diff --git a/letsencrypt/acme.nix b/letsencrypt/acme.nix index 077652d..4a4392b 100644 --- a/letsencrypt/acme.nix +++ b/letsencrypt/acme.nix @@ -27,18 +27,13 @@ in reloadServices = [ "nginx" ]; }; certs = { - "wildcard-${cfg.domain}" = { + "${cfg.domain}" = { domain = "*.${cfg.domain}"; extraDomainNames = [ "${cfg.domain}" ]; group = "acmereceivers"; dnsProvider = lib.strings.toLower cfg.dns.provider; credentialsFile = acme-env-filepath; }; - "${cfg.domain}" = { - domain = cfg.domain; - group = "acmereceivers"; - webroot = "/var/lib/acme/acme-challenge"; - }; }; }; systemd.services.acme-secrets = { diff --git a/sp-modules/bitwarden/module.nix b/sp-modules/bitwarden/module.nix index 3b4a516..d7a50cf 100644 --- a/sp-modules/bitwarden/module.nix +++ b/sp-modules/bitwarden/module.nix @@ -72,8 +72,8 @@ in ''; }; services.nginx.virtualHosts."password.${sp.domain}" = { - sslCertificate = "/var/lib/acme/wildcard-${sp.domain}/fullchain.pem"; - sslCertificateKey = "/var/lib/acme/wildcard-${sp.domain}/key.pem"; + sslCertificate = "/var/lib/acme/${sp.domain}/fullchain.pem"; + sslCertificateKey = "/var/lib/acme/${sp.domain}/key.pem"; forceSSL = true; extraConfig = '' add_header Strict-Transport-Security $hsts_header; diff --git a/sp-modules/gitea/module.nix b/sp-modules/gitea/module.nix index 0a62eef..5023f8d 100644 --- a/sp-modules/gitea/module.nix +++ b/sp-modules/gitea/module.nix @@ -85,8 +85,8 @@ in }; }; services.nginx.virtualHosts."git.${sp.domain}" = { - sslCertificate = "/var/lib/acme/wildcard-${sp.domain}/fullchain.pem"; - sslCertificateKey = "/var/lib/acme/wildcard-${sp.domain}/key.pem"; + sslCertificate = "/var/lib/acme/${sp.domain}/fullchain.pem"; + sslCertificateKey = "/var/lib/acme/${sp.domain}/key.pem"; forceSSL = true; extraConfig = '' add_header Strict-Transport-Security $hsts_header; diff --git a/sp-modules/jitsi-meet/module.nix b/sp-modules/jitsi-meet/module.nix index fb5ed56..d23207a 100644 --- a/sp-modules/jitsi-meet/module.nix +++ b/sp-modules/jitsi-meet/module.nix @@ -21,8 +21,8 @@ in }; }; services.nginx.virtualHosts."meet.${domain}" = { - sslCertificate = "/var/lib/acme/wildcard-${domain}/fullchain.pem"; - sslCertificateKey = "/var/lib/acme/wildcard-${domain}/key.pem"; + sslCertificate = "/var/lib/acme/${domain}/fullchain.pem"; + sslCertificateKey = "/var/lib/acme/${domain}/key.pem"; forceSSL = true; useACMEHost = domain; enableACME = false; diff --git a/sp-modules/nextcloud/module.nix b/sp-modules/nextcloud/module.nix index 89eeef3..3b4a183 100644 --- a/sp-modules/nextcloud/module.nix +++ b/sp-modules/nextcloud/module.nix @@ -69,8 +69,8 @@ }; }; services.nginx.virtualHosts.