diff options
Diffstat (limited to 'modules/private/databases/postgresql.nix')
-rw-r--r-- | modules/private/databases/postgresql.nix | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/modules/private/databases/postgresql.nix b/modules/private/databases/postgresql.nix index 3dcd311..27ea59c 100644 --- a/modules/private/databases/postgresql.nix +++ b/modules/private/databases/postgresql.nix | |||
@@ -107,10 +107,10 @@ in { | |||
107 | config = lib.mkIf cfg.enable { | 107 | config = lib.mkIf cfg.enable { |
108 | networking.firewall.allowedTCPPorts = [ 5432 ]; | 108 | networking.firewall.allowedTCPPorts = [ 5432 ]; |
109 | 109 | ||
110 | security.acme.certs."postgresql" = config.myServices.databasesCerts // { | 110 | security.acme2.certs."postgresql" = config.myServices.databasesCerts // { |
111 | user = "postgres"; | 111 | user = "postgres"; |
112 | group = "postgres"; | 112 | group = "postgres"; |
113 | plugins = [ "fullchain.pem" "key.pem" "account_key.json" ]; | 113 | plugins = [ "fullchain.pem" "key.pem" "account_key.json" "account_reg.json" ]; |
114 | domain = "db-1.immae.eu"; | 114 | domain = "db-1.immae.eu"; |
115 | postRun = '' | 115 | postRun = '' |
116 | systemctl reload postgresql.service | 116 | systemctl reload postgresql.service |
@@ -165,8 +165,8 @@ in { | |||
165 | # makes it order of magnitudes quicker | 165 | # makes it order of magnitudes quicker |
166 | synchronous_commit = off | 166 | synchronous_commit = off |
167 | ssl = on | 167 | ssl = on |
168 | ssl_cert_file = '${config.security.acme.directory}/postgresql/fullchain.pem' | 168 | ssl_cert_file = '${config.security.acme2.certs.postgresql.directory}/fullchain.pem' |
169 | ssl_key_file = '${config.security.acme.directory}/postgresql/key.pem' | 169 | ssl_key_file = '${config.security.acme2.certs.postgresql.directory}/key.pem' |
170 | ''; | 170 | ''; |
171 | authentication = let | 171 | authentication = let |
172 | hosts = builtins.concatStringsSep "\n" ( | 172 | hosts = builtins.concatStringsSep "\n" ( |