1 files changed, 9 insertions, 6 deletions

diff --git a/custom/ymir-nginx.nix b/custom/ymir-nginx.nix
index 54b0084f..0506b5c7 100644
--- a/custom/ymir-nginx.nix
+++ b/custom/ymir-nginx.nix
@@ -28,6 +28,11 @@ let
       root /srv/www/acme/$host/;
     }
   '';
+
+  ssl = builtins.toFile "ssl" ''
+    ssl_certificate /var/lib/acme/yggdrasil.li/fullchain.pem;
+    ssl_certificate_key /var/lib/acme/yggdrasil.li/key.pem;
+  '';
 in {
   services.nginx = {
     enable = true;
@@ -104,8 +109,7 @@ in {
         include ${favicon};
         include ${acme};
 
-        ssl_certificate /etc/ssl/self/dirty-haskell.org/fullchain.pem;
-        ssl_certificate_key /etc/ssl/self/dirty-haskell.org/privkey.pem;
+        include ${ssl};
 
         root /srv/www/dirty-haskell.org;
       }
@@ -118,8 +122,7 @@ in {
         include ${favicon};
         include ${acme};
 
-        ssl_certificate /etc/ssl/self/www.dirty-haskell.org/fullchain.pem;
-        ssl_certificate_key /etc/ssl/self/www.dirty-haskell.org/privkey.pem;
+        include ${ssl};
 
         root /srv/www/dirty-haskell.org;
       }
@@ -129,8 +132,6 @@ in {
         listen *:443 ssl;
         listen [::]:80;
         listen [::]:443 ssl;
-        ssl_certificate /etc/ssl/self/git.yggdrasil.li/fullchain.pem;
-        ssl_certificate_key /etc/ssl/self/git.yggdrasil.li/key.pem;
         server_name git.yggdrasil.li;
 
         root ${pkgs.cgit}/cgit;
@@ -140,6 +141,8 @@ in {
         include ${favicon};
         include ${acme};
 
+        include ${ssl};
+
         location @cgit {
           include ${uwsgi_params};
           uwsgi_pass unix:/tmp/cgit.sock;