Fix a few issues with ACME certs
This commit is contained in:
parent
ebd0f656ed
commit
bbca0bd678
2 changed files with 4 additions and 3 deletions
|
@ -26,7 +26,7 @@ in
|
||||||
else if cfg.certificateScheme == 2
|
else if cfg.certificateScheme == 2
|
||||||
then "${cfg.certificateDirectory}/cert-${cfg.domain}.pem"
|
then "${cfg.certificateDirectory}/cert-${cfg.domain}.pem"
|
||||||
else if cfg.certificateScheme == 3
|
else if cfg.certificateScheme == 3
|
||||||
then "/var/lib/acme/${cfg.hostPrefix}.${cfg.domain}/fullchain.pem"
|
then "/var/lib/acme/mailserver/fullchain.pem"
|
||||||
else throw "Error: Certificate Scheme must be in { 1, 2, 3 }";
|
else throw "Error: Certificate Scheme must be in { 1, 2, 3 }";
|
||||||
|
|
||||||
# key :: PATH
|
# key :: PATH
|
||||||
|
@ -35,6 +35,6 @@ in
|
||||||
else if cfg.certificateScheme == 2
|
else if cfg.certificateScheme == 2
|
||||||
then "${cfg.certificateDirectory}/key-${cfg.domain}.pem"
|
then "${cfg.certificateDirectory}/key-${cfg.domain}.pem"
|
||||||
else if cfg.certificateScheme == 3
|
else if cfg.certificateScheme == 3
|
||||||
then "/var/lib/acme/${cfg.hostPrefix}.${cfg.domain}/key.pem"
|
then "/var/lib/acme/mailserver/key.pem"
|
||||||
else throw "Error: Certificate Scheme must be in { 1, 2, 3 }";
|
else throw "Error: Certificate Scheme must be in { 1, 2, 3 }";
|
||||||
}
|
}
|
||||||
|
|
|
@ -20,6 +20,7 @@
|
||||||
with (import ./common.nix { inherit config; });
|
with (import ./common.nix { inherit config; });
|
||||||
|
|
||||||
let
|
let
|
||||||
|
inherit (lib.attrsets) genAttrs;
|
||||||
cfg = config.mailserver;
|
cfg = config.mailserver;
|
||||||
allDomains = [ cfg.domain ] ++ cfg.extraDomains;
|
allDomains = [ cfg.domain ] ++ cfg.extraDomains;
|
||||||
acmeRoot = "/var/lib/acme/acme-challenge";
|
acmeRoot = "/var/lib/acme/acme-challenge";
|
||||||
|
@ -38,7 +39,7 @@ in
|
||||||
acmeRoot = acmeRoot;
|
acmeRoot = acmeRoot;
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
security.acme.certs."${hostPrefix}.${domain}" = {
|
security.acme.certs."mailserver" = {
|
||||||
# @todo what user/group should this run as?
|
# @todo what user/group should this run as?
|
||||||
user = "postfix"; # cfg.user;
|
user = "postfix"; # cfg.user;
|
||||||
group = "postfix"; # lib.mkDefault cfg.group;
|
group = "postfix"; # lib.mkDefault cfg.group;
|
||||||
|
|
Loading…
Reference in a new issue