Fix acme challenge folders

1 files changed, 9 insertions, 3 deletions

diff --git a/modules/private/certificates.nix b/modules/private/certificates.nix
index 82ff52f..c68bbee 100644
--- a/modules/private/certificates.nix
+++ b/modules/private/certificates.nix
@@ -4,7 +4,7 @@
     enable = lib.mkEnableOption "enable certificates";
     certConfig = lib.mkOption {
       default = {
-        webroot = "/var/lib/acme/acme-challenge";
+        webroot = "/var/lib/acme/acme-challenges";
         email = "ismael@bouya.org";
         postRun = builtins.concatStringsSep "\n" [
           (lib.optionalString config.services.httpd.Prod.enable "systemctl reload httpdProd.service")
@@ -19,11 +19,17 @@
 
   config = lib.mkIf config.myServices.certificates.enable {
     services.duplyBackup.profiles.system.excludeFile = ''
-      + /var/lib/acme/acme-challenge
+      + /var/lib/acme/acme-challenges
       '';
     services.nginx = {
       recommendedTlsSettings = true;
-      virtualHosts = { "${config.hostEnv.fqdn}" = { useACMEHost = name; forceSSL = true; }; };
+      virtualHosts = {
+        "${config.hostEnv.fqdn}" = {
+          acmeRoot = config.security.acme.certs."${name}".webroot;
+          useACMEHost = name;
+          forceSSL = true;
+        };
+      };
     };
     services.websites.certs = config.myServices.certificates.certConfig;
     myServices.databasesCerts = config.myServices.certificates.certConfig;