aboutsummaryrefslogtreecommitdiff
path: root/modules/private/databases/openldap
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2020-01-15 20:41:19 +0100
committerIsmaël Bouya <ismael.bouya@normalesup.org>2020-01-15 20:41:19 +0100
commit981fa80354fd6f00f49446777c38f77bd8a65f65 (patch)
tree878a24e3daa325cfec75b1a413e5144829558d38 /modules/private/databases/openldap
parent258441019881c451686dbe537069228cc8e49612 (diff)
downloadNix-981fa80354fd6f00f49446777c38f77bd8a65f65.tar.gz
Nix-981fa80354fd6f00f49446777c38f77bd8a65f65.tar.zst
Nix-981fa80354fd6f00f49446777c38f77bd8a65f65.zip
Upgrade acme bot
Diffstat (limited to 'modules/private/databases/openldap')
-rw-r--r--modules/private/databases/openldap/default.nix10
1 files changed, 5 insertions, 5 deletions
diff --git a/modules/private/databases/openldap/default.nix b/modules/private/databases/openldap/default.nix
index 22f6f7b..d7d61db 100644
--- a/modules/private/databases/openldap/default.nix
+++ b/modules/private/databases/openldap/default.nix
@@ -24,9 +24,9 @@ let
24 overlay syncprov 24 overlay syncprov
25 syncprov-checkpoint 100 10 25 syncprov-checkpoint 100 10
26 26
27 TLSCertificateFile ${config.security.acme.directory}/ldap/cert.pem 27 TLSCertificateFile ${config.security.acme2.certs.ldap.directory}/cert.pem
28 TLSCertificateKeyFile ${config.security.acme.directory}/ldap/key.pem 28 TLSCertificateKeyFile ${config.security.acme2.certs.ldap.directory}/key.pem
29 TLSCACertificateFile ${config.security.acme.directory}/ldap/fullchain.pem 29 TLSCACertificateFile ${config.security.acme2.certs.ldap.directory}/fullchain.pem
30 TLSCACertificatePath ${pkgs.cacert.unbundled}/etc/ssl/certs/ 30 TLSCACertificatePath ${pkgs.cacert.unbundled}/etc/ssl/certs/
31 #This makes openldap crash 31 #This makes openldap crash
32 #TLSCipherSuite DEFAULT 32 #TLSCipherSuite DEFAULT
@@ -117,10 +117,10 @@ in
117 users.users.openldap.extraGroups = [ "keys" ]; 117 users.users.openldap.extraGroups = [ "keys" ];
118 networking.firewall.allowedTCPPorts = [ 636 389 ]; 118 networking.firewall.allowedTCPPorts = [ 636 389 ];
119 119
120 security.acme.certs."ldap" = config.myServices.databasesCerts // { 120 security.acme2.certs."ldap" = config.myServices.databasesCerts // {
121 user = "openldap"; 121 user = "openldap";
122 group = "openldap"; 122 group = "openldap";
123 plugins = [ "fullchain.pem" "key.pem" "cert.pem" "account_key.json" ]; 123 plugins = [ "fullchain.pem" "key.pem" "cert.pem" "account_key.json" "account_reg.json" ];
124 domain = "ldap.immae.eu"; 124 domain = "ldap.immae.eu";
125 postRun = '' 125 postRun = ''
126 systemctl restart openldap.service 126 systemctl restart openldap.service