From 814729bd04fd0d9ace4fe9e11d51f960e743adfc Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Sun, 1 Mar 2020 01:11:28 +0000 Subject: [PATCH] fix(ops/nixos/camden): Add required options for ACME updates The implementation for provisioning ACME certificates has changed in nixos-unstable[0] and now requires a few extra options to be set. [0]: https://github.com/NixOS/nixpkgs/pull/77578 --- ops/nixos/camden/default.nix | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/ops/nixos/camden/default.nix b/ops/nixos/camden/default.nix index 9713b148d..45ce31826 100644 --- a/ops/nixos/camden/default.nix +++ b/ops/nixos/camden/default.nix @@ -156,19 +156,24 @@ in lib.fix(self: { # Provision a TLS certificate outside of nginx to avoid # nixpkgs#38144 - security.acme.certs."tazj.in" = { - user = "nginx"; - group = "nginx"; - webroot = "/var/lib/acme/acme-challenge"; - extraDomains = { - "git.tazj.in" = null; - "www.tazj.in" = null; + security.acme = { + acceptTerms = true; + email = "mail@tazj.in"; - # Local domains (for this machine only) - "camden.tazj.in" = null; - "git.camden.tazj.in" = null; + certs."tazj.in" = { + user = "nginx"; + group = "nginx"; + webroot = "/var/lib/acme/acme-challenge"; + extraDomains = { + "git.tazj.in" = null; + "www.tazj.in" = null; + + # Local domains (for this machine only) + "camden.tazj.in" = null; + "git.camden.tazj.in" = null; + }; + postRun = "systemctl reload nginx"; }; - postRun = "systemctl reload nginx"; }; # Forward logs to Google Cloud Platform