caddy files

hosts/alpha/acme.nix

@@ -1,14 +1,16 @@
 {lib, ...}: {
-  security.acme.certs."caspervk.net" = {
+  security.acme.certs = {
-    domain = "*.caspervk.net";
+    "caspervk.net" = {
-    reloadServices = [
+      domain = "*.caspervk.net";
-      "caddy.service"
+      reloadServices = [
-      "murmur.service"
+        "caddy.service"
-    ];
+        "murmur.service"
-    # The NixOS Caddy module is a little too clever and sets the cert's group
+      ];
-    # to 'caddy', which means other services can't load it. This is not needed
+      # The NixOS Caddy module is a little too clever and sets the cert's group
-    # since we handle the group membership manually.
+      # to 'caddy', which means other services can't load it. This is not needed
-    group = lib.mkForce "acme";
+      # since we handle the group membership manually.
+      group = lib.mkForce "acme";
+    };
   };
   users.groups.acme.members = [
     "caddy"

hosts/delta/acme.nix

@@ -1,10 +1,12 @@
 {...}: {
-  security.acme.certs."caspervk.net" = {
+  security.acme.certs = {
-    domain = "*.caspervk.net";
+    "caspervk.net" = {
-    reloadServices = [
+      domain = "*.caspervk.net";
-      "kresd@1.service"
+      reloadServices = [
-      "kresd@2.service"
+        "kresd@1.service"
-    ];
+        "kresd@2.service"
+      ];
+    };
   };
   users.groups.acme.members = [
     "knot-resolver"

hosts/sigma/acme.nix

@@ -1,13 +1,21 @@
 {lib, ...}: {
-  security.acme.certs."caspervk.net" = {
+  security.acme.certs = {
-    domain = "*.caspervk.net";
+    "caspervk.net" = {
-    reloadServices = [
+      domain = "*.caspervk.net";
-      "caddy.service"
+      reloadServices = [
-    ];
+        "caddy.service"
-    # The NixOS Caddy module is a little too clever and sets the cert's group
+      ];
-    # to 'caddy', which means other services can't load it. This is not needed
+      # The NixOS Caddy module is a little too clever and sets the cert's group
-    # since we handle the group membership manually.
+      # to 'caddy', which means other services can't load it. This is not needed
-    group = lib.mkForce "acme";
+      # since we handle the group membership manually.
+      group = lib.mkForce "acme";
+    };
+    "sudomail.org" = {
+      reloadServices = [
+        "caddy.service"
+      ];
+      group = lib.mkForce "acme";
+    };
   };
   users.groups.acme.members = [
     "caddy"

modules/server/caddy.nix

@@ -20,7 +20,7 @@ lib.mkIf (config.services.caddy.virtualHosts != {}) {
   environment.persistence."/nix/persist" = {
     directories = [
       {
-        directory = "/var/lib/caddy";
+        directory = "/var/www/html";
         user = "caddy";
         group = "caddy";
         mode = "0755";