mdebray/tvl-depot
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(ops/nixos/camden): Add required options for ACME updates

Browse source 
The implementation for provisioning ACME certificates has changed in
nixos-unstable[0] and now requires a few extra options to be set.

[0]: https://github.com/NixOS/nixpkgs/pull/77578
This commit is contained in:
Vincent Ambo 2020-03-01 01:11:28 +00:00
parent 1f5d2d424c
commit 814729bd04
1 changed files with 16 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
ops/nixos/camden/default.nix
View file

@ -156,7 +156,11 @@ in lib.fix(self: {
# Provision a TLS certificate outside of nginx to avoid # Provision a TLS certificate outside of nginx to avoid
# nixpkgs#38144 # nixpkgs#38144
security.acme.certs."tazj.in" = { security.acme = {
acceptTerms = true;
email = "mail@tazj.in";
certs."tazj.in" = {
user = "nginx"; user = "nginx";
group = "nginx"; group = "nginx";
webroot = "/var/lib/acme/acme-challenge"; webroot = "/var/lib/acme/acme-challenge";
@ -170,6 +174,7 @@ in lib.fix(self: {
}; };
postRun = "systemctl reload nginx"; postRun = "systemctl reload nginx";
}; };
};
# Forward logs to Google Cloud Platform # Forward logs to Google Cloud Platform
services.journaldriver = { services.journaldriver = {