aboutsummaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2019-05-17 01:43:18 +0200
committerIsmaël Bouya <ismael.bouya@normalesup.org>2019-05-17 01:43:18 +0200
commit9ade8f6eb774dc7d19d82a070199b5024786b819 (patch)
treee5a2d49050d4a426fa1d0412d88bbfab11b500d3 /modules
parent182ae57f53731be220075bc87aff4d47a35563b8 (diff)
downloadNix-9ade8f6eb774dc7d19d82a070199b5024786b819.tar.gz
Nix-9ade8f6eb774dc7d19d82a070199b5024786b819.tar.zst
Nix-9ade8f6eb774dc7d19d82a070199b5024786b819.zip
Use acme directory config rather than hardcoding the value
Diffstat (limited to 'modules')
-rw-r--r--modules/private/databases/mariadb.nix4
-rw-r--r--modules/private/databases/openldap/default.nix6
-rw-r--r--modules/private/databases/postgresql.nix4
-rw-r--r--modules/websites/default.nix8
4 files changed, 11 insertions, 11 deletions
diff --git a/modules/private/databases/mariadb.nix b/modules/private/databases/mariadb.nix
index 21f4359..cc99c3c 100644
--- a/modules/private/databases/mariadb.nix
+++ b/modules/private/databases/mariadb.nix
@@ -54,8 +54,8 @@ in {
54 dataDir = cfg.dataDir; 54 dataDir = cfg.dataDir;
55 extraOptions = '' 55 extraOptions = ''
56 ssl_ca = ${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt 56 ssl_ca = ${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
57 ssl_key = /var/lib/acme/mysql/key.pem 57 ssl_key = ${config.security.acme.directory}/mysql/key.pem
58 ssl_cert = /var/lib/acme/mysql/fullchain.pem 58 ssl_cert = ${config.security.acme.directory}/mysql/fullchain.pem
59 ''; 59 '';
60 }; 60 };
61 61
diff --git a/modules/private/databases/openldap/default.nix b/modules/private/databases/openldap/default.nix
index 850f3ff..46f85d2 100644
--- a/modules/private/databases/openldap/default.nix
+++ b/modules/private/databases/openldap/default.nix
@@ -33,9 +33,9 @@ let
33 directory ${cfg.dataDir} 33 directory ${cfg.dataDir}
34 overlay memberof 34 overlay memberof
35 35
36 TLSCertificateFile /var/lib/acme/ldap/cert.pem 36 TLSCertificateFile ${config.security.acme.directory}/ldap/cert.pem
37 TLSCertificateKeyFile /var/lib/acme/ldap/key.pem 37 TLSCertificateKeyFile ${config.security.acme.directory}/ldap/key.pem
38 TLSCACertificateFile /var/lib/acme/ldap/fullchain.pem 38 TLSCACertificateFile ${config.security.acme.directory}/ldap/fullchain.pem
39 TLSCACertificatePath ${pkgs.cacert.unbundled}/etc/ssl/certs/ 39 TLSCACertificatePath ${pkgs.cacert.unbundled}/etc/ssl/certs/
40 #This makes openldap crash 40 #This makes openldap crash
41 #TLSCipherSuite DEFAULT 41 #TLSCipherSuite DEFAULT
diff --git a/modules/private/databases/postgresql.nix b/modules/private/databases/postgresql.nix
index 26242a8..8c36d84 100644
--- a/modules/private/databases/postgresql.nix
+++ b/modules/private/databases/postgresql.nix
@@ -73,8 +73,8 @@ in {
73 lc_time = 'en_US.UTF-8' 73 lc_time = 'en_US.UTF-8'
74 default_text_search_config = 'pg_catalog.english' 74 default_text_search_config = 'pg_catalog.english'
75 ssl = on 75 ssl = on
76 ssl_cert_file = '/var/lib/acme/postgresql/fullchain.pem' 76 ssl_cert_file = '${config.security.acme.directory}/postgresql/fullchain.pem'
77 ssl_key_file = '/var/lib/acme/postgresql/key.pem' 77 ssl_key_file = '${config.security.acme.directory}/postgresql/key.pem'
78 ''; 78 '';
79 authentication = '' 79 authentication = ''
80 local all postgres ident 80 local all postgres ident
diff --git a/modules/websites/default.nix b/modules/websites/default.nix
index b76aeea..e57f505 100644
--- a/modules/websites/default.nix
+++ b/modules/websites/default.nix
@@ -102,7 +102,7 @@ in
102 serverAliases = [ "*" ]; 102 serverAliases = [ "*" ];
103 enableSSL = false; 103 enableSSL = false;
104 logFormat = "combinedVhost"; 104 logFormat = "combinedVhost";
105 documentRoot = "/var/lib/acme/acme-challenge"; 105 documentRoot = "${config.security.acme.directory}/acme-challenge";
106 extraConfig = '' 106 extraConfig = ''
107 RewriteEngine on 107 RewriteEngine on
108 RewriteCond "%{REQUEST_URI}" "!^/\.well-known" 108 RewriteCond "%{REQUEST_URI}" "!^/\.well-known"
@@ -131,9 +131,9 @@ in
131 }; 131 };
132 toVhost = ips: vhostConf: { 132 toVhost = ips: vhostConf: {
133 enableSSL = true; 133 enableSSL = true;
134 sslServerCert = "/var/lib/acme/${vhostConf.certName}/cert.pem"; 134 sslServerCert = "${config.security.acme.directory}/${vhostConf.certName}/cert.pem";
135 sslServerKey = "/var/lib/acme/${vhostConf.certName}/key.pem"; 135 sslServerKey = "${config.security.acme.directory}/${vhostConf.certName}/key.pem";
136 sslServerChain = "/var/lib/acme/${vhostConf.certName}/chain.pem"; 136 sslServerChain = "${config.security.acme.directory}/${vhostConf.certName}/chain.pem";
137 logFormat = "combinedVhost"; 137 logFormat = "combinedVhost";
138 listen = map (ip: { inherit ip; port = 443; }) ips; 138 listen = map (ip: { inherit ip; port = 443; }) ips;
139 hostName = builtins.head vhostConf.hosts; 139 hostName = builtins.head vhostConf.hosts;