From 1e10c6630b2c46bd40c2b23fa6a4f7c8fa751823 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Tue, 29 Nov 2022 17:19:24 +0100
Subject: [PATCH] modules: services: nginx: fix SSL renewal

See this issue [1].

[1]: https://github.com/go-acme/lego/issues/1772.
---
 modules/services/nginx/default.nix | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/modules/services/nginx/default.nix b/modules/services/nginx/default.nix
index 379179e..332a936 100644
--- a/modules/services/nginx/default.nix
+++ b/modules/services/nginx/default.nix
@@ -3,6 +3,8 @@
 let
   cfg = config.my.services.nginx;
 
+  domain = config.networking.domain;
+
   virtualHostOption = with lib; types.submodule {
     options = {
       subdomain = mkOption {
@@ -392,10 +394,6 @@ in
       acceptTerms = true;
       # Use DNS wildcard certificate
       certs =
-        let
-          domain = config.networking.domain;
-        in
-        with pkgs;
         {
           "${domain}" = {
             extraDomainNames = [ "*.${domain}" ];
@@ -405,6 +403,15 @@ in
         };
     };
 
+    systemd.services."acme-${domain}" = {
+      serviceConfig = {
+        Environment = [
+          # Since I do a "weird" setup with a wildcard CNAME
+          "LEGO_DISABLE_CNAME_SUPPORT=true"
+        ];
+      };
+    };
+
     services.grafana.provision.dashboards.settings.providers = lib.mkIf cfg.monitoring.enable [
       {
         name = "NGINX";