Use acme directory config rather than hardcoding the value

[perso/Immae/Config/Nix.git] / modules / websites / default.nix

diff --git a/modules/websites/default.nix b/modules/websites/default.nix
index b76aeead489cea4b2810c9f2537637489c835506..e57f505a86fae43fc3b523c5f9210db6b82a7895 100644 (file)
--- a/modules/websites/default.nix
+++ b/modules/websites/default.nix
@@ -102,7 +102,7 @@ in
       serverAliases = [ "*" ];
       enableSSL = false;
       logFormat = "combinedVhost";
-      documentRoot = "/var/lib/acme/acme-challenge";
+      documentRoot = "${config.security.acme.directory}/acme-challenge";
       extraConfig = ''
         RewriteEngine on
         RewriteCond "%{REQUEST_URI}"   "!^/\.well-known"
@@ -131,9 +131,9 @@ in
     };
     toVhost = ips: vhostConf: {
       enableSSL = true;
-      sslServerCert = "/var/lib/acme/${vhostConf.certName}/cert.pem";
-      sslServerKey = "/var/lib/acme/${vhostConf.certName}/key.pem";
-      sslServerChain = "/var/lib/acme/${vhostConf.certName}/chain.pem";
+      sslServerCert = "${config.security.acme.directory}/${vhostConf.certName}/cert.pem";
+      sslServerKey = "${config.security.acme.directory}/${vhostConf.certName}/key.pem";
+      sslServerChain = "${config.security.acme.directory}/${vhostConf.certName}/chain.pem";
       logFormat = "combinedVhost";
       listen = map (ip: { inherit ip; port = 443; }) ips;
       hostName = builtins.head vhostConf.hosts;