diff options
Diffstat (limited to 'modules/private/databases/openldap')
-rw-r--r-- | modules/private/databases/openldap/default.nix | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/modules/private/databases/openldap/default.nix b/modules/private/databases/openldap/default.nix index 22f6f7b..d7d61db 100644 --- a/modules/private/databases/openldap/default.nix +++ b/modules/private/databases/openldap/default.nix | |||
@@ -24,9 +24,9 @@ let | |||
24 | overlay syncprov | 24 | overlay syncprov |
25 | syncprov-checkpoint 100 10 | 25 | syncprov-checkpoint 100 10 |
26 | 26 | ||
27 | TLSCertificateFile ${config.security.acme.directory}/ldap/cert.pem | 27 | TLSCertificateFile ${config.security.acme2.certs.ldap.directory}/cert.pem |
28 | TLSCertificateKeyFile ${config.security.acme.directory}/ldap/key.pem | 28 | TLSCertificateKeyFile ${config.security.acme2.certs.ldap.directory}/key.pem |
29 | TLSCACertificateFile ${config.security.acme.directory}/ldap/fullchain.pem | 29 | TLSCACertificateFile ${config.security.acme2.certs.ldap.directory}/fullchain.pem |
30 | TLSCACertificatePath ${pkgs.cacert.unbundled}/etc/ssl/certs/ | 30 | TLSCACertificatePath ${pkgs.cacert.unbundled}/etc/ssl/certs/ |
31 | #This makes openldap crash | 31 | #This makes openldap crash |
32 | #TLSCipherSuite DEFAULT | 32 | #TLSCipherSuite DEFAULT |
@@ -117,10 +117,10 @@ in | |||
117 | users.users.openldap.extraGroups = [ "keys" ]; | 117 | users.users.openldap.extraGroups = [ "keys" ]; |
118 | networking.firewall.allowedTCPPorts = [ 636 389 ]; | 118 | networking.firewall.allowedTCPPorts = [ 636 389 ]; |
119 | 119 | ||
120 | security.acme.certs."ldap" = config.myServices.databasesCerts // { | 120 | security.acme2.certs."ldap" = config.myServices.databasesCerts // { |
121 | user = "openldap"; | 121 | user = "openldap"; |
122 | group = "openldap"; | 122 | group = "openldap"; |
123 | plugins = [ "fullchain.pem" "key.pem" "cert.pem" "account_key.json" ]; | 123 | plugins = [ "fullchain.pem" "key.pem" "cert.pem" "account_key.json" "account_reg.json" ]; |
124 | domain = "ldap.immae.eu"; | 124 | domain = "ldap.immae.eu"; |
125 | postRun = '' | 125 | postRun = '' |
126 | systemctl restart openldap.service | 126 | systemctl restart openldap.service |