Serving ssl certs created by letsencrypt

author: Gregor Kleen <gkleen@yggdrasil.li> 2016-04-13 13:07:28 +0200
committer: Gregor Kleen <gkleen@yggdrasil.li> 2016-04-13 13:07:28 +0200
commit: 884deba3af5ea64d9e13ebe5254e48d04e0996c8 (patch)
tree: 3dbee3c568a1280029a713e5071c661ac977529d
parent: 6d7d4c3d80d0f1b9aa2e05d4983d14b0aa63ed79 (diff)
download: nixos-884deba3af5ea64d9e13ebe5254e48d04e0996c8.tar
nixos-884deba3af5ea64d9e13ebe5254e48d04e0996c8.tar.gz
nixos-884deba3af5ea64d9e13ebe5254e48d04e0996c8.tar.bz2
nixos-884deba3af5ea64d9e13ebe5254e48d04e0996c8.tar.xz
nixos-884deba3af5ea64d9e13ebe5254e48d04e0996c8.zip
2 files changed, 8 insertions, 8 deletions
diff --git a/custom/ymir-nginx.nix b/custom/ymir-nginx.nix
index a130bcd1..54b0084f 100644
--- a/custom/ymir-nginx.nix
+++ b/custom/ymir-nginx.nix
@@ -104,8 +104,8 @@ in {
        include ${favicon};
        include ${acme};
-        ssl_certificate /etc/nginx/ssl/dirty-haskell.org/fullchain.pem;
+        ssl_certificate /etc/ssl/self/dirty-haskell.org/fullchain.pem;
-        ssl_certificate_key /etc/nginx/ssl/dirty-haskell.org/privkey.pem;
+        ssl_certificate_key /etc/ssl/self/dirty-haskell.org/privkey.pem;
        root /srv/www/dirty-haskell.org;
      }
@@ -118,8 +118,8 @@ in {
        include ${favicon};
        include ${acme};
-        ssl_certificate /etc/nginx/ssl/www.dirty-haskell.org/fullchain.pem;
+        ssl_certificate /etc/ssl/self/www.dirty-haskell.org/fullchain.pem;
-        ssl_certificate_key /etc/nginx/ssl/www.dirty-haskell.org/privkey.pem;
+        ssl_certificate_key /etc/ssl/self/www.dirty-haskell.org/privkey.pem;
        root /srv/www/dirty-haskell.org;
      }
@@ -129,8 +129,8 @@ in {
        listen *:443 ssl;
        listen [::]:80;
        listen [::]:443 ssl;
-        ssl_certificate /etc/nginx/ssl/git.yggdrasil.li/fullchain.pem;
+        ssl_certificate /etc/ssl/self/git.yggdrasil.li/fullchain.pem;
-        ssl_certificate_key /etc/nginx/ssl/git.yggdrasil.li/key.pem;
+        ssl_certificate_key /etc/ssl/self/git.yggdrasil.li/key.pem;
        server_name git.yggdrasil.li;
        root ${pkgs.cgit}/cgit;
diff --git a/ymir.nix b/ymir.nix
index f7308906..99f473fb 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -9,8 +9,8 @@ let
    enabled = true;
    domain = name;
    ssl = {
-      key = "ssl/${name}/key.pem";
+      key = "/etc/ssl/self/${name}/key.pem";
-      cert = "ssl/${name}/fullchain.pem";
+      cert = "/etc/ssl/self/${name}/fullchain.pem";
    };
  };
  simp_le = pkgs.callPackage ./custom/simp_le.nix {};
author	Gregor Kleen <gkleen@yggdrasil.li>	2016-04-13 13:07:28 +0200
committer	Gregor Kleen <gkleen@yggdrasil.li>	2016-04-13 13:07:28 +0200
commit	884deba3af5ea64d9e13ebe5254e48d04e0996c8 (patch)
tree	3dbee3c568a1280029a713e5071c661ac977529d
parent	6d7d4c3d80d0f1b9aa2e05d4983d14b0aa63ed79 (diff)
download	nixos-884deba3af5ea64d9e13ebe5254e48d04e0996c8.tar nixos-884deba3af5ea64d9e13ebe5254e48d04e0996c8.tar.gz nixos-884deba3af5ea64d9e13ebe5254e48d04e0996c8.tar.bz2 nixos-884deba3af5ea64d9e13ebe5254e48d04e0996c8.tar.xz nixos-884deba3af5ea64d9e13ebe5254e48d04e0996c8.zip

diff --git a/custom/ymir-nginx.nix b/custom/ymir-nginx.nix index a130bcd1..54b0084f 100644 --- a/custom/ymir-nginx.nix +++ b/custom/ymir-nginx.nix
@@ -104,8 +104,8 @@ in {
104	include ${favicon};	104	include ${favicon};
105	include ${acme};	105	include ${acme};
106		106
107	ssl_certificate /etc/nginx/ssl/dirty-haskell.org/fullchain.pem;	107	ssl_certificate /etc/ssl/self/dirty-haskell.org/fullchain.pem;
108	ssl_certificate_key /etc/nginx/ssl/dirty-haskell.org/privkey.pem;	108	ssl_certificate_key /etc/ssl/self/dirty-haskell.org/privkey.pem;
109		109
110	root /srv/www/dirty-haskell.org;	110	root /srv/www/dirty-haskell.org;
111	}	111	}
@@ -118,8 +118,8 @@ in {
118	include ${favicon};	118	include ${favicon};
119	include ${acme};	119	include ${acme};
120		120
121	ssl_certificate /etc/nginx/ssl/www.dirty-haskell.org/fullchain.pem;	121	ssl_certificate /etc/ssl/self/www.dirty-haskell.org/fullchain.pem;
122	ssl_certificate_key /etc/nginx/ssl/www.dirty-haskell.org/privkey.pem;	122	ssl_certificate_key /etc/ssl/self/www.dirty-haskell.org/privkey.pem;
123		123
124	root /srv/www/dirty-haskell.org;	124	root /srv/www/dirty-haskell.org;
125	}	125	}
@@ -129,8 +129,8 @@ in {
129	listen *:443 ssl;	129	listen *:443 ssl;
130	listen [::]:80;	130	listen [::]:80;
131	listen [::]:443 ssl;	131	listen [::]:443 ssl;
132	ssl_certificate /etc/nginx/ssl/git.yggdrasil.li/fullchain.pem;	132	ssl_certificate /etc/ssl/self/git.yggdrasil.li/fullchain.pem;
133	ssl_certificate_key /etc/nginx/ssl/git.yggdrasil.li/key.pem;	133	ssl_certificate_key /etc/ssl/self/git.yggdrasil.li/key.pem;
134	server_name git.yggdrasil.li;	134	server_name git.yggdrasil.li;
135		135
136	root ${pkgs.cgit}/cgit;	136	root ${pkgs.cgit}/cgit;


diff --git a/ymir.nix b/ymir.nix index f7308906..99f473fb 100644 --- a/ymir.nix +++ b/ymir.nix
@@ -9,8 +9,8 @@ let
9	enabled = true;	9	enabled = true;
10	domain = name;	10	domain = name;
11	ssl = {	11	ssl = {
12	key = "ssl/${name}/key.pem";	12	key = "/etc/ssl/self/${name}/key.pem";
13	cert = "ssl/${name}/fullchain.pem";	13	cert = "/etc/ssl/self/${name}/fullchain.pem";
14	};	14	};
15	};	15	};
16	simp_le = pkgs.callPackage ./custom/simp_le.nix {};	16	simp_le = pkgs.callPackage ./custom/simp_le.nix {};