Add certificate creation and handling to websites

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-05-16 23:23:05 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-05-17 00:04:47 +0200
commit: 7df420c27ebe7daaa4fd099c457ce9a9075b840e (patch)
tree: ec41e01e9331652c09dc4f2ed4186ce5952c3882 /nixops/modules/websites/connexionswing
parent: 52f45eb051df228955add90ca62de66a7ed8af34 (diff)
download: Nix-7df420c27ebe7daaa4fd099c457ce9a9075b840e.tar.gz
Nix-7df420c27ebe7daaa4fd099c457ce9a9075b840e.tar.zst
Nix-7df420c27ebe7daaa4fd099c457ce9a9075b840e.zip
1 files changed, 6 insertions, 15 deletions
diff --git a/nixops/modules/websites/connexionswing/default.nix b/nixops/modules/websites/connexionswing/default.nix
index 3643e19..20c5166 100644
--- a/nixops/modules/websites/connexionswing/default.nix
+++ b/nixops/modules/websites/connexionswing/default.nix
@@ -25,15 +25,6 @@ in {
      secrets.keys = connexionswing_prod.keys;
      services.webstats.sites = [ { name = "connexionswing.com"; } ];
-      security.acme.certs."connexionswing" = config.services.myCertificates.certConfig // {
-        domain = "connexionswing.com";
-        extraDomains = {
-          "www.connexionswing.com" = null;
-          "sandetludo.com" = null;
-          "www.sandetludo.com" = null;
-        };
-      };
      services.myPhpfpm.preStart.connexionswing_prod = connexionswing_prod.phpFpm.preStart;
      services.myPhpfpm.serviceDependencies.connexionswing_prod = connexionswing_prod.phpFpm.serviceDeps;
      services.myPhpfpm.poolConfigs.connexionswing_prod = connexionswing_prod.phpFpm.pool;
@@ -45,16 +36,15 @@ in {
        '';
      services.websites.production.modules = connexionswing_prod.apache.modules;
      services.websites.production.vhostConfs.connexionswing = {
-        certName    = "connexionswing";
+        certName     = "connexionswing";
-        hosts       = ["connexionswing.com" "sandetludo.com" "www.connexionswing.com" "www.sandetludo.com" ];
+        certMainHost = "connexionswing.com";
-        root        = connexionswing_prod.apache.root;
+        hosts        = ["connexionswing.com" "sandetludo.com" "www.connexionswing.com" "www.sandetludo.com" ];
-        extraConfig = [ connexionswing_prod.apache.vhostConf ];
+        root         = connexionswing_prod.apache.root;
+        extraConfig  = [ connexionswing_prod.apache.vhostConf ];
      };
    })
    (lib.mkIf cfg.integration.enable {
      secrets.keys = connexionswing_dev.keys;
-      security.acme.certs."eldiron".extraDomains."sandetludo.immae.eu" = null;
-      security.acme.certs."eldiron".extraDomains."connexionswing.immae.eu" = null;
      services.myPhpfpm.preStart.connexionswing_dev = connexionswing_dev.phpFpm.preStart;
      services.myPhpfpm.serviceDependencies.connexionswing_dev = connexionswing_dev.phpFpm.serviceDeps;
      services.myPhpfpm.poolConfigs.connexionswing_dev = connexionswing_dev.phpFpm.pool;
@@ -67,6 +57,7 @@ in {
      services.websites.integration.modules = connexionswing_dev.apache.modules;
      services.websites.integration.vhostConfs.connexionswing = {
        certName    = "eldiron";
+        addToCerts  = true;
        hosts       = ["connexionswing.immae.eu" "sandetludo.immae.eu" ];
        root        = connexionswing_dev.apache.root;
        extraConfig = [ connexionswing_dev.apache.vhostConf ];
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-05-16 23:23:05 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-05-17 00:04:47 +0200
commit	7df420c27ebe7daaa4fd099c457ce9a9075b840e (patch)
tree	ec41e01e9331652c09dc4f2ed4186ce5952c3882 /nixops/modules/websites/connexionswing
parent	52f45eb051df228955add90ca62de66a7ed8af34 (diff)
download	Nix-7df420c27ebe7daaa4fd099c457ce9a9075b840e.tar.gz Nix-7df420c27ebe7daaa4fd099c457ce9a9075b840e.tar.zst Nix-7df420c27ebe7daaa4fd099c457ce9a9075b840e.zip