services: use subdomain for ACME cert

Avoids conflicts now that I have multiple servers sharing the config
2022-06-12 17:18:58 +02:00 · 2022-06-12 17:18:58 +02:00 · 990c035c3b
commit 990c035c3b
parent baa239dc72
13 changed files with 72 additions and 18 deletions
--- a/services/vaultwarden.nix
+++ b/services/vaultwarden.nix
@ -15,6 +15,8 @@
  my = config.my;

  domain = config.networking.domain;
+  hostname = config.networking.hostName;
+  fqdn = "${hostname}.${domain}";
 in {
  options.my.services.vaultwarden = let
    inherit (lib) types;
@ -68,7 +70,7 @@ in {
      virtualHosts = {
        "pass.${domain}" = {
          forceSSL = true;
-          useACMEHost = domain;
+          useACMEHost = fqdn;

          locations."/" = {
            proxyPass = "http://127.0.0.1:${toString cfg.privatePort}";
@ -86,6 +88,8 @@ in {
      };
    };

+    security.acme.certs.${fqdn}.extraDomainNames = ["pass.${domain}"];
+
    # FIXME: should be renamed to vaultwarden eventually
    my.services.restic-backup = mkIf cfg.enable {
      paths = ["/var/lib/bitwarden_rs"];