caddy files

2024-04-24 02:06:04 +02:00 · 2024-04-24 02:06:04 +02:00 · 931bce3d9f
parent 8bce4b0326
commit 931bce3d9f
4 changed files with 38 additions and 26 deletions
--- a/hosts/alpha/acme.nix
+++ b/hosts/alpha/acme.nix
@ -1,14 +1,16 @@
 {lib, ...}: {
-  security.acme.certs."caspervk.net" = {
+  security.acme.certs = {
-    domain = "*.caspervk.net";
+    "caspervk.net" = {
-    reloadServices = [
+      domain = "*.caspervk.net";
-      "caddy.service"
+      reloadServices = [
-      "murmur.service"
+        "caddy.service"
-    ];
+        "murmur.service"
-    # The NixOS Caddy module is a little too clever and sets the cert's group
+      ];
-    # to 'caddy', which means other services can't load it. This is not needed
+      # The NixOS Caddy module is a little too clever and sets the cert's group
-    # since we handle the group membership manually.
+      # to 'caddy', which means other services can't load it. This is not needed
-    group = lib.mkForce "acme";
+      # since we handle the group membership manually.
      group = lib.mkForce "acme";
    };
  };
  users.groups.acme.members = [
    "caddy"
--- a/hosts/delta/acme.nix
+++ b/hosts/delta/acme.nix
@ -1,10 +1,12 @@
 {...}: {
-  security.acme.certs."caspervk.net" = {
+  security.acme.certs = {
-    domain = "*.caspervk.net";
+    "caspervk.net" = {
-    reloadServices = [
+      domain = "*.caspervk.net";
-      "kresd@1.service"
+      reloadServices = [
-      "kresd@2.service"
+        "kresd@1.service"
-    ];
+        "kresd@2.service"
      ];
    };
  };
  users.groups.acme.members = [
    "knot-resolver"
--- a/hosts/sigma/acme.nix
+++ b/hosts/sigma/acme.nix
@ -1,13 +1,21 @@
 {lib, ...}: {
-  security.acme.certs."caspervk.net" = {
+  security.acme.certs = {
-    domain = "*.caspervk.net";
+    "caspervk.net" = {
-    reloadServices = [
+      domain = "*.caspervk.net";
-      "caddy.service"
+      reloadServices = [
-    ];
+        "caddy.service"
-    # The NixOS Caddy module is a little too clever and sets the cert's group
+      ];
-    # to 'caddy', which means other services can't load it. This is not needed
+      # The NixOS Caddy module is a little too clever and sets the cert's group
-    # since we handle the group membership manually.
+      # to 'caddy', which means other services can't load it. This is not needed
-    group = lib.mkForce "acme";
+      # since we handle the group membership manually.
      group = lib.mkForce "acme";
    };
    "sudomail.org" = {
      reloadServices = [
        "caddy.service"
      ];
      group = lib.mkForce "acme";
    };
  };
  users.groups.acme.members = [
    "caddy"
--- a/modules/server/caddy.nix
+++ b/modules/server/caddy.nix
@ -20,7 +20,7 @@ lib.mkIf (config.services.caddy.virtualHosts != {}) {
  environment.persistence."/nix/persist" = {
    directories = [
      {
-        directory = "/var/lib/caddy";
+        directory = "/var/www/html";
        user = "caddy";
        group = "caddy";
        mode = "0755";