modules: services: nginx: fix SSL renewal

See this issue [1]. [1]: https://github.com/go-acme/lego/issues/1772.
2022-11-29 17:19:24 +01:00 · 2022-11-29 17:19:24 +01:00 · 1e10c6630b
parent b85a98c377
commit 1e10c6630b
1 changed files with 11 additions and 4 deletions
--- a/modules/services/nginx/default.nix
+++ b/modules/services/nginx/default.nix
@ -3,6 +3,8 @@
 let
  cfg = config.my.services.nginx;

+  domain = config.networking.domain;
+
  virtualHostOption = with lib; types.submodule {
    options = {
      subdomain = mkOption {
@ -392,10 +394,6 @@ in
      acceptTerms = true;
      # Use DNS wildcard certificate
      certs =
-        let
-          domain = config.networking.domain;
-        in
-        with pkgs;
        {
          "${domain}" = {
            extraDomainNames = [ "*.${domain}" ];
@ -405,6 +403,15 @@ in
        };
    };

+    systemd.services."acme-${domain}" = {
+      serviceConfig = {
+        Environment = [
+          # Since I do a "weird" setup with a wildcard CNAME
+          "LEGO_DISABLE_CNAME_SUPPORT=true"
+        ];
+      };
+    };
+
    services.grafana.provision.dashboards.settings.providers = lib.mkIf cfg.monitoring.enable [
      {
        name = "NGINX";