diff options
| author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2020-01-15 20:41:19 +0100 |
|---|---|---|
| committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2020-01-15 20:41:19 +0100 |
| commit | 981fa80354fd6f00f49446777c38f77bd8a65f65 (patch) | |
| tree | 878a24e3daa325cfec75b1a413e5144829558d38 /modules/websites/default.nix | |
| parent | 258441019881c451686dbe537069228cc8e49612 (diff) | |
| download | Nix-981fa80354fd6f00f49446777c38f77bd8a65f65.tar.gz Nix-981fa80354fd6f00f49446777c38f77bd8a65f65.tar.zst Nix-981fa80354fd6f00f49446777c38f77bd8a65f65.zip | |
Upgrade acme bot
Diffstat (limited to 'modules/websites/default.nix')
| -rw-r--r-- | modules/websites/default.nix | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/modules/websites/default.nix b/modules/websites/default.nix index 6ba0d68..e69080e 100644 --- a/modules/websites/default.nix +++ b/modules/websites/default.nix | |||
| @@ -149,7 +149,7 @@ in | |||
| 149 | serverAliases = [ "*" ]; | 149 | serverAliases = [ "*" ]; |
| 150 | enableSSL = false; | 150 | enableSSL = false; |
| 151 | logFormat = "combinedVhost"; | 151 | logFormat = "combinedVhost"; |
| 152 | documentRoot = "${config.security.acme.directory}/acme-challenge"; | 152 | documentRoot = "/var/lib/acme/acme-challenge"; |
| 153 | extraConfig = '' | 153 | extraConfig = '' |
| 154 | RewriteEngine on | 154 | RewriteEngine on |
| 155 | RewriteCond "%{REQUEST_URI}" "!^/\.well-known" | 155 | RewriteCond "%{REQUEST_URI}" "!^/\.well-known" |
| @@ -178,9 +178,9 @@ in | |||
| 178 | }; | 178 | }; |
| 179 | toVhost = ips: vhostConf: { | 179 | toVhost = ips: vhostConf: { |
| 180 | enableSSL = true; | 180 | enableSSL = true; |
| 181 | sslServerCert = "${config.security.acme.directory}/${vhostConf.certName}/cert.pem"; | 181 | sslServerCert = "${config.security.acme2.certs."${vhostConf.certName}".directory}/cert.pem"; |
| 182 | sslServerKey = "${config.security.acme.directory}/${vhostConf.certName}/key.pem"; | 182 | sslServerKey = "${config.security.acme2.certs."${vhostConf.certName}".directory}/key.pem"; |
| 183 | sslServerChain = "${config.security.acme.directory}/${vhostConf.certName}/chain.pem"; | 183 | sslServerChain = "${config.security.acme2.certs."${vhostConf.certName}".directory}/chain.pem"; |
| 184 | logFormat = "combinedVhost"; | 184 | logFormat = "combinedVhost"; |
| 185 | listen = map (ip: { inherit ip; port = 443; }) ips; | 185 | listen = map (ip: { inherit ip; port = 443; }) ips; |
| 186 | hostName = builtins.head vhostConf.hosts; | 186 | hostName = builtins.head vhostConf.hosts; |
| @@ -223,7 +223,7 @@ in | |||
| 223 | } | 223 | } |
| 224 | ) cfg.env; | 224 | ) cfg.env; |
| 225 | 225 | ||
| 226 | config.security.acme.certs = let | 226 | config.security.acme2.certs = let |
| 227 | typesToManage = attrsets.filterAttrs (k: v: v.enable) cfg.env; | 227 | typesToManage = attrsets.filterAttrs (k: v: v.enable) cfg.env; |
| 228 | flatVhosts = lists.flatten (attrsets.mapAttrsToList (k: v: | 228 | flatVhosts = lists.flatten (attrsets.mapAttrsToList (k: v: |
| 229 | attrValues v.vhostConfs | 229 | attrValues v.vhostConfs |