diff options
Diffstat (limited to 'virtual/eldiron.nix')
| -rw-r--r-- | virtual/eldiron.nix | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/virtual/eldiron.nix b/virtual/eldiron.nix index 56c6afd..2d1c50e 100644 --- a/virtual/eldiron.nix +++ b/virtual/eldiron.nix | |||
| @@ -82,12 +82,16 @@ | |||
| 82 | 82 | ||
| 83 | system.activationScripts = { | 83 | system.activationScripts = { |
| 84 | connexionswing_dev = mypkgs.connexionswing_dev.activationScript; | 84 | connexionswing_dev = mypkgs.connexionswing_dev.activationScript; |
| 85 | httpd = '' | ||
| 86 | install -d -m 0755 /var/lib/acme/acme-challenge | ||
| 87 | install -d -m 0755 /var/www | ||
| 88 | ''; | ||
| 85 | }; | 89 | }; |
| 86 | 90 | ||
| 87 | services.httpd = let | 91 | services.httpd = let |
| 88 | withSSL = domain: { | 92 | withSSL = domain: { |
| 89 | enableSSL = true; | 93 | enableSSL = true; |
| 90 | sslServerCert = "/var/lib/acme/${domain}/full.pem"; # FIXME: cert only? | 94 | sslServerCert = "/var/lib/acme/${domain}/cert.pem"; |
| 91 | sslServerKey = "/var/lib/acme/${domain}/key.pem"; | 95 | sslServerKey = "/var/lib/acme/${domain}/key.pem"; |
| 92 | sslServerChain = "/var/lib/acme/${domain}/fullchain.pem"; | 96 | sslServerChain = "/var/lib/acme/${domain}/fullchain.pem"; |
| 93 | }; | 97 | }; |
| @@ -177,7 +181,6 @@ | |||
| 177 | ]; | 181 | ]; |
| 178 | }; | 182 | }; |
| 179 | 183 | ||
| 180 | # FIXME: environment variables ? | ||
| 181 | security.pam.services = let | 184 | security.pam.services = let |
| 182 | pam_ldap = pkgs.pam_ldap; | 185 | pam_ldap = pkgs.pam_ldap; |
| 183 | pam_ldap_mysql = assert mylibs.checkEnv "NIXOPS_MYSQL_PAM_PASSWORD"; | 186 | pam_ldap_mysql = assert mylibs.checkEnv "NIXOPS_MYSQL_PAM_PASSWORD"; |