Use acme directory config rather than hardcoding the value

[perso/Immae/Config/Nix.git] / nixops / modules / task / default.nix

diff --git a/nixops/modules/task/default.nix b/nixops/modules/task/default.nix
index feb3be81977a5fb6a00a118876dcc1ec09fc07d3..e1c933f3e435dd4cc36bdaf6b574f1daff14136d 100644 (file)
--- a/nixops/modules/task/default.nix
+++ b/nixops/modules/task/default.nix
@@ -101,10 +101,10 @@ in {
           SetEnv TASKD_LDAP_FILTER   "${env.ldap.search}"
         '';
     }];
-    security.acme.certs."eldiron".extraDomains.${fqdn} = null;
     services.websites.tools.modules = [ "proxy_fcgi" "sed" ];
     services.websites.tools.vhostConfs.task = {
       certName    = "eldiron";
+      addToCerts  = true;
       hosts       = [ "task.immae.eu" ];
       root        = "/run/current-system/webapps/_task";
       extraConfig = [ ''
@@ -236,9 +236,9 @@ in {
       inherit fqdn;
       listenHost = "::";
       pki.manual.ca.cert = "${server_vardir}/keys/ca.cert";
-      pki.manual.server.cert = "/var/lib/acme/task/fullchain.pem";
-      pki.manual.server.crl = "/var/lib/acme/task/invalid.crl";
-      pki.manual.server.key = "/var/lib/acme/task/key.pem";
+      pki.manual.server.cert = "${config.security.acme.directory}/task/fullchain.pem";
+      pki.manual.server.crl = "${config.security.acme.directory}/task/invalid.crl";
+      pki.manual.server.key = "${config.security.acme.directory}/task/key.pem";
       requestLimit = 104857600;
     };