aboutsummaryrefslogtreecommitdiff
path: root/modules/private
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2020-01-15 20:41:19 +0100
committerIsmaël Bouya <ismael.bouya@normalesup.org>2020-01-15 20:41:19 +0100
commit981fa80354fd6f00f49446777c38f77bd8a65f65 (patch)
tree878a24e3daa325cfec75b1a413e5144829558d38 /modules/private
parent258441019881c451686dbe537069228cc8e49612 (diff)
downloadNix-981fa80354fd6f00f49446777c38f77bd8a65f65.tar.gz
Nix-981fa80354fd6f00f49446777c38f77bd8a65f65.tar.zst
Nix-981fa80354fd6f00f49446777c38f77bd8a65f65.zip
Upgrade acme bot
Diffstat (limited to 'modules/private')
-rw-r--r--modules/private/certificates.nix24
-rw-r--r--modules/private/databases/mariadb.nix8
-rw-r--r--modules/private/databases/openldap/default.nix10
-rw-r--r--modules/private/databases/postgresql.nix8
-rw-r--r--modules/private/ejabberd/default.nix6
-rw-r--r--modules/private/ftp.nix4
-rw-r--r--modules/private/irc.nix4
-rw-r--r--modules/private/mail/default.nix2
-rw-r--r--modules/private/mail/dovecot.nix2
-rw-r--r--modules/private/mail/postfix.nix2
-rw-r--r--modules/private/mail/relay.nix2
-rw-r--r--modules/private/monitoring/status.nix2
-rw-r--r--modules/private/tasks/default.nix10
-rw-r--r--modules/private/websites/default.nix2
-rw-r--r--modules/private/websites/florian/integration.nix2
-rw-r--r--modules/private/websites/florian/production.nix2
-rw-r--r--modules/private/websites/nassime/production.nix2
-rw-r--r--modules/private/websites/naturaloutil/production.nix2
-rw-r--r--modules/private/websites/papa/surveillance.nix2
-rw-r--r--modules/private/websites/teliotortay/production.nix2
20 files changed, 49 insertions, 49 deletions
diff --git a/modules/private/certificates.nix b/modules/private/certificates.nix
index 2d24579..f057200 100644
--- a/modules/private/certificates.nix
+++ b/modules/private/certificates.nix
@@ -4,7 +4,7 @@
4 enable = lib.mkEnableOption "enable certificates"; 4 enable = lib.mkEnableOption "enable certificates";
5 certConfig = lib.mkOption { 5 certConfig = lib.mkOption {
6 default = { 6 default = {
7 webroot = "${config.security.acme.directory}/acme-challenge"; 7 webroot = "/var/lib/acme/acme-challenge";
8 email = "ismael@bouya.org"; 8 email = "ismael@bouya.org";
9 postRun = builtins.concatStringsSep "\n" [ 9 postRun = builtins.concatStringsSep "\n" [
10 (lib.optionalString config.services.httpd.Prod.enable "systemctl reload httpdProd.service") 10 (lib.optionalString config.services.httpd.Prod.enable "systemctl reload httpdProd.service")
@@ -12,7 +12,7 @@
12 (lib.optionalString config.services.httpd.Inte.enable "systemctl reload httpdInte.service") 12 (lib.optionalString config.services.httpd.Inte.enable "systemctl reload httpdInte.service")
13 (lib.optionalString config.services.nginx.enable "systemctl reload nginx.service") 13 (lib.optionalString config.services.nginx.enable "systemctl reload nginx.service")
14 ]; 14 ];
15 plugins = [ "cert.pem" "chain.pem" "fullchain.pem" "full.pem" "key.pem" "account_key.json" ]; 15 plugins = [ "cert.pem" "chain.pem" "fullchain.pem" "full.pem" "key.pem" "account_key.json" "account_reg.json"];
16 }; 16 };
17 description = "Default configuration for certificates"; 17 description = "Default configuration for certificates";
18 }; 18 };
@@ -20,7 +20,7 @@
20 20
