diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2020-01-15 20:41:19 +0100 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2020-01-15 20:41:19 +0100 |
commit | 981fa80354fd6f00f49446777c38f77bd8a65f65 (patch) | |
tree | 878a24e3daa325cfec75b1a413e5144829558d38 /modules/private/databases/postgresql.nix | |
parent | 258441019881c451686dbe537069228cc8e49612 (diff) | |
download | Nix-981fa80354fd6f00f49446777c38f77bd8a65f65.tar.gz Nix-981fa80354fd6f00f49446777c38f77bd8a65f65.tar.zst Nix-981fa80354fd6f00f49446777c38f77bd8a65f65.zip |
Upgrade acme bot
Diffstat (limited to 'modules/private/databases/postgresql.nix')
-rw-r--r-- | modules/private/databases/postgresql.nix | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/modules/private/databases/postgresql.nix b/modules/private/databases/postgresql.nix index 3dcd311..27ea59c 100644 --- a/modules/private/databases/postgresql.nix +++ b/modules/private/databases/postgresql.nix | |||
@@ -107,10 +107,10 @@ in { | |||
107 | config = lib.mkIf cfg.enable { | 107 | config = lib.mkIf cfg.enable { |
108 | networking.firewall.allowedTCPPorts = [ 5432 ]; | 108 | networking.firewall.allowedTCPPorts = [ 5432 ]; |
109 | 109 | ||
110 | security.acme.certs."postgresql" = config.myServices.databasesCerts // { | 110 | security.acme2.certs."postgresql" = config.myServices.databasesCerts // { |
111 | user = "postgres"; | 111 | user = "postgres"; |
112 | group = "postgres"; | 112 | group = "postgres"; |
113 | plugins = [ "fullchain.pem" "key.pem" "account_key.json" ]; | 113 | plugins = [ "fullchain.pem" "key.pem" "account_key.json" "account_reg.json" ]; |
114 | domain = "db-1.immae.eu"; | 114 | domain = "db-1.immae.eu"; |
115 | postRun = '' | 115 | postRun = '' |
116 | systemctl reload postgresql.service | 116 | systemctl reload postgresql.service |
@@ -165,8 +165,8 @@ in { | |||
165 | # makes it order of magnitudes quicker | 165 | # makes it order of magnitudes quicker |
166 | synchronous_commit = off | 166 | synchronous_commit = off |
167 | ssl = on | 167 | ssl = on |
168 | ssl_cert_file = '${config.security.acme.directory}/postgresql/fullchain.pem' | 168 | ssl_cert_file = '${config.security.acme2.certs.postgresql.directory}/fullchain.pem' |
169 | ssl_key_file = '${config.security.acme.directory}/postgresql/key.pem' | 169 | ssl_key_file = '${config.security.acme2.certs.postgresql.directory}/key.pem' |
170 | ''; | 170 | ''; |
171 | authentication = let | 171 | authentication = let |
172 | hosts = builtins.concatStringsSep "\n" ( | 172 | hosts = builtins.concatStringsSep "\n" ( |