Add certificate creation and handling to websites

[perso/Immae/Config/Nix.git] / nixops / modules / websites / connexionswing / default.nix

diff --git a/nixops/modules/websites/connexionswing/default.nix b/nixops/modules/websites/connexionswing/default.nix
index 3643e190a19439c5a83a6ea51ed03e1149fdefd4..20c5166d53144a7b8d53a725a35c008cc7de55cd 100644 (file)
--- a/nixops/modules/websites/connexionswing/default.nix
+++ b/nixops/modules/websites/connexionswing/default.nix
@@ -25,15 +25,6 @@ in {
       secrets.keys = connexionswing_prod.keys;
       services.webstats.sites = [ { name = "connexionswing.com"; } ];
 
-      security.acme.certs."connexionswing" = config.services.myCertificates.certConfig // {
-        domain = "connexionswing.com";
-        extraDomains = {
-          "www.connexionswing.com" = null;
-          "sandetludo.com" = null;
-          "www.sandetludo.com" = null;
-        };
-      };
-
       services.myPhpfpm.preStart.connexionswing_prod = connexionswing_prod.phpFpm.preStart;
       services.myPhpfpm.serviceDependencies.connexionswing_prod = connexionswing_prod.phpFpm.serviceDeps;
       services.myPhpfpm.poolConfigs.connexionswing_prod = connexionswing_prod.phpFpm.pool;
@@ -45,16 +36,15 @@ in {
         '';
       services.websites.production.modules = connexionswing_prod.apache.modules;
       services.websites.production.vhostConfs.connexionswing = {
-        certName    = "connexionswing";
-        hosts       = ["connexionswing.com" "sandetludo.com" "www.connexionswing.com" "www.sandetludo.com" ];
-        root        = connexionswing_prod.apache.root;
-        extraConfig = [ connexionswing_prod.apache.vhostConf ];
+        certName     = "connexionswing";
+        certMainHost = "connexionswing.com";
+        hosts        = ["connexionswing.com" "sandetludo.com" "www.connexionswing.com" "www.sandetludo.com" ];
+        root         = connexionswing_prod.apache.root;
+        extraConfig  = [ connexionswing_prod.apache.vhostConf ];
       };
     })
     (lib.mkIf cfg.integration.enable {
       secrets.keys = connexionswing_dev.keys;
-      security.acme.certs."eldiron".extraDomains."sandetludo.immae.eu" = null;
-      security.acme.certs."eldiron".extraDomains."connexionswing.immae.eu" = null;
       services.myPhpfpm.preStart.connexionswing_dev = connexionswing_dev.phpFpm.preStart;
       services.myPhpfpm.serviceDependencies.connexionswing_dev = connexionswing_dev.phpFpm.serviceDeps;
       services.myPhpfpm.poolConfigs.connexionswing_dev = connexionswing_dev.phpFpm.pool;
@@ -67,6 +57,7 @@ in {
       services.websites.integration.modules = connexionswing_dev.apache.modules;
       services.websites.integration.vhostConfs.connexionswing = {
         certName    = "eldiron";
+        addToCerts  = true;
         hosts       = ["connexionswing.immae.eu" "sandetludo.immae.eu" ];
         root        = connexionswing_dev.apache.root;
         extraConfig = [ connexionswing_dev.apache.vhostConf ];