From 14b6ee0bfaff6d373e4cf2d4f232af663bf7f5ec Mon Sep 17 00:00:00 2001
From: sils <sils@sils.li>
Date: Wed, 4 Oct 2023 12:53:42 +0200
Subject: feat(system/services/taskserver): change ca to letsencrypt

---
 system/services/taskserver/default.nix | 28 +++++++++++++++++++++++++++-
 1 file changed, 27 insertions(+), 1 deletion(-)

(limited to 'system/services')

diff --git a/system/services/taskserver/default.nix b/system/services/taskserver/default.nix
index 1b0d29d..33416e6 100644
--- a/system/services/taskserver/default.nix
+++ b/system/services/taskserver/default.nix
@@ -1,6 +1,14 @@
-{...}: {
+{...}: let
+  taskStore = "/var/lib/taskserver";
+in {
   services.taskserver = {
     enable = true;
+    config = {
+      server = {
+        cert = "${taskStore}/fullchain.pem";
+        key = "${taskStore}/privkey.pem";
+      };
+    };
     pki.auto = {
       expiration = {
         server = 365;
@@ -16,4 +24,22 @@
     fqdn = "taskserver.vhack.eu";
     listenHost = "taskserver.vhack.eu";
   };
+  security.acme.certs.taskserver = {
+    domain = "taskserver.vhack.eu";
+    postRun =
+      /*
+      bash
+      */
+      ''
+        set -x
+        rm "${taskStore}/key.pem"
+        rm "${taskStore}/fullchain.pem"
+
+        cp key.pem "${taskStore}";
+        cp fullchain.pem "${taskStore}";
+
+        chown taskd:taskd "${taskStore}/key.pem"
+        chown taskd:taskd "${taskStore}/fullchain.pem"
+      '';
+  };
 }
-- 
cgit 1.4.1