mdebray/tvl-depot
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(ops/nixos/camden): Add required options for ACME updates

Browse source 
The implementation for provisioning ACME certificates has changed in
nixos-unstable[0] and now requires a few extra options to be set.

[0]: https://github.com/NixOS/nixpkgs/pull/77578
This commit is contained in:
Vincent Ambo 2020-03-01 01:11:28 +00:00
parent 1f5d2d424c
commit 814729bd04
1 changed files with 16 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
ops/nixos/camden/default.nix
View file

@ -156,19 +156,24 @@ in lib.fix(self: {
# Provision a TLS certificate outside of nginx to avoid
# nixpkgs#38144
security.acme.certs."tazj.in" = {
user = "nginx";
group = "nginx";
webroot = "/var/lib/acme/acme-challenge";
extraDomains = {
"git.tazj.in" = null;
"www.tazj.in" = null;
security.acme = {
acceptTerms = true;
email = "mail@tazj.in";
# Local domains (for this machine only)
"camden.tazj.in" = null;
"git.camden.tazj.in" = null;
certs."tazj.in" = {
user = "nginx";
group = "nginx";
webroot = "/var/lib/acme/acme-challenge";
extraDomains = {
"git.tazj.in" = null;
"www.tazj.in" = null;
# Local domains (for this machine only)
"camden.tazj.in" = null;
"git.camden.tazj.in" = null;
};
postRun = "systemctl reload nginx";
};
postRun = "systemctl reload nginx";
};
# Forward logs to Google Cloud Platform