l websites lass: use addSSL

2017-10-03 23:51:11 +02:00 · 2017-10-03 23:51:11 +02:00 · 3be76df6c9
parent 6179ec6362
commit 3be76df6c9
1 changed files with 3 additions and 29 deletions
--- a/lass/2configs/websites/lassulus.nix
+++ b/lass/2configs/websites/lassulus.nix
@ -73,17 +73,6 @@ in {
      allowKeysForGroup = true;
      group = "lasscert";
    };
-    certs."cgit.lassul.us" = {
-      email = "lassulus@gmail.com";
-      webroot = "/var/lib/acme/acme-challenges";
-      plugins = [
-        "account_key.json"
-        "key.pem"
-        "fullchain.pem"
-      ];
-      group = "nginx";
-      allowKeysForGroup = true;
-    };
  };

  krebs.tinc_graphs.enable = true;
@ -119,6 +108,7 @@ in {
  ];

  services.nginx.virtualHosts."lassul.us" = {
+    addSSL = true;
    enableACME = true;
    serverAliases = [ "lassul.us" ];
    locations."/".extraConfig = ''
@ -158,30 +148,14 @@ in {
    in ''
      alias ${initscript};
    '';
-
-    enableSSL = true;
-    extraConfig = ''
-      listen 80;
-      listen [::]:80;
-    '';
-    sslCertificate = "/var/lib/acme/lassul.us/fullchain.pem";
-    sslCertificateKey = "/var/lib/acme/lassul.us/key.pem";
  };

  services.nginx.virtualHosts.cgit = {
+    addSSL = true;
+    enableACME = true;
    serverAliases = [
      "cgit.lassul.us"
    ];
-    locations."/.well-known/acme-challenge".extraConfig = ''
-      root /var/lib/acme/acme-challenges;
-    '';
-    enableSSL = true;
-    extraConfig = ''
-      listen 80;
-      listen [::]:80;
-    '';
-    sslCertificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem";
-    sslCertificateKey = "/var/lib/acme/cgit.lassul.us/key.pem";
  };

  users.users.blog = {