fix(ops/nixos/camden): Add required options for ACME updates r/589

The implementation for provisioning ACME certificates has changed in
nixos-unstable[0] and now requires a few extra options to be set.

[0]: https://github.com/NixOS/nixpkgs/pull/77578

1 files changed, 17 insertions, 12 deletions

diff --git a/ops/nixos/camden/default.nix b/ops/nixos/camden/default.nix
index 9713b148dfe8..45ce3182681a 100644
--- a/ops/nixos/camden/default.nix
+++ b/ops/nixos/camden/default.nix
@@ -156,19 +156,24 @@ in lib.fix(self: {
 
   # Provision a TLS certificate outside of nginx to avoid
   # nixpkgs#38144
-  security.acme.certs."tazj.in" = {
-    user = "nginx";
-    group = "nginx";
-    webroot = "/var/lib/acme/acme-challenge";
-    extraDomains = {
-      "git.tazj.in" = null;
-      "www.tazj.in" = null;
-
-      # Local domains (for this machine only)
-      "camden.tazj.in" = null;
-      "git.camden.tazj.in" = null;
+  security.acme = {
+    acceptTerms = true;
+    email = "mail@tazj.in";
+
+    certs."tazj.in" = {
+      user = "nginx";
+      group = "nginx";
+      webroot = "/var/lib/acme/acme-challenge";
+      extraDomains = {
+        "git.tazj.in" = null;
+        "www.tazj.in" = null;
+
+        # Local domains (for this machine only)
+        "camden.tazj.in" = null;
+        "git.camden.tazj.in" = null;
+      };
+      postRun = "systemctl reload nginx";
     };
-    postRun = "systemctl reload nginx";
   };
 
   # Forward logs to Google Cloud Platform