1 files changed, 10 insertions, 10 deletions
diff --git a/ymir.nix b/ymir.nix
index 88d95fba..d926b547 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -11,8 +11,8 @@ let
    enabled = true;
    domain = name;
    ssl = {
-      key = "${config.security.acme.directory}/yggdrasil.li/key.pem";
+      key = "/var/lib/acme/yggdrasil.li/key.pem";
-      cert = "${config.security.acme.directory}/yggdrasil.li/fullchain.pem";
+      cert = "/var/lib/acme/yggdrasil.li/fullchain.pem";
      extraOptions = {
        dhparam = config.security.dhparams.params.prosody.path;
      };
@@ -495,8 +495,8 @@ in rec {
        /^localhost$/ ACCEPT
        /\.?ymir$/ ACCEPT
      ''}''];
-    sslCert = "${config.security.acme.directory}/yggdrasil.li/fullchain.pem";
+    sslCert = "/var/lib/acme/yggdrasil.li/fullchain.pem";
-    sslKey = "${config.security.acme.directory}/yggdrasil.li/key.pem";
+    sslKey = "/var/lib/acme/yggdrasil.li/key.pem";
    config = {
      #the dh params
      smtpd_tls_dh1024_param_file = config.security.dhparams.params."postfix-1024".path;
@@ -702,8 +702,8 @@ in rec {
    enableLmtp = true;
    enablePop3 = false;
    enablePAM = false; # do that manualy
-    sslServerCert = "${config.security.acme.directory}/yggdrasil.li/fullchain.pem";
+    sslServerCert = "/var/lib/acme/yggdrasil.li/fullchain.pem";
-    sslServerKey = "${config.security.acme.directory}/yggdrasil.li/key.pem";
+    sslServerKey = "/var/lib/acme/yggdrasil.li/key.pem";
    mailLocation = "maildir:~/mail:LAYOUT=index:UTF-8";
    modules = with pkgs; [ dovecot_pigeonhole ];
    protocols = [ "sieve" ];
@@ -955,8 +955,8 @@ in rec {
  services.infinoted = {
    enable = true;
-    keyFile = "${config.security.acme.directory}/yggdrasil.li/key.pem";
+    keyFile = "/var/lib/acme/yggdrasil.li/key.pem";
-    certificateFile = "${config.security.acme.directory}/yggdrasil.li/fullchain.pem";
+    certificateFile = "/var/lib/acme/yggdrasil.li/fullchain.pem";
    plugins = [ "note-text" "note-chat" "logging" "autosave" "certificate-auth" "directory-sync" ];
    extraConfig = ''
      [certificate-auth]
@@ -1027,8 +1027,8 @@ in rec {
    localUsers = true;
    writeEnable = true;
    chrootlocalUser = true;
-    rsaKeyFile = "${config.security.acme.directory}/yggdrasil.li/key.pem";
+    rsaKeyFile = "/var/lib/acme/yggdrasil.li/key.pem";
-    rsaCertFile = "${config.security.acme.directory}/yggdrasil.li/fullchain.pem";
+    rsaCertFile = "/var/lib/acme/yggdrasil.li/fullchain.pem";
    extraConfig = ''
      local_umask=022

diff --git a/ymir.nix b/ymir.nix index 88d95fba..d926b547 100644 --- a/ymir.nix +++ b/ymir.nix
@@ -11,8 +11,8 @@ let
11	enabled = true;	11	enabled = true;
12	domain = name;	12	domain = name;
13	ssl = {	13	ssl = {
14	key = "${config.security.acme.directory}/yggdrasil.li/key.pem";	14	key = "/var/lib/acme/yggdrasil.li/key.pem";
15	cert = "${config.security.acme.directory}/yggdrasil.li/fullchain.pem";	15	cert = "/var/lib/acme/yggdrasil.li/fullchain.pem";
16	extraOptions = {	16	extraOptions = {
17	dhparam = config.security.dhparams.params.prosody.path;	17	dhparam = config.security.dhparams.params.prosody.path;
18	};	18	};
@@ -495,8 +495,8 @@ in rec {
495	/^localhost$/ ACCEPT	495	/^localhost$/ ACCEPT
496	/\.?ymir$/ ACCEPT	496	/\.?ymir$/ ACCEPT
497	''}''];	497	''}''];
498	sslCert = "${config.security.acme.directory}/yggdrasil.li/fullchain.pem";	498	sslCert = "/var/lib/acme/yggdrasil.li/fullchain.pem";
499	sslKey = "${config.security.acme.directory}/yggdrasil.li/key.pem";	499	sslKey = "/var/lib/acme/yggdrasil.li/key.pem";
500	config = {	500	config = {
501	#the dh params	501	#the dh params
502	smtpd_tls_dh1024_param_file = config.security.dhparams.params."postfix-1024".path;	502	smtpd_tls_dh1024_param_file = config.security.dhparams.params."postfix-1024".path;
@@ -702,8 +702,8 @@ in rec {
702	enableLmtp = true;	702	enableLmtp = true;
703	enablePop3 = false;	703	enablePop3 = false;
704	enablePAM = false; # do that manualy	704	enablePAM = false; # do that manualy
705	sslServerCert = "${config.security.acme.directory}/yggdrasil.li/fullchain.pem";	705	sslServerCert = "/var/lib/acme/yggdrasil.li/fullchain.pem";
706	sslServerKey = "${config.security.acme.directory}/yggdrasil.li/key.pem";	706	sslServerKey = "/var/lib/acme/yggdrasil.li/key.pem";
707	mailLocation = "maildir:~/mail:LAYOUT=index:UTF-8";	707	mailLocation = "maildir:~/mail:LAYOUT=index:UTF-8";
708	modules = with pkgs; [ dovecot_pigeonhole ];	708	modules = with pkgs; [ dovecot_pigeonhole ];
709	protocols = [ "sieve" ];	709	protocols = [ "sieve" ];
@@ -955,8 +955,8 @@ in rec {
955		955
956	services.infinoted = {	956	services.infinoted = {
957	enable = true;	957	enable = true;
958	keyFile = "${config.security.acme.directory}/yggdrasil.li/key.pem";	958	keyFile = "/var/lib/acme/yggdrasil.li/key.pem";
959	certificateFile = "${config.security.acme.directory}/yggdrasil.li/fullchain.pem";	959	certificateFile = "/var/lib/acme/yggdrasil.li/fullchain.pem";
960	plugins = [ "note-text" "note-chat" "logging" "autosave" "certificate-auth" "directory-sync" ];	960	plugins = [ "note-text" "note-chat" "logging" "autosave" "certificate-auth" "directory-sync" ];
961	extraConfig = ''	961	extraConfig = ''
962	[certificate-auth]	962	[certificate-auth]
@@ -1027,8 +1027,8 @@ in rec {
1027	localUsers = true;	1027	localUsers = true;
1028	writeEnable = true;	1028	writeEnable = true;
1029	chrootlocalUser = true;	1029	chrootlocalUser = true;
1030	rsaKeyFile = "${config.security.acme.directory}/yggdrasil.li/key.pem";	1030	rsaKeyFile = "/var/lib/acme/yggdrasil.li/key.pem";
1031	rsaCertFile = "${config.security.acme.directory}/yggdrasil.li/fullchain.pem";	1031	rsaCertFile = "/var/lib/acme/yggdrasil.li/fullchain.pem";
1032	extraConfig = ''	1032	extraConfig = ''
1033	local_umask=022	1033	local_umask=022
1034		1034