diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-05-17 01:43:18 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-05-17 01:43:18 +0200 |
commit | 9ade8f6eb774dc7d19d82a070199b5024786b819 (patch) | |
tree | e5a2d49050d4a426fa1d0412d88bbfab11b500d3 /modules/websites | |
parent | 182ae57f53731be220075bc87aff4d47a35563b8 (diff) | |
download | Nix-9ade8f6eb774dc7d19d82a070199b5024786b819.tar.gz Nix-9ade8f6eb774dc7d19d82a070199b5024786b819.tar.zst Nix-9ade8f6eb774dc7d19d82a070199b5024786b819.zip |
Use acme directory config rather than hardcoding the value
Diffstat (limited to 'modules/websites')
-rw-r--r-- | modules/websites/default.nix | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/modules/websites/default.nix b/modules/websites/default.nix index b76aeea..e57f505 100644 --- a/modules/websites/default.nix +++ b/modules/websites/default.nix | |||
@@ -102,7 +102,7 @@ in | |||
102 | serverAliases = [ "*" ]; | 102 | serverAliases = [ "*" ]; |
103 | enableSSL = false; | 103 | enableSSL = false; |
104 | logFormat = "combinedVhost"; | 104 | logFormat = "combinedVhost"; |
105 | documentRoot = "/var/lib/acme/acme-challenge"; | 105 | documentRoot = "${config.security.acme.directory}/acme-challenge"; |
106 | extraConfig = '' | 106 | extraConfig = '' |
107 | RewriteEngine on | 107 | RewriteEngine on |
108 | RewriteCond "%{REQUEST_URI}" "!^/\.well-known" | 108 | RewriteCond "%{REQUEST_URI}" "!^/\.well-known" |
@@ -131,9 +131,9 @@ in | |||
131 | }; | 131 | }; |
132 | toVhost = ips: vhostConf: { | 132 | toVhost = ips: vhostConf: { |
133 | enableSSL = true; | 133 | enableSSL = true; |
134 | sslServerCert = "/var/lib/acme/${vhostConf.certName}/cert.pem"; | 134 | sslServerCert = "${config.security.acme.directory}/${vhostConf.certName}/cert.pem"; |
135 | sslServerKey = "/var/lib/acme/${vhostConf.certName}/key.pem"; | 135 | sslServerKey = "${config.security.acme.directory}/${vhostConf.certName}/key.pem"; |
136 | sslServerChain = "/var/lib/acme/${vhostConf.certName}/chain.pem"; | 136 | sslServerChain = "${config.security.acme.directory}/${vhostConf.certName}/chain.pem"; |
137 | logFormat = "combinedVhost"; | 137 | logFormat = "combinedVhost"; |
138 | listen = map (ip: { inherit ip; port = 443; }) ips; | 138 | listen = map (ip: { inherit ip; port = 443; }) ips; |
139 | hostName = builtins.head vhostConf.hosts; | 139 | hostName = builtins.head vhostConf.hosts; |