Add certificate creation and handling to websites

[perso/Immae/Config/Nix.git] / nixops / modules / websites / ludivine / default.nix
diff --git a/nixops/modules/websites/ludivine/default.nix b/nixops/modules/websites/ludivine/default.nix

index 69c572036c6bd3c195479a3739556f7abf8e495c..70d5199f28d92cf700be1d2924e2129d12ad03c6 100644 (file)
--- a/nixops/modules/websites/ludivine/default.nix
+++ b/nixops/modules/websites/ludivine/default.nix
@@ -1,11 +1,11 @@
  { lib, pkgs, config, myconfig,  ... }:
  let
      ludivinecassal_dev  = pkgs.callPackage ./ludivinecassal.nix {
-      inherit (pkgs.private.webapps) ludivinecassal;
+      inherit (pkgs.webapps) ludivinecassal;
        config = myconfig.env.websites.ludivinecassal.integration;
      };
      ludivinecassal_prod = pkgs.callPackage ./ludivinecassal.nix {
-      inherit (pkgs.private.webapps) ludivinecassal;
+      inherit (pkgs.webapps) ludivinecassal;
        config = myconfig.env.websites.ludivinecassal.production;
      };
  
@@ -25,13 +25,6 @@ in {
        secrets.keys = ludivinecassal_prod.keys;
        services.webstats.sites = [ { name = "ludivinecassal.com"; } ];
  
-      security.acme.certs."ludivinecassal" = config.services.myCertificates.certConfig // {
-        domain = "ludivinecassal.com";
-        extraDomains = {
-          "www.ludivinecassal.com" = null;
-        };
-      };
-
        services.myPhpfpm.preStart.ludivinecassal_prod = ludivinecassal_prod.phpFpm.preStart;
        services.myPhpfpm.serviceDependencies.ludivinecassal_prod = ludivinecassal_prod.phpFpm.serviceDeps;
        services.myPhpfpm.poolConfigs.ludivinecassal_prod = ludivinecassal_prod.phpFpm.pool;
@@ -40,17 +33,17 @@ in {
          mkdir -p $out/webapps
          ln -s ${ludivinecassal_prod.app.webRoot} $out/webapps/${ludivinecassal_prod.apache.webappName}
          '';
-      services.myWebsites.production.modules = ludivinecassal_prod.apache.modules;
-      services.myWebsites.production.vhostConfs.ludivine = {
-        certName    = "ludivinecassal";
-        hosts       = ["ludivinecassal.com" "www.ludivinecassal.com" ];
-        root        = ludivinecassal_prod.apache.root;
-        extraConfig = [ ludivinecassal_prod.apache.vhostConf ];
+      services.websites.production.modules = ludivinecassal_prod.apache.modules;
+      services.websites.production.vhostConfs.ludivine = {
+        certName     = "ludivinecassal";
+        certMainHost = "ludivinecassal.com";
+        hosts        = ["ludivinecassal.com" "www.ludivinecassal.com" ];
+        root         = ludivinecassal_prod.apache.root;
+        extraConfig  = [ ludivinecassal_prod.apache.vhostConf ];
        };
      })
      (lib.mkIf cfg.integration.enable {
        secrets.keys = ludivinecassal_dev.keys;
-      security.acme.certs."eldiron".extraDomains."ludivine.immae.eu" = null;
  
        services.myPhpfpm.preStart.ludivinecassal_dev = ludivinecassal_dev.phpFpm.preStart;
        services.myPhpfpm.serviceDependencies.ludivinecassal_dev = ludivinecassal_dev.phpFpm.serviceDeps;
@@ -60,10 +53,10 @@ in {
          mkdir -p $out/webapps
          ln -s ${ludivinecassal_dev.app.webRoot} $out/webapps/${ludivinecassal_dev.apache.webappName}
          '';
-      services.myWebsites.apacheConfig.ludivinecassal_dev.modules = ludivinecassal_dev.apache.modules;
-      services.myWebsites.integration.modules = ludivinecassal_dev.apache.modules;
-      services.myWebsites.integration.vhostConfs.ludivine = {
+      services.websites.integration.modules = ludivinecassal_dev.apache.modules;
+      services.websites.integration.vhostConfs.ludivine = {
          certName    = "eldiron";
+        addToCerts  = true;
          hosts       = [ "ludivine.immae.eu" ];
          root        = ludivinecassal_dev.apache.root;
          extraConfig = [ ludivinecassal_dev.apache.vhostConf ];