fix: Split wildcard and root domains for ACME (#98)

Reviewed-on: https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config/pulls/98
2024-09-07 00:57:25 +03:00
parent 30e4f0a2cc
commit 46bb08581b
2 changed files with 6 additions and 2 deletions
--- a/letsencrypt/acme.nix
+++ b/letsencrypt/acme.nix
@@ -33,13 +33,17 @@ in
    certs = {
      "${cfg.domain}" = {
        domain = "*.${cfg.domain}";
-        extraDomainNames = [ "${cfg.domain}" ];
        group = "acmereceivers";
        dnsProvider = lib.strings.toLower cfg.dns.provider;
        credentialsFile = acme-env-filepath;
        dnsPropagationCheck =
          ! (lib.elem cfg.dns.provider dnsPropagationCheckExceptions);
      };
+      "root-${cfg.domain}" = {
+        domain = cfg.domain;
+        group = "acmereceivers";
+        webroot = "/var/lib/acme/acme-challenge";
+      };
    };
  };
  systemd.services.acme-secrets = {