21 config = lib.mkIf config.myServices.certificates.enable { 21 config = lib.mkIf config.myServices.certificates.enable {
22 services.duplyBackup.profiles.system.excludeFile = '' 22 services.duplyBackup.profiles.system.excludeFile = ''
23 + ${config.security.acme.directory} 23 + /var/lib/acme/acme-challenge
24 ''; 24 '';
25 services.nginx = { 25 services.nginx = {
26 recommendedTlsSettings = true; 26 recommendedTlsSettings = true;
@@ -30,9 +30,9 @@
30 myServices.databasesCerts = config.myServices.certificates.certConfig; 30 myServices.databasesCerts = config.myServices.certificates.certConfig;
31 myServices.ircCerts = config.myServices.certificates.certConfig; 31 myServices.ircCerts = config.myServices.certificates.certConfig;
32 32
33 security.acme.preliminarySelfsigned = true; 33 security.acme2.preliminarySelfsigned = true;
34 34
35 security.acme.certs = { 35 security.acme2.certs = {
36 "${name}" = config.myServices.certificates.certConfig // { 36 "${name}" = config.myServices.certificates.certConfig // {
37 domain = config.hostEnv.fqdn; 37 domain = config.hostEnv.fqdn;
38 }; 38 };
@@ -41,17 +41,17 @@
41 systemd.services = lib.attrsets.mapAttrs' (k: v: 41 systemd.services = lib.attrsets.mapAttrs' (k: v:
42 lib.attrsets.nameValuePair "acme-selfsigned-${k}" (lib.mkBefore { script = 42 lib.attrsets.nameValuePair "acme-selfsigned-${k}" (lib.mkBefore { script =
43 (lib.optionalString (builtins.elem "cert.pem" v.plugins) '' 43 (lib.optionalString (builtins.elem "cert.pem" v.plugins) ''
44 cp $workdir/server.crt ${config.security.acme.directory}/${k}/cert.pem 44 cp $workdir/server.crt ${config.security.acme2.certs."${k}".directory}/cert.pem
45 chown '${v.user}:${v.group}' ${config.security.acme.directory}/${k}/cert.pem 45 chown '${v.user}:${v.group}' ${config.security.acme2.certs."${k}".directory}/cert.pem
46 chmod ${if v.allowKeysForGroup then "750" else "700"} ${config.security.acme.directory}/${k}/cert.pem 46 chmod ${if v.allowKeysForGroup then "750" else "700"} ${config.security.acme2.certs."${k}".directory}/cert.pem
47 '') + 47 '') +
48 (lib.optionalString (builtins.elem "chain.pem" v.plugins) '' 48 (lib.optionalString (builtins.elem "chain.pem" v.plugins) ''
49 cp $workdir/ca.crt ${config.security.acme.directory}/${k}/chain.pem 49 cp $workdir/ca.crt ${config.security.acme2.certs."${k}".directory}/chain.pem
50 chown '${v.user}:${v.group}' ${config.security.acme.directory}/${k}/chain.pem 50 chown '${v.user}:${v.group}' ${config.security.acme2.certs."${k}".directory}/chain.pem
51 chmod ${if v.allowKeysForGroup then "750" else "700"} ${config.security.acme.directory}/${k}/chain.pem 51 chmod ${if v.allowKeysForGroup then "750" else "700"} ${config.security.acme2.certs."${k}".directory}/chain.pem
52 '') 52 '')
53 ; }) 53 ; })
54 ) config.security.acme.certs // { 54 ) config.security.acme2.certs // {
55 httpdProd = lib.mkIf config.services.httpd.Prod.enable 55 httpdProd = lib.mkIf config.services.httpd.Prod.enable
56 { after = [ "acme-selfsigned-certificates.target" ]; wants = [ "acme-selfsigned-certificates.target" ]; }; 56 { after = [ "acme-selfsigned-certificates.target" ]; wants = [ "acme-selfsigned-certificates.target" ]; };
57 httpdTools = lib.mkIf config.services.httpd.Tools.enable 57 httpdTools = lib.mkIf config.services.httpd.Tools.enable
