applications.server.acme: defaults + persists state

2024-08-08 19:38:02 +02:00 · 2024-08-08 19:38:02 +02:00 · f792e23584
commit f792e23584
parent 7cee029fff
3 changed files with 24 additions and 8 deletions
--- a/shared/applications/server/nginx.nix
+++ b/shared/applications/server/nginx.nix
@ -10,9 +10,6 @@ let
      -out "$out/ca.pem" -keyout "$out/ca.key"
  '';
 in {
-  security.acme.defaults.email = "fricloudacme.cameo530@simplelogin.com";
-  security.acme.acceptTerms = true;
-
  services.nginx = {
    enable = true;

@ -25,9 +22,6 @@ in {
    # only allow PFS-enabled ciphers with AES256
    sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";

-    # give Nginx access to our certs
-    group = "acme";
-
    # setup a default site
    virtualHosts.default = {
      default = lib.mkDefault true;
@ -49,8 +43,6 @@ in {
    };
  };

-  users.groups.acme = {};
-
  networking.firewall = {
    allowedTCPPorts = [80 443];
    allowedUDPPorts = [443];