Fix a few issues with ACME certs
This commit is contained in:
parent
ebd0f656ed
commit
bbca0bd678
2 changed files with 4 additions and 3 deletions
|
@ -26,7 +26,7 @@ in
|
|||
else if cfg.certificateScheme == 2
|
||||
then "${cfg.certificateDirectory}/cert-${cfg.domain}.pem"
|
||||
else if cfg.certificateScheme == 3
|
||||
then "/var/lib/acme/${cfg.hostPrefix}.${cfg.domain}/fullchain.pem"
|
||||
then "/var/lib/acme/mailserver/fullchain.pem"
|
||||
else throw "Error: Certificate Scheme must be in { 1, 2, 3 }";
|
||||
|
||||
# key :: PATH
|
||||
|
@ -35,6 +35,6 @@ in
|
|||
else if cfg.certificateScheme == 2
|
||||
then "${cfg.certificateDirectory}/key-${cfg.domain}.pem"
|
||||
else if cfg.certificateScheme == 3
|
||||
then "/var/lib/acme/${cfg.hostPrefix}.${cfg.domain}/key.pem"
|
||||
then "/var/lib/acme/mailserver/key.pem"
|
||||
else throw "Error: Certificate Scheme must be in { 1, 2, 3 }";
|
||||
}
|
||||
|
|
|
@ -20,6 +20,7 @@
|
|||
with (import ./common.nix { inherit config; });
|
||||
|
||||
let
|
||||
inherit (lib.attrsets) genAttrs;
|
||||
cfg = config.mailserver;
|
||||
allDomains = [ cfg.domain ] ++ cfg.extraDomains;
|
||||
acmeRoot = "/var/lib/acme/acme-challenge";
|
||||
|
@ -38,7 +39,7 @@ in
|
|||
acmeRoot = acmeRoot;
|
||||
});
|
||||
};
|
||||
security.acme.certs."${hostPrefix}.${domain}" = {
|
||||
security.acme.certs."mailserver" = {
|
||||
# @todo what user/group should this run as?
|
||||
user = "postfix"; # cfg.user;
|
||||
group = "postfix"; # lib.mkDefault cfg.group;
|
||||
|
|
Loading…
Reference in a new issue