X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FConfig%2FNix%2FNUR.git;a=blobdiff_plain;f=modules%2Fwebsites%2Fdefault.nix;h=e69080e9dc2ae14c43f785796c8379468e5aeb9c;hp=6ba0d687d2069c38b08a8df81c0b087914a1edb4;hb=0540384561541f94435ad0f6e268e6989fb1d37a;hpb=13cf2ab3521b5abeea0ee723d4657d667c666f32

diff --git a/modules/websites/default.nix b/modules/websites/default.nix
index 6ba0d687..e69080e9 100644
--- a/modules/websites/default.nix
+++ b/modules/websites/default.nix
@@ -149,7 +149,7 @@ in
       serverAliases = [ "*" ];
       enableSSL = false;
       logFormat = "combinedVhost";
-      documentRoot = "${config.security.acme.directory}/acme-challenge";
+      documentRoot = "/var/lib/acme/acme-challenge";
       extraConfig = ''
         RewriteEngine on
         RewriteCond "%{REQUEST_URI}"   "!^/\.well-known"
@@ -178,9 +178,9 @@ in
     };
     toVhost = ips: vhostConf: {
       enableSSL = true;
-      sslServerCert = "${config.security.acme.directory}/${vhostConf.certName}/cert.pem";
-      sslServerKey = "${config.security.acme.directory}/${vhostConf.certName}/key.pem";
-      sslServerChain = "${config.security.acme.directory}/${vhostConf.certName}/chain.pem";
+      sslServerCert = "${config.security.acme2.certs."${vhostConf.certName}".directory}/cert.pem";
+      sslServerKey = "${config.security.acme2.certs."${vhostConf.certName}".directory}/key.pem";
+      sslServerChain = "${config.security.acme2.certs."${vhostConf.certName}".directory}/chain.pem";
       logFormat = "combinedVhost";
       listen = map (ip: { inherit ip; port = 443; }) ips;
       hostName = builtins.head vhostConf.hosts;
@@ -223,7 +223,7 @@ in
     }
   ) cfg.env;
 
-  config.security.acme.certs = let
+  config.security.acme2.certs = let
     typesToManage = attrsets.filterAttrs (k: v: v.enable) cfg.env;
     flatVhosts = lists.flatten (attrsets.mapAttrsToList (k: v:
       attrValues v.vhostConfs