diff --git a/modules/private/databases/mariadb.nix b/modules/private/databases/mariadb.nix
index 3359064..ed647ea 100644
--- a/modules/private/databases/mariadb.nix
+++ b/modules/private/databases/mariadb.nix
@@ -96,8 +96,8 @@ in {
96 dataDir = cfg.dataDir; 96 dataDir = cfg.dataDir;
97 extraOptions = '' 97 extraOptions = ''
98 ssl_ca = ${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt 98 ssl_ca = ${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
99 ssl_key = ${config.security.acme.directory}/mysql/key.pem 99 ssl_key = ${config.security.acme2.certs.mysql.directory}/key.pem
100 ssl_cert = ${config.security.acme.directory}/mysql/fullchain.pem 100 ssl_cert = ${config.security.acme2.certs.mysql.directory}/fullchain.pem
101 101
102 # for replication 102 # for replication
103 log-bin=mariadb-bin 103 log-bin=mariadb-bin
@@ -110,10 +110,10 @@ in {
110 }; 110 };
111 111
112 users.users.mysql.extraGroups = [ "keys" ]; 112 users.users.mysql.extraGroups = [ "keys" ];
113 security.acme.certs."mysql" = config.myServices.databasesCerts // { 113 security.acme2.certs."mysql" = config.myServices.databasesCerts // {
114 user = "mysql"; 114 user = "mysql";
115 group = "mysql"; 115 group = "mysql";
116 plugins = [ "fullchain.pem" "key.pem" "account_key.json" ]; 116 plugins = [ "fullchain.pem" "key.pem" "account_key.json" "account_reg.json" ];
117 domain = "db-1.immae.eu"; 117 domain = "db-1.immae.eu";
118 postRun = '' 118 postRun = ''
119 systemctl restart mysql.service 119 systemctl restart mysql.service
diff --git a/modules/private/databases/openldap/default.nix b/modules/private/databases/openldap/default.nix
index 22f6f7b..d7d61db 100644
--- a/modules/private/databases/openldap/default.nix
+++ b/modules/private/databases/openldap/default.nix
@@ -24,9 +24,9 @@ let
24 overlay syncprov 24 overlay syncprov
25 syncprov-checkpoint 100 10 25 syncprov-checkpoint 100 10
26 26
27 TLSCertificateFile ${config.security.acme.directory}/ldap/cert.pem 27 TLSCertificateFile ${config.security.acme2.certs.ldap.directory}/cert.pem
28 TLSCertificateKeyFile ${config.security.acme.directory}/ldap/key.pem 28 TLSCertificateKeyFile ${config.security.acme2.certs.ldap.directory}/key.pem
29 TLSCACertificateFile ${config.security.acme.directory}/ldap/fullchain.pem 29 TLSCACertificateFile ${config.security.acme2.certs.ldap.directory}/fullchain.pem
30 TLSCACertificatePath ${pkgs.cacert.unbundled}/etc/ssl/certs/ 30 TLSCACertificatePath ${pkgs.cacert.unbundled}/etc/ssl/certs/
31 #This makes openldap crash 31 #This makes openldap crash
32 #TLSCipherSuite DEFAULT 32 #TLSCipherSuite DEFAULT
@@ -117,10 +117,10 @@ in
117 users.users.openldap.extraGroups = [ "keys" ]; 117 users.users.openldap.extraGroups = [ "keys" ];
118 networking.firewall.allowedTCPPorts = [ 636 389 ]; 118 networking.firewall.allowedTCPPorts = [ 636 389 ];
119 119
120 security.acme.certs."ldap" = config.myServices.databasesCerts // { 120 security.acme2.certs."ldap" = config.myServices.databasesCerts // {
121 user = "openldap"; 121 user = "openldap";
122 group = "openldap"; 122 group = "openldap";
123 plugins = [ "fullchain.pem" "key.pem" "cert.pem" "account_key.json" ]; 123 plugins = [ "fullchain.pem" "key.pem" "cert.pem" "account_key.json" "account_reg.json" ];
