Merge remote-tracking branch 'prism/master'

author: tv <tv@krebsco.de> 2017-12-14 10:17:40 +0100
committer: tv <tv@krebsco.de> 2017-12-14 10:17:40 +0100
commit: b5f1febe68529f7b6ebf5e1db524ba7b6ea161f9 (patch)
tree: 9f05e213af4917b608cd850bdd0cfabf06d157ae /lass/2configs/websites/lassulus.nix
parent: bd63530db16dd3f90af51750d25d07cca1526aaa (diff)
parent: 04f7ae22d6d0720d06f78c712eb9cd245cefce82 (diff)
1 files changed, 7 insertions, 4 deletions
diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
index 77f0c79e..25ca1f45 100644
--- a/lass/2configs/websites/lassulus.nix
+++ b/lass/2configs/websites/lassulus.nix
@@ -153,15 +153,15 @@ in {
   };
 
   security.acme.certs."cgit.lassul.us" = {
-    email = "lassulus@gmail.com";
-    webroot = "/var/lib/acme/acme-challenges";
+    email = "lassulus@lassul.us";
+    webroot = "/var/lib/acme/acme-challenge";
     plugins = [
       "account_key.json"
-      "key.pem"
       "fullchain.pem"
+      "key.pem"
     ];
     group = "nginx";
-    allowKeysForGroup = true;
+    user = "nginx";
   };
 
 
@@ -170,6 +170,9 @@ in {
     addSSL = true;
     sslCertificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem";
     sslCertificateKey = "/var/lib/acme/cgit.lassul.us/key.pem";
+    locations."/.well-known/acme-challenge".extraConfig = ''
+      root /var/lib/acme/acme-challenge;
+    '';
   };
 
   users.users.blog = {
author	tv <tv@krebsco.de>	2017-12-14 10:17:40 +0100
committer	tv <tv@krebsco.de>	2017-12-14 10:17:40 +0100
commit	b5f1febe68529f7b6ebf5e1db524ba7b6ea161f9 (patch)
tree	9f05e213af4917b608cd850bdd0cfabf06d157ae /lass/2configs/websites/lassulus.nix
parent	bd63530db16dd3f90af51750d25d07cca1526aaa (diff)
parent	04f7ae22d6d0720d06f78c712eb9cd245cefce82 (diff)