services: nginx: simplify ACME setup a bit

Signed-off-by: Christoph Heiss <christoph@c8h4.io>
2024-01-21 00:31:25 +01:00 · 2024-01-21 00:31:25 +01:00 · 9d99ac705b
parent 8eec828a1d
commit 9d99ac705b
2 changed files with 3 additions and 3 deletions
--- a/secrets/morph/acme.nix
+++ b/secrets/morph/acme.nix
--- a/services/nginx.nix
+++ b/services/nginx.nix
@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ config, pkgs, secrets, ... }:

 {
  services.nginx = {
@ -13,7 +13,7 @@
    recommendedZstdSettings = true;
  };

-  users.users.nginx.extraGroups = [ "acme" ];
+  users.users.nginx.extraGroups = [ config.security.acme.defaults.group ];

  networking.firewall.allowedTCPPorts = [ 80 443 ];

@ -22,7 +22,7 @@
    dnsProvider = "hetzner";
    dnsResolver = "hydrogen.ns.hetzner.com:53";
    reloadServices = [ "nginx" ];
-    environmentFile = "/var/secrets/hetzner-acme";
+    environmentFile = secrets.hetzner-acme.destination;
  };

  systemd.services.nginx = {