letsencrypt for all domains

1 files changed, 15 insertions, 5 deletions

diff --git a/ymir.nix b/ymir.nix
index 722bbc08..f7308906 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -9,8 +9,8 @@ let
     enabled = true;
     domain = name;
     ssl = {
-      key = "certs/${name}.key";
-      cert = "certs/${name}.crt";
+      key = "ssl/${name}/key.pem";
+      cert = "ssl/${name}/fullchain.pem";
     };
   };
   simp_le = pkgs.callPackage ./custom/simp_le.nix {};
@@ -130,13 +130,23 @@ in rec {
     enable = true;
     systab = ''
       %weekly  * *   nix-collect-garbage --delete-older-than '7d'
-      %monthly * * * ${simp_le "/etc/nginx/ssl/git.yggdrasil.li" "git.yggdrasil.li"}
-      %monthly * * * ${simp_le "/etc/nginx/ssl/dirty-haskell.org" "dirty-haskell.org"}
-      %monthly * * * ${simp_le "/etc/nginx/ssl/www.dirty-haskell.org" "www.dirty-haskell.org"}
+      %monthly * * * ${simp_le "git.yggdrasil.li"}
+      %monthly * * * ${simp_le "dirty-haskell.org"}
+      %monthly * * * ${simp_le "www.dirty-haskell.org"}
+      %monthly * * * ${simp_le "141.li"}
+      %monthly * * * ${simp_le "xmpp.li"}
+      %monthly * * * ${simp_le "yggdrasil.li"}
+      %monthly * * * ${simp_le "praseodym.org"}
       %daily   * *   systemctl reload nginx.service
     '';
   };
 
+  users.groups."ssl" = {
+    members = [ "prosody"
+                "nginx"
+              ];
+  };
+
   services.chrony = {
     enable = true;
   };