124 domain = "ldap.immae.eu"; 124 domain = "ldap.immae.eu";
125 postRun = '' 125 postRun = ''
126 systemctl restart openldap.service 126 systemctl restart openldap.service
diff --git a/modules/private/databases/postgresql.nix b/modules/private/databases/postgresql.nix
index 3dcd311..27ea59c 100644
--- a/modules/private/databases/postgresql.nix
+++ b/modules/private/databases/postgresql.nix
@@ -107,10 +107,10 @@ in {
107 config = lib.mkIf cfg.enable { 107 config = lib.mkIf cfg.enable {
108 networking.firewall.allowedTCPPorts = [ 5432 ]; 108 networking.firewall.allowedTCPPorts = [ 5432 ];
109 109
110 security.acme.certs."postgresql" = config.myServices.databasesCerts // { 110 security.acme2.certs."postgresql" = config.myServices.databasesCerts // {
111 user = "postgres"; 111 user = "postgres";
112 group = "postgres"; 112 group = "postgres";
113 plugins = [ "fullchain.pem" "key.pem" "account_key.json" ]; 113 plugins = [ "fullchain.pem" "key.pem" "account_key.json" "account_reg.json" ];
114 domain = "db-1.immae.eu"; 114 domain = "db-1.immae.eu";
115 postRun = '' 115 postRun = ''
116 systemctl reload postgresql.service 116 systemctl reload postgresql.service
@@ -165,8 +165,8 @@ in {
165 # makes it order of magnitudes quicker 165 # makes it order of magnitudes quicker
166 synchronous_commit = off 166 synchronous_commit = off
167 ssl = on 167 ssl = on
168 ssl_cert_file = '${config.security.acme.directory}/postgresql/fullchain.pem' 168 ssl_cert_file = '${config.security.acme2.certs.postgresql.directory}/fullchain.pem'
169 ssl_key_file = '${config.security.acme.directory}/postgresql/key.pem' 169 ssl_key_file = '${config.security.acme2.certs.postgresql.directory}/key.pem'
170 ''; 170 '';
171 authentication = let 171 authentication = let
172 hosts = builtins.concatStringsSep "\n" ( 172 hosts = builtins.concatStringsSep "\n" (
diff --git a/modules/private/ejabberd/default.nix b/modules/private/ejabberd/default.nix
index 5e717f4..3537c24 100644
--- a/modules/private/ejabberd/default.nix
+++ b/modules/private/ejabberd/default.nix
@@ -14,7 +14,7 @@ in
14 }; 14 };
15 15
16 config = lib.mkIf cfg.enable { 16 config = lib.mkIf cfg.enable {
17 security.acme.certs = { 17 security.acme2.certs = {
18 "ejabberd" = config.myServices.certificates.certConfig // { 18 "ejabberd" = config.myServices.certificates.certConfig // {
19 user = "ejabberd"; 19 user = "ejabberd";
20 group = "ejabberd"; 20 group = "ejabberd";
@@ -58,7 +58,7 @@ in
58 text = '' 58 text = ''
59 host_config: 59 host_config:
60 "immae.fr": 60 "immae.fr":
61 domain_certfile: "${config.security.acme.directory}/ejabberd/full.pem" 61 domain_certfile: "${config.security.acme2.certs.ejabberd.directory}/full.pem"
62 auth_method: [ldap] 62 auth_method: [ldap]
63 ldap_servers: ["${config.myEnv.jabber.ldap.host}"] 63 ldap_servers: ["${config.myEnv.jabber.ldap.host}"]
64 ldap_encrypt: tls 64 ldap_encrypt: tls
@@ -81,7 +81,7 @@ in
81 ERLANG_NODE=ejabberd@localhost 81 ERLANG_NODE=ejabberd@localhost
82 ''; 82 '';
83 configFile = pkgs.runCommand "ejabberd.yml" { 83 configFile = pkgs.runCommand "ejabberd.yml" {
84 certificatePrivateKeyAndFullChain = "${config.security.acme.directory}/ejabberd/full.pem"; 84 certificatePrivateKeyAndFullChain = "${config.security.acme2.certs.ejabberd.directory}/full.pem";
