diff options
| author | sils <sils@sils.li> | 2023-10-04 12:53:42 +0200 |
|---|---|---|
| committer | Soispha <soispha@vhack.eu> | 2023-10-16 17:19:58 +0200 |
| commit | 14b6ee0bfaff6d373e4cf2d4f232af663bf7f5ec (patch) | |
| tree | 0ee6a0813bee1966a39e9ead82520b694cbe8772 /system/services/taskserver | |
| parent | fix(system/services/taskserver): Hide organisations (diff) | |
| download | nixos-server-14b6ee0bfaff6d373e4cf2d4f232af663bf7f5ec.tar.gz nixos-server-14b6ee0bfaff6d373e4cf2d4f232af663bf7f5ec.zip | |
feat(system/services/taskserver): change ca to letsencrypt
Diffstat (limited to 'system/services/taskserver')
| -rw-r--r-- | system/services/taskserver/default.nix | 28 |
1 files changed, 27 insertions, 1 deletions
diff --git a/system/services/taskserver/default.nix b/system/services/taskserver/default.nix index 1b0d29d..33416e6 100644 --- a/system/services/taskserver/default.nix +++ b/system/services/taskserver/default.nix @@ -1,6 +1,14 @@ -{...}: { +{...}: let + taskStore = "/var/lib/taskserver"; +in { services.taskserver = { enable = true; + config = { + server = { + cert = "${taskStore}/fullchain.pem"; + key = "${taskStore}/privkey.pem"; + }; + }; pki.auto = { expiration = { server = 365; @@ -16,4 +24,22 @@ fqdn = "taskserver.vhack.eu"; listenHost = "taskserver.vhack.eu"; }; + security.acme.certs.taskserver = { + domain = "taskserver.vhack.eu"; + postRun = + /* + bash + */ + '' + set -x + rm "${taskStore}/key.pem" + rm "${taskStore}/fullchain.pem" + + cp key.pem "${taskStore}"; + cp fullchain.pem "${taskStore}"; + + chown taskd:taskd "${taskStore}/key.pem" + chown taskd:taskd "${taskStore}/fullchain.pem" + ''; + }; } |