${hostName} = { - sslCertificate = "/var/lib/acme/wildcard-${sp.domain}/fullchain.pem"; - sslCertificateKey = "/var/lib/acme/wildcard-${sp.domain}/key.pem"; + sslCertificate = "/var/lib/acme/${sp.domain}/fullchain.pem"; + sslCertificateKey = "/var/lib/acme/${sp.domain}/key.pem"; forceSSL = true; extraConfig = '' add_header Strict-Transport-Security $hsts_header; diff --git a/sp-modules/ocserv/module.nix b/sp-modules/ocserv/module.nix index 6c022d9..d33369a 100644 --- a/sp-modules/ocserv/module.nix +++ b/sp-modules/ocserv/module.nix @@ -28,8 +28,8 @@ in tcp-port = 8443 udp-port = 8443 - server-cert = /var/lib/acme/wildcard-${domain}/fullchain.pem - server-key = /var/lib/acme/wildcard-${domain}/key.pem + server-cert = /var/lib/acme/${domain}/fullchain.pem + server-key = /var/lib/acme/${domain}/key.pem compression = true @@ -56,8 +56,8 @@ in ''; }; services.nginx.virtualHosts."vpn.${domain}" = { - sslCertificate = "/var/lib/acme/wildcard-${domain}/fullchain.pem"; - sslCertificateKey = "/var/lib/acme/wildcard-${domain}/key.pem"; + sslCertificate = "/var/lib/acme/${domain}/fullchain.pem"; + sslCertificateKey = "/var/lib/acme/${domain}/key.pem"; forceSSL = true; extraConfig = '' add_header Strict-Transport-Security $hsts_header; diff --git a/sp-modules/pleroma/module.nix b/sp-modules/pleroma/module.nix index d9f54a2..afb2969 100644 --- a/sp-modules/pleroma/module.nix +++ b/sp-modules/pleroma/module.nix @@ -100,8 +100,8 @@ in # seems to be an upstream nixpkgs/nixos bug (missing hexdump) systemd.services.pleroma.path = [ pkgs.util-linux ]; services.nginx.virtualHosts."social.${sp.domain}" = { - sslCertificate = "/var/lib/acme/wildcard-${sp.domain}/fullchain.pem"; - sslCertificateKey = "/var/lib/acme/wildcard-${sp.domain}/key.pem"; + sslCertificate = "/var/lib/acme/${sp.domain}/fullchain.pem"; + sslCertificateKey = "/var/lib/acme/${sp.domain}/key.pem"; root = "/var/www/social.${sp.domain}"; forceSSL = true; extraConfig = '' diff --git a/sp-modules/simple-nixos-mailserver/config.nix b/sp-modules/simple-nixos-mailserver/config.nix index aeceeb9..3ac1145 100644 --- a/sp-modules/simple-nixos-mailserver/config.nix +++ b/sp-modules/simple-nixos-mailserver/config.nix @@ -67,8 +67,8 @@ lib.mkIf sp.modules.simple-nixos-mailserver.enable }; certificateScheme = "manual"; - certificateFile = "/var/lib/acme/wildcard-${sp.domain}/fullchain.pem"; - keyFile = "/var/lib/acme/wildcard-${sp.domain}/key.pem"; + certificateFile = "/var/lib/acme/${sp.domain}/fullchain.pem"; + keyFile = "/var/lib/acme/${sp.domain}/key.pem"; # Enable IMAP and POP3 enableImap = true; diff --git a/webserver/nginx.nix b/webserver/nginx.nix index 09c5f58..03320db 100644 --- a/webserver/nginx.nix +++ b/webserver/nginx.nix @@ -21,8 +21,8 @@ in ''; virtualHosts = { "${domain}" = { - sslCertificate = "/var/lib/acme/wildcard-${domain}/fullchain.pem"; - sslCertificateKey = "/var/lib/acme/wildcard-${domain}/key.pem"; + sslCertificate = "/var/lib/acme/${domain}/fullchain.pem"; + sslCertificateKey = "/var/lib/acme/${domain}/key.pem"; forceSSL = true; extraConfig = '' add_header Strict-Transport-Security $hsts_header; @@ -41,8 +41,8 @@ in }; }; "api.${domain}" = { - sslCertificate = "/var/lib/acme/wildcard-${domain}/fullchain.pem"; - sslCertificateKey = "/var/lib/acme/wildcard-${domain}/key.pem"; + sslCertificate = "/var/lib/acme/${domain}/fullchain.pem"; + sslCertificateKey = "/var/lib/acme/${domain}/key.pem"; forceSSL = true; extraConfig = '' add_header Strict-Transport-Security $hsts_header;