85 certificateCA = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; 85 certificateCA = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
86 sql_config_file = config.secrets.fullPaths."ejabberd/psql.yml"; 86 sql_config_file = config.secrets.fullPaths."ejabberd/psql.yml";
87 host_config_file = config.secrets.fullPaths."ejabberd/host.yml"; 87 host_config_file = config.secrets.fullPaths."ejabberd/host.yml";
diff --git a/modules/private/ftp.nix b/modules/private/ftp.nix
index e3c1f70..585fe63 100644
--- a/modules/private/ftp.nix
+++ b/modules/private/ftp.nix
@@ -17,7 +17,7 @@ in
17 services.duplyBackup.profiles.ftp = { 17 services.duplyBackup.profiles.ftp = {
18 rootDir = "/var/lib/ftp"; 18 rootDir = "/var/lib/ftp";
19 }; 19 };
20 security.acme.certs."ftp" = config.myServices.certificates.certConfig // { 20 security.acme2.certs."ftp" = config.myServices.certificates.certConfig // {
21 domain = "eldiron.immae.eu"; 21 domain = "eldiron.immae.eu";
22 postRun = '' 22 postRun = ''
23 systemctl restart pure-ftpd.service 23 systemctl restart pure-ftpd.service
@@ -113,7 +113,7 @@ in
113 MaxDiskUsage 99 113 MaxDiskUsage 99
114 CustomerProof yes 114 CustomerProof yes
115 TLS 1 115 TLS 1
116 CertFile ${config.security.acme.directory}/ftp/full.pem 116 CertFile ${config.security.acme2.certs.ftp.directory}/full.pem
117 ''; 117 '';
118 in { 118 in {
119 description = "Pure-FTPd server"; 119 description = "Pure-FTPd server";
diff --git a/modules/private/irc.nix b/modules/private/irc.nix
index 4e6eaab..1054b96 100644
--- a/modules/private/irc.nix
+++ b/modules/private/irc.nix
@@ -20,7 +20,7 @@ in
20 services.duplyBackup.profiles.irc = { 20 services.duplyBackup.profiles.irc = {
21 rootDir = "/var/lib/bitlbee"; 21 rootDir = "/var/lib/bitlbee";
22 }; 22 };
23 security.acme.certs."irc" = config.myServices.ircCerts // { 23 security.acme2.certs."irc" = config.myServices.ircCerts // {
24 domain = "irc.immae.eu"; 24 domain = "irc.immae.eu";
25 postRun = '' 25 postRun = ''
26 systemctl restart stunnel.service 26 systemctl restart stunnel.service
@@ -49,7 +49,7 @@ in
49 bitlbee = { 49 bitlbee = {
50 accept = 6697; 50 accept = 6697;
51 connect = 6667; 51 connect = 6667;
52 cert = "${config.security.acme.directory}/irc/full.pem"; 52 cert = "${config.security.acme2.certs.irc.directory}/full.pem";
53 }; 53 };
54 }; 54 };
55 }; 55 };
diff --git a/modules/private/mail/default.nix b/modules/private/mail/default.nix
index b50e346..1c64e15 100644
--- a/modules/private/mail/default.nix
+++ b/modules/private/mail/default.nix
@@ -13,7 +13,7 @@
13 options.myServices.mailBackup.enable = lib.mkEnableOption "enable MX backup services"; 13 options.myServices.mailBackup.enable = lib.mkEnableOption "enable MX backup services";
14 14
15 config = lib.mkIf config.myServices.mail.enable { 15 config = lib.mkIf config.myServices.mail.enable {
16 security.acme.certs."mail" = config.myServices.certificates.certConfig // { 16 security.acme2.certs."mail" = config.myServices.certificates.certConfig // {
17 domain = config.hostEnv.fqdn; 17 domain = config.hostEnv.fqdn;
18 extraDomains = let 18 extraDomains = let
19 zonesWithMx = builtins.filter (zone: 19 zonesWithMx = builtins.filter (zone:
diff --git a/modules/private/mail/dovecot.nix b/modules/private/mail/dovecot.nix
index 4facef5..523c017 100644
