caddy files

flake.lock: Update
Flake lock file updates: • Updated input 'secrets': 'git+ssh://git@git.caspervk.net/caspervk/nixos-secrets.git?ref=refs/heads/master&rev=84f9be99ee397303cb23dfc8713115088fa7a53d' (2024-04-23) → 'git+ssh://git@git.caspervk.net/caspervk/nixos-secrets.git?ref=refs/heads/master&rev=d73392f1e37da591bbc2700a37beba60c5bc4648' (2024-04-24)
2024-04-24 02:06:04 +02:00 · 2024-04-24 02:04:12 +02:00
5 changed files with 42 additions and 30 deletions
--- a/flake.lock
+++ b/flake.lock
@ -165,11 +165,11 @@
    },
    "secrets": {
      "locked": {
-        "lastModified": 1713906026,
-        "narHash": "sha256-pI2SocGL1Ev54UXizRL2L6t3UmBFVGGmcSgBmthSeJU=",
+        "lastModified": 1713917034,
+        "narHash": "sha256-TcRTcrx6Y+qZpoOvCu+DNyHWGFOFxL4bDMCD2EvYNsg=",
        "ref": "refs/heads/master",
-        "rev": "84f9be99ee397303cb23dfc8713115088fa7a53d",
-        "revCount": 23,
+        "rev": "d73392f1e37da591bbc2700a37beba60c5bc4648",
+        "revCount": 25,
        "type": "git",
        "url": "ssh://git@git.caspervk.net/caspervk/nixos-secrets.git"
      },
--- a/hosts/alpha/acme.nix
+++ b/hosts/alpha/acme.nix
@ -1,14 +1,16 @@
 {lib, ...}: {
-  security.acme.certs."caspervk.net" = {
-    domain = "*.caspervk.net";
-    reloadServices = [
-      "caddy.service"
-      "murmur.service"
-    ];
-    # The NixOS Caddy module is a little too clever and sets the cert's group
-    # to 'caddy', which means other services can't load it. This is not needed
-    # since we handle the group membership manually.
-    group = lib.mkForce "acme";
+  security.acme.certs = {
+    "caspervk.net" = {
+      domain = "*.caspervk.net";
+      reloadServices = [
+        "caddy.service"
+        "murmur.service"
+      ];
+      # The NixOS Caddy module is a little too clever and sets the cert's group
+      # to 'caddy', which means other services can't load it. This is not needed
+      # since we handle the group membership manually.
+      group = lib.mkForce "acme";
+    };
  };
  users.groups.acme.members = [
    "caddy"
--- a/hosts/delta/acme.nix
+++ b/hosts/delta/acme.nix
@ -1,10 +1,12 @@
 {...}: {
-  security.acme.certs."caspervk.net" = {
-    domain = "*.caspervk.net";
-    reloadServices = [
-      "kresd@1.service"
-      "kresd@2.service"
-    ];
+  security.acme.certs = {
+    "caspervk.net" = {
+      domain = "*.caspervk.net";
+      reloadServices = [
+        "kresd@1.service"
+        "kresd@2.service"
+      ];
+    };
  };
  users.groups.acme.members = [
    "knot-resolver"
--- a/hosts/sigma/acme.nix
+++ b/hosts/sigma/acme.nix
@ -1,13 +1,21 @@
 {lib, ...}: {
-  security.acme.certs."caspervk.net" = {
-    domain = "*.caspervk.net";
-    reloadServices = [
-      "caddy.service"
-    ];
-    # The NixOS Caddy module is a little too clever and sets the cert's group
-    # to 'caddy', which means other services can't load it. This is not needed
-    # since we handle the group membership manually.
-    group = lib.mkForce "acme";
+  security.acme.certs = {
+    "caspervk.net" = {
+      domain = "*.caspervk.net";
+      reloadServices = [
+        "caddy.service"
+      ];
+      # The NixOS Caddy module is a little too clever and sets the cert's group
+      # to 'caddy', which means other services can't load it. This is not needed
+      # since we handle the group membership manually.
+      group = lib.mkForce "acme";
+    };
+    "sudomail.org" = {
+      reloadServices = [
+        "caddy.service"
+      ];
+      group = lib.mkForce "acme";
+    };
  };
  users.groups.acme.members = [
    "caddy"
--- a/modules/server/caddy.nix
+++ b/modules/server/caddy.nix
@ -20,7 +20,7 @@ lib.mkIf (config.services.caddy.virtualHosts != {}) {
  environment.persistence."/nix/persist" = {
    directories = [
      {
-        directory = "/var/lib/caddy";
+        directory = "/var/www/html";
        user = "caddy";
        group = "caddy";
        mode = "0755";