ForkMaster/nixos-mailserver
1
0
Fork 0
mirror of https://gitlab.com/simple-nixos-mailserver/nixos-mailserver.git synced 2024-09-22 11:22:50 +05:00
Code Issues Packages Projects Releases Wiki Activity

Fix a few issues with ACME certs

Browse Source
This commit is contained in:
John Boehr 2017-11-09 13:16:06 -08:00
parent ebd0f656ed
commit bbca0bd678
No known key found for this signature in database
GPG Key ID: 73B8EFB60708F699
2 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
mail-server/common.nix
View File

@ -26,7 +26,7 @@ in
else if cfg.certificateScheme == 2
then "${cfg.certificateDirectory}/cert-${cfg.domain}.pem"
else if cfg.certificateScheme == 3
then "/var/lib/acme/${cfg.hostPrefix}.${cfg.domain}/fullchain.pem"
then "/var/lib/acme/mailserver/fullchain.pem"
else throw "Error: Certificate Scheme must be in { 1, 2, 3 }";
# key :: PATH
@ -35,6 +35,6 @@ in
else if cfg.certificateScheme == 2
then "${cfg.certificateDirectory}/key-${cfg.domain}.pem"
else if cfg.certificateScheme == 3
then "/var/lib/acme/${cfg.hostPrefix}.${cfg.domain}/key.pem"
then "/var/lib/acme/mailserver/key.pem"
else throw "Error: Certificate Scheme must be in { 1, 2, 3 }";
}

3
mail-server/nginx.nix
View File

@ -20,6 +20,7 @@
with (import ./common.nix { inherit config; });
let
inherit (lib.attrsets) genAttrs;
cfg = config.mailserver;
allDomains = [ cfg.domain ] ++ cfg.extraDomains;
acmeRoot = "/var/lib/acme/acme-challenge";
@ -38,7 +39,7 @@ in
acmeRoot = acmeRoot;
});
};
security.acme.certs."${hostPrefix}.${domain}" = {
security.acme.certs."mailserver" = {
# @todo what user/group should this run as?
user = "postfix"; # cfg.user;
group = "postfix"; # lib.mkDefault cfg.group;