X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FConfig%2FNix.git;a=blobdiff_plain;f=modules%2Fprivate%2Fcertificates.nix;h=bbe4c3bbf1c093510aed37622d30aa149ab3729b;hp=c564d34f17832d784875ef60ea0950b9e23a4198;hb=f5761aac8dbfb4af91c232f2b52d1353c899abda;hpb=dcac3ec730176549cd52a9a42db2001dc652c30d

diff --git a/modules/private/certificates.nix b/modules/private/certificates.nix
index c564d34..bbe4c3b 100644
--- a/modules/private/certificates.nix
+++ b/modules/private/certificates.nix
@@ -12,6 +12,7 @@
           (lib.optionalString config.services.httpd.Inte.enable "systemctl reload httpdInte.service")
           (lib.optionalString config.services.nginx.enable "systemctl reload nginx.service")
         ];
+        extraLegoRenewFlags = [ "--reuse-key" ];
       };
       description = "Default configuration for certificates";
     };
@@ -77,7 +78,7 @@
         # https://github.com/NixOS/nixpkgs/issues/84633
         serviceConfig.RemainAfterExit = lib.mkForce false;
         serviceConfig.WorkingDirectory = lib.mkForce "/var/lib/acme/${k}/.lego";
-        serviceConfig.StateDirectory = lib.mkForce "acme/${k}/.lego acme/${k}";
+        serviceConfig.StateDirectory = lib.mkForce "acme/${k}/.lego acme/${k} acme/.lego/${k} acme/.lego/accounts";
         serviceConfig.ExecStartPost =
           let
             keyName = builtins.replaceStrings ["*"] ["_"] data.domain;