l lassul.us: fix acme

author: lassulus <lassulus@lassul.us> 2017-12-13 18:30:34 +0100
committer: lassulus <lassulus@lassul.us> 2017-12-13 18:30:34 +0100
commit: 337ae5f4890dade45b58a180b72d61c861a788eb (patch)
tree: cb2812d2d1c1b25e007976d2d30786bbf3441050
parent: 6d12698fe0d08b959ab92bc1a772ebd0b210bf86 (diff)
1 files changed, 7 insertions, 4 deletions
diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
index 77f0c79e..25ca1f45 100644
--- a/lass/2configs/websites/lassulus.nix
+++ b/lass/2configs/websites/lassulus.nix
@@ -153,15 +153,15 @@ in {
   };
 
   security.acme.certs."cgit.lassul.us" = {
-    email = "lassulus@gmail.com";
-    webroot = "/var/lib/acme/acme-challenges";
+    email = "lassulus@lassul.us";
+    webroot = "/var/lib/acme/acme-challenge";
     plugins = [
       "account_key.json"
-      "key.pem"
       "fullchain.pem"
+      "key.pem"
     ];
     group = "nginx";
-    allowKeysForGroup = true;
+    user = "nginx";
   };
 
 
@@ -170,6 +170,9 @@ in {
     addSSL = true;
     sslCertificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem";
     sslCertificateKey = "/var/lib/acme/cgit.lassul.us/key.pem";
+    locations."/.well-known/acme-challenge".extraConfig = ''
+      root /var/lib/acme/acme-challenge;
+    '';
   };
 
   users.users.blog = {
author	lassulus <lassulus@lassul.us>	2017-12-13 18:30:34 +0100
committer	lassulus <lassulus@lassul.us>	2017-12-13 18:30:34 +0100
commit	337ae5f4890dade45b58a180b72d61c861a788eb (patch)
tree	cb2812d2d1c1b25e007976d2d30786bbf3441050
parent	6d12698fe0d08b959ab92bc1a772ebd0b210bf86 (diff)