Upgrade acme bot

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2020-01-15 20:41:19 +0100
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2020-04-25 00:04:41 +0200
commit: 0540384561541f94435ad0f6e268e6989fb1d37a (patch)
tree: 7e8c8b06f6039073dd2d2e648d11b3dba77e63df /modules/websites
parent: 13cf2ab3521b5abeea0ee723d4657d667c666f32 (diff)
download: NUR-0540384561541f94435ad0f6e268e6989fb1d37a.tar.gz
NUR-0540384561541f94435ad0f6e268e6989fb1d37a.tar.zst
NUR-0540384561541f94435ad0f6e268e6989fb1d37a.zip
1 files changed, 5 insertions, 5 deletions
diff --git a/modules/websites/default.nix b/modules/websites/default.nix
index 6ba0d687..e69080e9 100644
--- a/modules/websites/default.nix
+++ b/modules/websites/default.nix
@@ -149,7 +149,7 @@ in
      serverAliases = [ "*" ];
      enableSSL = false;
      logFormat = "combinedVhost";
-      documentRoot = "${config.security.acme.directory}/acme-challenge";
+      documentRoot = "/var/lib/acme/acme-challenge";
      extraConfig = ''
        RewriteEngine on
        RewriteCond "%{REQUEST_URI}"   "!^/\.well-known"
@@ -178,9 +178,9 @@ in
    };
    toVhost = ips: vhostConf: {
      enableSSL = true;
-      sslServerCert = "${config.security.acme.directory}/${vhostConf.certName}/cert.pem";
+      sslServerCert = "${config.security.acme2.certs."${vhostConf.certName}".directory}/cert.pem";
-      sslServerKey = "${config.security.acme.directory}/${vhostConf.certName}/key.pem";
+      sslServerKey = "${config.security.acme2.certs."${vhostConf.certName}".directory}/key.pem";
-      sslServerChain = "${config.security.acme.directory}/${vhostConf.certName}/chain.pem";
+      sslServerChain = "${config.security.acme2.certs."${vhostConf.certName}".directory}/chain.pem";
      logFormat = "combinedVhost";
      listen = map (ip: { inherit ip; port = 443; }) ips;
      hostName = builtins.head vhostConf.hosts;
@@ -223,7 +223,7 @@ in
    }
  ) cfg.env;
-  config.security.acme.certs = let
+  config.security.acme2.certs = let
    typesToManage = attrsets.filterAttrs (k: v: v.enable) cfg.env;
    flatVhosts = lists.flatten (attrsets.mapAttrsToList (k: v:
      attrValues v.vhostConfs
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2020-01-15 20:41:19 +0100
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2020-04-25 00:04:41 +0200
commit	0540384561541f94435ad0f6e268e6989fb1d37a (patch)
tree	7e8c8b06f6039073dd2d2e648d11b3dba77e63df /modules/websites
parent	13cf2ab3521b5abeea0ee723d4657d667c666f32 (diff)
download	NUR-0540384561541f94435ad0f6e268e6989fb1d37a.tar.gz NUR-0540384561541f94435ad0f6e268e6989fb1d37a.tar.zst NUR-0540384561541f94435ad0f6e268e6989fb1d37a.zip

diff --git a/modules/websites/default.nix b/modules/websites/default.nix index 6ba0d687..e69080e9 100644 --- a/modules/websites/default.nix +++ b/modules/websites/default.nix
@@ -149,7 +149,7 @@ in
149	serverAliases = [ "*" ];	149	serverAliases = [ "*" ];
150	enableSSL = false;	150	enableSSL = false;
151	logFormat = "combinedVhost";	151	logFormat = "combinedVhost";
152	documentRoot = "${config.security.acme.directory}/acme-challenge";	152	documentRoot = "/var/lib/acme/acme-challenge";
153	extraConfig = ''	153	extraConfig = ''
154	RewriteEngine on	154	RewriteEngine on
155	RewriteCond "%{REQUEST_URI}" "!^/\.well-known"	155	RewriteCond "%{REQUEST_URI}" "!^/\.well-known"
@@ -178,9 +178,9 @@ in
178	};	178	};
179	toVhost = ips: vhostConf: {	179	toVhost = ips: vhostConf: {
180	enableSSL = true;	180	enableSSL = true;
181	sslServerCert = "${config.security.acme.directory}/${vhostConf.certName}/cert.pem";	181	sslServerCert = "${config.security.acme2.certs."${vhostConf.certName}".directory}/cert.pem";
182	sslServerKey = "${config.security.acme.directory}/${vhostConf.certName}/key.pem";	182	sslServerKey = "${config.security.acme2.certs."${vhostConf.certName}".directory}/key.pem";
183	sslServerChain = "${config.security.acme.directory}/${vhostConf.certName}/chain.pem";	183	sslServerChain = "${config.security.acme2.certs."${vhostConf.certName}".directory}/chain.pem";
184	logFormat = "combinedVhost";	184	logFormat = "combinedVhost";
185	listen = map (ip: { inherit ip; port = 443; }) ips;	185	listen = map (ip: { inherit ip; port = 443; }) ips;
186	hostName = builtins.head vhostConf.hosts;	186	hostName = builtins.head vhostConf.hosts;
@@ -223,7 +223,7 @@ in
223	}	223	}
224	) cfg.env;	224	) cfg.env;
225		225
226	config.security.acme.certs = let	226	config.security.acme2.certs = let
227	typesToManage = attrsets.filterAttrs (k: v: v.enable) cfg.env;	227	typesToManage = attrsets.filterAttrs (k: v: v.enable) cfg.env;
228	flatVhosts = lists.flatten (attrsets.mapAttrsToList (k: v:	228	flatVhosts = lists.flatten (attrsets.mapAttrsToList (k: v:
229	attrValues v.vhostConfs	229	attrValues v.vhostConfs