--- a/modules/private/mail/dovecot.nix
+++ b/modules/private/mail/dovecot.nix
@@ -269,7 +269,7 @@ in
269 [ 269 [
270 "0 2 * * * root ${cron_script}/bin/cleanup-imap-folders" 270 "0 2 * * * root ${cron_script}/bin/cleanup-imap-folders"
271 ]; 271 ];
272 security.acme.certs."mail" = { 272 security.acme2.certs."mail" = {
273 postRun = '' 273 postRun = ''
274 systemctl restart dovecot2.service 274 systemctl restart dovecot2.service
275 ''; 275 '';
diff --git a/modules/private/mail/postfix.nix b/modules/private/mail/postfix.nix
index bd284cb..8fe06da 100644
--- a/modules/private/mail/postfix.nix
+++ b/modules/private/mail/postfix.nix
@@ -417,7 +417,7 @@
417 }; 417 };
418 }; 418 };
419 }; 419 };
420 security.acme.certs."mail" = { 420 security.acme2.certs."mail" = {
421 postRun = '' 421 postRun = ''
422 systemctl restart postfix.service 422 systemctl restart postfix.service
423 ''; 423 '';
diff --git a/modules/private/mail/relay.nix b/modules/private/mail/relay.nix
index 9111350..e0aa387 100644
--- a/modules/private/mail/relay.nix
+++ b/modules/private/mail/relay.nix
@@ -1,7 +1,7 @@
1{ lib, pkgs, config, nodes, name, ... }: 1{ lib, pkgs, config, nodes, name, ... }:
2{ 2{
3 config = lib.mkIf config.myServices.mailBackup.enable { 3 config = lib.mkIf config.myServices.mailBackup.enable {
4 security.acme.certs."mail" = config.myServices.certificates.certConfig // { 4 security.acme2.certs."mail" = config.myServices.certificates.certConfig // {
5 postRun = '' 5 postRun = ''
6 systemctl restart postfix.service 6 systemctl restart postfix.service
7 ''; 7 '';
diff --git a/modules/private/monitoring/status.nix b/modules/private/monitoring/status.nix
index d25d934..2860e96 100644
--- a/modules/private/monitoring/status.nix
+++ b/modules/private/monitoring/status.nix
@@ -34,7 +34,7 @@
34 locations."/".proxyPass = "http://unix:/run/naemon-status/socket.sock:/"; 34 locations."/".proxyPass = "http://unix:/run/naemon-status/socket.sock:/";
35 }; 35 };
36 }; 36 };
37 security.acme.certs."${name}".extraDomains."status.immae.eu" = null; 37 security.acme2.certs."${name}".extraDomains."status.immae.eu" = null;
38 38
39 myServices.certificates.enable = true; 39 myServices.certificates.enable = true;
40 networking.firewall.allowedTCPPorts = [ 80 443 ]; 40 networking.firewall.allowedTCPPorts = [ 80 443 ];
diff --git a/modules/private/tasks/default.nix b/modules/private/tasks/default.nix
index c4f065b..c0cc87b 100644
--- a/modules/private/tasks/default.nix
+++ b/modules/private/tasks/default.nix
@@ -192,9 +192,9 @@ in {
192 192
193 myServices.websites.webappDirs._task = ./www; 193 myServices.websites.webappDirs._task = ./www;
194 194
195 security.acme.certs."task" = config.myServices.certificates.certConfig // { 195 security.acme2.certs."task" = config.myServices.certificates.certConfig // {
196 inherit user group; 196 inherit user group;
197 plugins = [ "fullchain.pem" "key.pem" "cert.pem" "account_key.json" ]; 197 plugins = [ "fullchain.pem" "key.pem" "cert.pem" "account_key.json" "account_reg.json" ];
198 domain = fqdn; 198 domain = fqdn;
199 postRun = '' 199 postRun = ''
200 systemctl restart taskserver.service 200 systemctl restart taskserver.service
@@ -244,9 +244,9 @@ in {
244 inherit fqdn; 244 inherit fqdn;
245 listenHost = "::"; 245 listenHost = "::";
