From 5685ae98e376ee903f7ef2f577e44617a830a6c4 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Mon, 6 Jan 2020 15:08:32 +0100
Subject: acme...

---
 ymir.nix | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/ymir.nix b/ymir.nix
index 88d95fba..d926b547 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -11,8 +11,8 @@ let
     enabled = true;
     domain = name;
     ssl = {
-      key = "${config.security.acme.directory}/yggdrasil.li/key.pem";
-      cert = "${config.security.acme.directory}/yggdrasil.li/fullchain.pem";
+      key = "/var/lib/acme/yggdrasil.li/key.pem";
+      cert = "/var/lib/acme/yggdrasil.li/fullchain.pem";
       extraOptions = {
         dhparam = config.security.dhparams.params.prosody.path;
       };
@@ -495,8 +495,8 @@ in rec {
         /^localhost$/ ACCEPT
         /\.?ymir$/ ACCEPT
       ''}''];
-    sslCert = "${config.security.acme.directory}/yggdrasil.li/fullchain.pem";
-    sslKey = "${config.security.acme.directory}/yggdrasil.li/key.pem";
+    sslCert = "/var/lib/acme/yggdrasil.li/fullchain.pem";
+    sslKey = "/var/lib/acme/yggdrasil.li/key.pem";
     config = {
       #the dh params
       smtpd_tls_dh1024_param_file = config.security.dhparams.params."postfix-1024".path;
@@ -702,8 +702,8 @@ in rec {
     enableLmtp = true;
     enablePop3 = false;
     enablePAM = false; # do that manualy
-    sslServerCert = "${config.security.acme.directory}/yggdrasil.li/fullchain.pem";
-    sslServerKey = "${config.security.acme.directory}/yggdrasil.li/key.pem";
+    sslServerCert = "/var/lib/acme/yggdrasil.li/fullchain.pem";
+    sslServerKey = "/var/lib/acme/yggdrasil.li/key.pem";
     mailLocation = "maildir:~/mail:LAYOUT=index:UTF-8";
     modules = with pkgs; [ dovecot_pigeonhole ];
     protocols = [ "sieve" ];
@@ -955,8 +955,8 @@ in rec {
 
   services.infinoted = {
     enable = true;
-    keyFile = "${config.security.acme.directory}/yggdrasil.li/key.pem";
-    certificateFile = "${config.security.acme.directory}/yggdrasil.li/fullchain.pem";
+    keyFile = "/var/lib/acme/yggdrasil.li/key.pem";
+    certificateFile = "/var/lib/acme/yggdrasil.li/fullchain.pem";
     plugins = [ "note-text" "note-chat" "logging" "autosave" "certificate-auth" "directory-sync" ];
     extraConfig = ''
       [certificate-auth]
@@ -1027,8 +1027,8 @@ in rec {
     localUsers = true;
     writeEnable = true;
     chrootlocalUser = true;
-    rsaKeyFile = "${config.security.acme.directory}/yggdrasil.li/key.pem";
-    rsaCertFile = "${config.security.acme.directory}/yggdrasil.li/fullchain.pem";
+    rsaKeyFile = "/var/lib/acme/yggdrasil.li/key.pem";
+    rsaCertFile = "/var/lib/acme/yggdrasil.li/fullchain.pem";
     extraConfig = ''
       local_umask=022
     
-- 
cgit v1.2.3