From 981fa80354fd6f00f49446777c38f77bd8a65f65 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
Date: Wed, 15 Jan 2020 20:41:19 +0100
Subject: Upgrade acme bot

---
 modules/websites/default.nix | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'modules/websites/default.nix')

diff --git a/modules/websites/default.nix b/modules/websites/default.nix
index 6ba0d68..e69080e 100644
--- a/modules/websites/default.nix
+++ b/modules/websites/default.nix
@@ -149,7 +149,7 @@ in
       serverAliases = [ "*" ];
       enableSSL = false;
       logFormat = "combinedVhost";
-      documentRoot = "${config.security.acme.directory}/acme-challenge";
+      documentRoot = "/var/lib/acme/acme-challenge";
       extraConfig = ''
         RewriteEngine on
         RewriteCond "%{REQUEST_URI}"   "!^/\.well-known"
@@ -178,9 +178,9 @@ in
     };
     toVhost = ips: vhostConf: {
       enableSSL = true;
-      sslServerCert = "${config.security.acme.directory}/${vhostConf.certName}/cert.pem";
-      sslServerKey = "${config.security.acme.directory}/${vhostConf.certName}/key.pem";
-      sslServerChain = "${config.security.acme.directory}/${vhostConf.certName}/chain.pem";
+      sslServerCert = "${config.security.acme2.certs."${vhostConf.certName}".directory}/cert.pem";
+      sslServerKey = "${config.security.acme2.certs."${vhostConf.certName}".directory}/key.pem";
+      sslServerChain = "${config.security.acme2.certs."${vhostConf.certName}".directory}/chain.pem";
       logFormat = "combinedVhost";
       listen = map (ip: { inherit ip; port = 443; }) ips;
       hostName = builtins.head vhostConf.hosts;
@@ -223,7 +223,7 @@ in
     }
   ) cfg.env;
 
-  config.security.acme.certs = let
+  config.security.acme2.certs = let
     typesToManage = attrsets.filterAttrs (k: v: v.enable) cfg.env;
     flatVhosts = lists.flatten (attrsets.mapAttrsToList (k: v:
       attrValues v.vhostConfs
-- 
cgit v1.2.3