1 files changed, 4 insertions, 4 deletions
diff --git a/modules/websites/default.nix b/modules/websites/default.nix
index b76aeea..e57f505 100644
--- a/modules/websites/default.nix
+++ b/modules/websites/default.nix
@@ -102,7 +102,7 @@ in
      serverAliases = [ "*" ];
      enableSSL = false;
      logFormat = "combinedVhost";
-      documentRoot = "/var/lib/acme/acme-challenge";
+      documentRoot = "${config.security.acme.directory}/acme-challenge";
      extraConfig = ''
        RewriteEngine on
        RewriteCond "%{REQUEST_URI}"   "!^/\.well-known"
@@ -131,9 +131,9 @@ in
    };
    toVhost = ips: vhostConf: {
      enableSSL = true;
-      sslServerCert = "/var/lib/acme/${vhostConf.certName}/cert.pem";
+      sslServerCert = "${config.security.acme.directory}/${vhostConf.certName}/cert.pem";
-      sslServerKey = "/var/lib/acme/${vhostConf.certName}/key.pem";
+      sslServerKey = "${config.security.acme.directory}/${vhostConf.certName}/key.pem";
-      sslServerChain = "/var/lib/acme/${vhostConf.certName}/chain.pem";
+      sslServerChain = "${config.security.acme.directory}/${vhostConf.certName}/chain.pem";
      logFormat = "combinedVhost";
      listen = map (ip: { inherit ip; port = 443; }) ips;
      hostName = builtins.head vhostConf.hosts;

diff --git a/modules/websites/default.nix b/modules/websites/default.nix index b76aeea..e57f505 100644 --- a/modules/websites/default.nix +++ b/modules/websites/default.nix
@@ -102,7 +102,7 @@ in
102	serverAliases = [ "*" ];	102	serverAliases = [ "*" ];
103	enableSSL = false;	103	enableSSL = false;
104	logFormat = "combinedVhost";	104	logFormat = "combinedVhost";
105	documentRoot = "/var/lib/acme/acme-challenge";	105	documentRoot = "${config.security.acme.directory}/acme-challenge";
106	extraConfig = ''	106	extraConfig = ''
107	RewriteEngine on	107	RewriteEngine on
108	RewriteCond "%{REQUEST_URI}" "!^/\.well-known"	108	RewriteCond "%{REQUEST_URI}" "!^/\.well-known"
@@ -131,9 +131,9 @@ in
131	};	131	};
132	toVhost = ips: vhostConf: {	132	toVhost = ips: vhostConf: {
133	enableSSL = true;	133	enableSSL = true;
134	sslServerCert = "/var/lib/acme/${vhostConf.certName}/cert.pem";	134	sslServerCert = "${config.security.acme.directory}/${vhostConf.certName}/cert.pem";
135	sslServerKey = "/var/lib/acme/${vhostConf.certName}/key.pem";	135	sslServerKey = "${config.security.acme.directory}/${vhostConf.certName}/key.pem";
136	sslServerChain = "/var/lib/acme/${vhostConf.certName}/chain.pem";	136	sslServerChain = "${config.security.acme.directory}/${vhostConf.certName}/chain.pem";
137	logFormat = "combinedVhost";	137	logFormat = "combinedVhost";
138	listen = map (ip: { inherit ip; port = 443; }) ips;	138	listen = map (ip: { inherit ip; port = 443; }) ips;
139	hostName = builtins.head vhostConf.hosts;	139	hostName = builtins.head vhostConf.hosts;