services: nginx: simplify ACME setup a bit
Signed-off-by: Christoph Heiss <christoph@c8h4.io>
This commit is contained in:
parent
8eec828a1d
commit
9d99ac705b
Binary file not shown.
|
@ -1,4 +1,4 @@
|
|||
{ pkgs, ... }:
|
||||
{ config, pkgs, secrets, ... }:
|
||||
|
||||
{
|
||||
services.nginx = {
|
||||
|
@ -13,7 +13,7 @@
|
|||
recommendedZstdSettings = true;
|
||||
};
|
||||
|
||||
users.users.nginx.extraGroups = [ "acme" ];
|
||||
users.users.nginx.extraGroups = [ config.security.acme.defaults.group ];
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
|
||||
|
@ -22,7 +22,7 @@
|
|||
dnsProvider = "hetzner";
|
||||
dnsResolver = "hydrogen.ns.hetzner.com:53";
|
||||
reloadServices = [ "nginx" ];
|
||||
environmentFile = "/var/secrets/hetzner-acme";
|
||||
environmentFile = secrets.hetzner-acme.destination;
|
||||
};
|
||||
|
||||
systemd.services.nginx = {
|
||||
|
|
Loading…
Reference in a new issue