullchain.pem" "key.pem" "cert.pem" "account_key.json" "account_reg.json" ];
       domain = fqdn;
       postRun = ''
         systemctl restart taskserver.service
@@ -244,9 +244,9 @@ in {
       inherit fqdn;
       listenHost = "::";
       pki.manual.ca.cert = "${server_vardir}/keys/ca.cert";
-      pki.manual.server.cert = "${config.security.acme.directory}/task/fullchain.pem";
-      pki.manual.server.crl = "${config.security.acme.directory}/task/invalid.crl";
-      pki.manual.server.key = "${config.security.acme.directory}/task/key.pem";
+      pki.manual.server.cert = "${config.security.acme2.certs.task.directory}/fullchain.pem";
+      pki.manual.server.crl = "${config.security.acme2.certs.task.directory}/invalid.crl";
+      pki.manual.server.key = "${config.security.acme2.certs.task.directory}/key.pem";
       requestLimit = 104857600;
     };