From 981fa80354fd6f00f49446777c38f77bd8a65f65 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Wed, 15 Jan 2020 20:41:19 +0100 Subject: Upgrade acme bot --- modules/private/databases/openldap/default.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'modules/private/databases/openldap') diff --git a/modules/private/databases/openldap/default.nix b/modules/private/databases/openldap/default.nix index 22f6f7b..d7d61db 100644 --- a/modules/private/databases/openldap/default.nix +++ b/modules/private/databases/openldap/default.nix @@ -24,9 +24,9 @@ let overlay syncprov syncprov-checkpoint 100 10 - TLSCertificateFile ${config.security.acme.directory}/ldap/cert.pem - TLSCertificateKeyFile ${config.security.acme.directory}/ldap/key.pem - TLSCACertificateFile ${config.security.acme.directory}/ldap/fullchain.pem + TLSCertificateFile ${config.security.acme2.certs.ldap.directory}/cert.pem + TLSCertificateKeyFile ${config.security.acme2.certs.ldap.directory}/key.pem + TLSCACertificateFile ${config.security.acme2.certs.ldap.directory}/fullchain.pem TLSCACertificatePath ${pkgs.cacert.unbundled}/etc/ssl/certs/ #This makes openldap crash #TLSCipherSuite DEFAULT @@ -117,10 +117,10 @@ in users.users.openldap.extraGroups = [ "keys" ]; networking.firewall.allowedTCPPorts = [ 636 389 ]; - security.acme.certs."ldap" = config.myServices.databasesCerts // { + security.acme2.certs."ldap" = config.myServices.databasesCerts // { user = "openldap"; group = "openldap"; - plugins = [ "fullchain.pem" "key.pem" "cert.pem" "account_key.json" ]; + plugins = [ "fullchain.pem" "key.pem" "cert.pem" "account_key.json" "account_reg.json" ]; domain = "ldap.immae.eu"; postRun = '' systemctl restart openldap.service -- cgit v1.2.3