From efad24c66648dbfdd703c39bf2d36307476b6ef4 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Mon, 31 Jan 2022 17:58:52 +0100
Subject: ...

---
 hosts/surtr/http.nix | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/hosts/surtr/http.nix b/hosts/surtr/http.nix
index 032b1fa5..6edc1466 100644
--- a/hosts/surtr/http.nix
+++ b/hosts/surtr/http.nix
@@ -50,7 +50,7 @@
       virtualHosts = {
         "webdav.141.li" = {
           forceSSL = true;
-          sslCertificate = "${config.security.acme.certs."webdav.141.li".directory}/fullchain.pem";
+          sslCertificate = "/run/credentials/nginx.service/webdav.141.li.pem";
           sslCertificateKey = "/run/credentials/nginx.service/webdav.141.li.key.pem";
           locations."/" = {
             proxyPass = "http://webdav/";
@@ -69,7 +69,10 @@
     systemd.services.nginx = {
       preStart = lib.mkForce config.services.nginx.preStart;
       serviceConfig = {
-        LoadCredential = [ "webdav.141.li.key.pem:${config.security.acme.certs."webdav.141.li".directory}/key.pem" ];
+        LoadCredential = [
+          "webdav.141.li.key.pem:${config.security.acme.certs."webdav.141.li".directory}/key.pem"
+          "webdav.141.li.pem:${config.security.acme.certs."webdav.141.li".directory}/fullchain.pem"
+        ];
       };
     };
   };
-- 
cgit v1.2.3