246 pki.manual.ca.cert = "${server_vardir}/keys/ca.cert"; 246 pki.manual.ca.cert = "${server_vardir}/keys/ca.cert";
247 pki.manual.server.cert = "${config.security.acme.directory}/task/fullchain.pem"; 247 pki.manual.server.cert = "${config.security.acme2.certs.task.directory}/fullchain.pem";
248 pki.manual.server.crl = "${config.security.acme.directory}/task/invalid.crl"; 248 pki.manual.server.crl = "${config.security.acme2.certs.task.directory}/invalid.crl";
249 pki.manual.server.key = "${config.security.acme.directory}/task/key.pem"; 249 pki.manual.server.key = "${config.security.acme2.certs.task.directory}/key.pem";
250 requestLimit = 104857600; 250 requestLimit = 104857600;
251 }; 251 };
252 252
diff --git a/modules/private/websites/default.nix b/modules/private/websites/default.nix
index 7f3e463..90f24a4 100644
--- a/modules/private/websites/default.nix
+++ b/modules/private/websites/default.nix
@@ -125,7 +125,7 @@ in
125 125
126 system.activationScripts = { 126 system.activationScripts = {
127 httpd = '' 127 httpd = ''
128 install -d -m 0755 ${config.security.acme.directory}/acme-challenge 128 install -d -m 0755 /var/lib/acme/acme-challenge
129 install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions 129 install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions
130 ''; 130 '';
131 }; 131 };
diff --git a/modules/private/websites/florian/integration.nix b/modules/private/websites/florian/integration.nix
index 00de761..ef7d13a 100644
--- a/modules/private/websites/florian/integration.nix
+++ b/modules/private/websites/florian/integration.nix
@@ -8,7 +8,7 @@ in {
8 options.myServices.websites.florian.integration.enable = lib.mkEnableOption "enable Florian's website integration"; 8 options.myServices.websites.florian.integration.enable = lib.mkEnableOption "enable Florian's website integration";
9 9
10 config = lib.mkIf cfg.enable { 10 config = lib.mkIf cfg.enable {
11 security.acme.certs."ftp".extraDomains."florian.immae.eu" = null; 11 security.acme2.certs."ftp".extraDomains."florian.immae.eu" = null;
12 12
13 services.websites.env.integration.modules = adminer.apache.modules; 13 services.websites.env.integration.modules = adminer.apache.modules;
14 services.websites.env.integration.vhostConfs.florian = { 14 services.websites.env.integration.vhostConfs.florian = {
diff --git a/modules/private/websites/florian/production.nix b/modules/private/websites/florian/production.nix
index 8d3dfb0..1abc715 100644
--- a/modules/private/websites/florian/production.nix
+++ b/modules/private/websites/florian/production.nix
@@ -8,7 +8,7 @@ in {
8 options.myServices.websites.florian.production.enable = lib.mkEnableOption "enable Florian's website production"; 8 options.myServices.websites.florian.production.enable = lib.mkEnableOption "enable Florian's website production";
9 9
10 config = lib.mkIf cfg.enable { 10 config = lib.mkIf cfg.enable {
11 security.acme.certs."ftp".extraDomains."tellesflorian.com" = null; 11 security.acme2.certs."ftp".extraDomains."tellesflorian.com" = null;
12 12
13 services.websites.env.production.modules = adminer.apache.modules; 13 services.websites.env.production.modules = adminer.apache.modules;
14 services.websites.env.production.vhostConfs.florian = { 14 services.websites.env.production.vhostConfs.florian = {
