Merge pull request 'refactor(jitsi): Use the common TLS cert for Jitsi' (#33) from jitsi-tls-fix into master

Reviewed-on: #33
2023-06-09 16:01:09 +03:00 · 2023-06-09 16:01:09 +03:00 · 8006f83257
parent bc5778fdea 74d35b16f2
commit 8006f83257
2 changed files with 8 additions and 6 deletions
--- a/letsencrypt/acme.nix
+++ b/letsencrypt/acme.nix
@ -11,6 +11,7 @@ in
    defaults = {
      email = "${cfg.username}@${cfg.domain}";
      server = if cfg.dns.useStagingACME then "https://acme-staging-v02.api.letsencrypt.org/directory" else "https://acme-v02.api.letsencrypt.org/directory";
+      dnsPropagationCheck = false;
    };
    certs = lib.mkForce {
      "${cfg.domain}" = {
@ -20,12 +21,6 @@ in
        dnsProvider = lib.strings.toLower cfg.dns.provider;
        credentialsFile = "/var/lib/cloudflare/Credentials.ini";
      };
-      "meet.${cfg.domain}" = {
-        domain = "meet.${cfg.domain}";
-        group = "acmerecievers";
-        dnsProvider = lib.strings.toLower cfg.dns.provider;
-        credentialsFile = "/var/lib/cloudflare/Credentials.ini";
-      };
    };
  };
 }
--- a/webserver/nginx.nix
+++ b/webserver/nginx.nix
@ -151,6 +151,13 @@ in
          };
        };
      };
+      "meet.${domain}" = {
+        sslCertificate = "/var/lib/acme/${domain}/fullchain.pem";
+        sslCertificateKey = "/var/lib/acme/${domain}/key.pem";
+        forceSSL = true;
+        useACMEHost = domain;
+        enableACME = false;
+      };
    };
  };
 }