Merge branch 'master' of prism.r:stockholm

author: Markus Hihn <markus.hihn@dcso.de> 2017-12-15 19:58:16 +0100
committer: Markus Hihn <markus.hihn@dcso.de> 2017-12-15 19:58:16 +0100
commit: 60676b4a8e6dea18a215df76f4dbd6fdf8176638 (patch)
tree: 139b0ee5d7f801efe62a7682fba73208c4bef184 /lass/2configs/websites/lassulus.nix
parent: 98e5141a8d43064daf6dc75fc9eefb9cb5bb29b7 (diff)
parent: 5b86fe1cd63a5c4cf5a83b7afabe5be34016e8a7 (diff)
1 files changed, 7 insertions, 4 deletions
diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
index 77f0c79e3..25ca1f455 100644
--- a/lass/2configs/websites/lassulus.nix
+++ b/lass/2configs/websites/lassulus.nix
@@ -153,15 +153,15 @@ in {
   };
 
   security.acme.certs."cgit.lassul.us" = {
-    email = "lassulus@gmail.com";
-    webroot = "/var/lib/acme/acme-challenges";
+    email = "lassulus@lassul.us";
+    webroot = "/var/lib/acme/acme-challenge";
     plugins = [
       "account_key.json"
-      "key.pem"
       "fullchain.pem"
+      "key.pem"
     ];
     group = "nginx";
-    allowKeysForGroup = true;
+    user = "nginx";
   };
 
 
@@ -170,6 +170,9 @@ in {
     addSSL = true;
     sslCertificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem";
     sslCertificateKey = "/var/lib/acme/cgit.lassul.us/key.pem";
+    locations."/.well-known/acme-challenge".extraConfig = ''
+      root /var/lib/acme/acme-challenge;
+    '';
   };
 
   users.users.blog = {
author	Markus Hihn <markus.hihn@dcso.de>	2017-12-15 19:58:16 +0100
committer	Markus Hihn <markus.hihn@dcso.de>	2017-12-15 19:58:16 +0100
commit	60676b4a8e6dea18a215df76f4dbd6fdf8176638 (patch)
tree	139b0ee5d7f801efe62a7682fba73208c4bef184 /lass/2configs/websites/lassulus.nix
parent	98e5141a8d43064daf6dc75fc9eefb9cb5bb29b7 (diff)
parent	5b86fe1cd63a5c4cf5a83b7afabe5be34016e8a7 (diff)