From 551cf94d4ea5902e1f993472acfe72bc1cbc3b5f Mon Sep 17 00:00:00 2001
From: nyanloutre <paul@nyanlout.re>
Date: Mon, 2 Mar 2020 22:39:16 +0100
Subject: [PATCH] vsftpd: utilisation du certif let's encrypt

---
 containers/vsftpd.nix     | 6 +++---
 services/haproxy-acme.nix | 1 +
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/containers/vsftpd.nix b/containers/vsftpd.nix
index 409ab6f04..77e01dd33 100644
--- a/containers/vsftpd.nix
+++ b/containers/vsftpd.nix
@@ -12,7 +12,7 @@
           userlistDeny = false;
           localUsers = true;
           userlist = ["claire" "manu" "lakeu" "fusil" "stryxion" "nico"];
-          rsaCertFile = "/var/vsftpd/vsftpd.pem";
+          rsaCertFile = "/var/lib/acme/nyanlout.re/full.pem";
           extraConfig = ''
             pasv_min_port=64000
             pasv_max_port=65535
@@ -59,8 +59,8 @@
         };
       };
     bindMounts = {
-      "/var/vsftpd/vsftpd.pem" = {
-        hostPath = "/var/vsftpd/vsftpd.pem";
+      "/var/lib/acme/nyanlout.re" = {
+        hostPath = "/var/lib/acme/nyanlout.re";
       };
       "/mnt/medias" = {
         hostPath = "/mnt/medias";
diff --git a/services/haproxy-acme.nix b/services/haproxy-acme.nix
index 9383f3805..8bdef077e 100644
--- a/services/haproxy-acme.nix
+++ b/services/haproxy-acme.nix
@@ -138,6 +138,7 @@ in
         group = "acme";
         postRun = ''
           systemctl reload haproxy.service
+          nixos-container run vsftpd -- systemctl restart vsftpd
         '';
       };
     };