diff --git a/modules/private/websites/nassime/production.nix b/modules/private/websites/nassime/production.nix
index f9468f9..293519f 100644
--- a/modules/private/websites/nassime/production.nix
+++ b/modules/private/websites/nassime/production.nix
@@ -9,7 +9,7 @@ in {
9 config = lib.mkIf cfg.enable { 9 config = lib.mkIf cfg.enable {
10 services.webstats.sites = [ { name = "nassime.bouya.org"; } ]; 10 services.webstats.sites = [ { name = "nassime.bouya.org"; } ];
11 11
12 security.acme.certs."ftp".extraDomains."nassime.bouya.org" = null; 12 security.acme2.certs."ftp".extraDomains."nassime.bouya.org" = null;
13 13
14 services.websites.env.production.vhostConfs.nassime = { 14 services.websites.env.production.vhostConfs.nassime = {
15 certName = "nassime"; 15 certName = "nassime";
diff --git a/modules/private/websites/naturaloutil/production.nix b/modules/private/websites/naturaloutil/production.nix
index 628e129..a276c47 100644
--- a/modules/private/websites/naturaloutil/production.nix
+++ b/modules/private/websites/naturaloutil/production.nix
@@ -10,7 +10,7 @@ in {
10 config = lib.mkIf cfg.enable { 10 config = lib.mkIf cfg.enable {
11 services.webstats.sites = [ { name = "naturaloutil.immae.eu"; } ]; 11 services.webstats.sites = [ { name = "naturaloutil.immae.eu"; } ];
12 12
13 security.acme.certs."ftp".extraDomains."naturaloutil.immae.eu" = null; 13 security.acme2.certs."ftp".extraDomains."naturaloutil.immae.eu" = null;
14 14
15 secrets.keys = [{ 15 secrets.keys = [{
16 dest = "webapps/prod-naturaloutil"; 16 dest = "webapps/prod-naturaloutil";
diff --git a/modules/private/websites/papa/surveillance.nix b/modules/private/websites/papa/surveillance.nix
index 1bb6ac8..f6e1772 100644
--- a/modules/private/websites/papa/surveillance.nix
+++ b/modules/private/websites/papa/surveillance.nix
@@ -6,7 +6,7 @@ in {
6 options.myServices.websites.papa.surveillance.enable = lib.mkEnableOption "enable Papa surveillance's website"; 6 options.myServices.websites.papa.surveillance.enable = lib.mkEnableOption "enable Papa surveillance's website";
7 7
8 config = lib.mkIf cfg.enable { 8 config = lib.mkIf cfg.enable {
9 security.acme.certs."ftp".extraDomains."surveillance.maison.bbc.bouya.org" = null; 9 security.acme2.certs."ftp".extraDomains."surveillance.maison.bbc.bouya.org" = null;
10 10
11 services.cron = { 11 services.cron = {
12 systemCronJobs = let 12 systemCronJobs = let
diff --git a/modules/private/websites/teliotortay/production.nix b/modules/private/websites/teliotortay/production.nix
index 59090f5..2c62d10 100644
--- a/modules/private/websites/teliotortay/production.nix
+++ b/modules/private/websites/teliotortay/production.nix
@@ -10,7 +10,7 @@ in {
10 config = lib.mkIf cfg.enable { 10 config = lib.mkIf cfg.enable {
11 services.webstats.sites = [ { name = "telio-tortay.immae.eu"; } ]; 11 services.webstats.sites = [ { name = "telio-tortay.immae.eu"; } ];
12 12
13 security.acme.certs."ftp".extraDomains."telio-tortay.immae.eu" = null; 13 security.acme2.certs."ftp".extraDomains."telio-tortay.immae.eu" = null;
14 14
15 system.activationScripts.telio-tortay = { 15 system.activationScripts.telio-tortay = {
16 deps = [ "httpd" ]; 16 deps = [ "httpd" ];
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-18 12:24:16 +0000