Set ACME client defaults in server.nix

2024-05-17 23:01:07 +01:00 · 2024-05-17 23:01:07 +01:00 · 92c3bd3a13
commit 92c3bd3a13
parent b16a42732a
3 changed files with 8 additions and 13 deletions
--- a/hosts/mail/default.nix
+++ b/hosts/mail/default.nix
@ -30,12 +30,6 @@

  services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password";

-  security.acme.defaults = {
-    email = "hostmaster@vimium.com";
-    group = "nginx";
-    webroot = "/var/lib/acme/acme-challenge";
-  };
-
  modules = {
    services = {
      borgmatic = {
--- a/hosts/server.nix
+++ b/hosts/server.nix
@ -10,7 +10,14 @@
  fonts.fontconfig.enable = false;

  security = {
-    acme.acceptTerms = true;
+    acme = {
+      acceptTerms = true;
+      defaults = {
+        email = "hostmaster@vimium.com";
+        group = "nginx";
+        webroot = "/var/lib/acme/acme-challenge";
+      };
+    };
    auditd.enable = true;
    audit = {
      enable = true;
--- a/hosts/vps1/default.nix
+++ b/hosts/vps1/default.nix
@ -40,12 +40,6 @@

  services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password";

-  security.acme.defaults = {
-    email = "hostmaster@vimium.com";
-    group = "nginx";
-    webroot = "/var/lib/acme/acme-challenge";
-  };
-
  modules = {
    services = {
      borgmatic = {