kinda working.. acme still is throwing fits i think

modules/mailserver.nix

@@ -6,22 +6,24 @@ let
 in
 with lib;
 {
-  # services.caddy = {
+#   services.caddy = {
-  #   virtualHosts = {
+#     enable = true;
-  #     "mail.cochrun.xyz".extraConfig = ''
+#     virtualHosts = {
-  #       tls internal {
+#       "mail.cochrun.xyz".extraConfig = ''
-  #         key_type rsa2048
+# reverse_proxy 8898
-  #       } 
+#         tls internal {
-  #       respond "Hello DMS"
+#           key_type rsa2048
-  #     '' ;
+#         } 
-  #   };   
+#         respond "Hello DMS"
-  # };
+#       '' ;
+#     };   
+#   };
   mailserver = {
     enable = true;
     fqdn = fqdn;
     domains = [ dn ];
     enableManageSieve = true;
-    mailDirectory = "/home/chris/mailserver/docker-data/mail-data";
+    # mailDirectory = "/home/chris/mailserver/docker-data/mail-data";
     mailboxes = {
       Archive = {
         auto = "subscribe";
@@ -46,9 +48,9 @@ with lib;
     };
     useFsLayout = true;
     hierarchySeparator = "/";
-    certificateScheme = "acme-nginx";
+    certificateScheme = "manual";
-    # certificateFile = "/var/lib/acme/${fqdn}/fullchain.pem";
+    certificateFile = "/var/lib/acme/${fqdn}/fullchain.pem";
-    # keyFile = "/var/lib/acme/${fqdn}/key.pem";
+    keyFile = "/var/lib/acme/${fqdn}/key.pem";
     loginAccounts = {
       "chris@cochrun.xyz" = {
         hashedPasswordFile = "/home/chris/mailp";
@@ -67,9 +69,9 @@ with lib;
   security.acme = {
     acceptTerms = true;
     defaults.email = "chris@cochrun.xyz";
-    # certs.${fqdn} = {
+    certs.${fqdn} = {
-    #   webroot = "/var/lib/acme/acme-challenge/";
+      webroot = "/var/lib/acme/acme-challenge/";
-    #   # dnsProvider = "namecheap";
+      extraDomainNames = [ "cochrun.xyz" ];
-    # };
+    };
   };
 }

systems/dalinar/configuration.nix

@@ -280,21 +280,21 @@
         reverse_proxy localhost:2283
       '';
     };
-    virtualHosts = {
+    # virtualHosts = {
-      "piped.cochrun.xyz".extraConfig = ''
+    #   "piped.cochrun.xyz".extraConfig = ''
-        reverse_proxy http://127.0.0.1:8085
+    #     reverse_proxy http://127.0.0.1:8085
-      '';
+    #   '';
-    };
+    # };
-    virtualHosts = {
+    # virtualHosts = {
-      "pipedapi.cochrun.xyz".extraConfig = ''
+    #   "pipedapi.cochrun.xyz".extraConfig = ''
-        reverse_proxy http://127.0.0.1:8085
+    #     reverse_proxy http://127.0.0.1:8085
-      '';
+    #   '';
-    };
+    # };
-    virtualHosts = {
+    # virtualHosts = {
-      "pipedproxy.cochrun.xyz".extraConfig = ''
+    #   "pipedproxy.cochrun.xyz".extraConfig = ''
-        reverse_proxy http://127.0.0.1:8085
+    #     reverse_proxy http://127.0.0.1:8085
-      '';
+    #   '';
-    };
+    # };
     virtualHosts = {
       "inv.cochrun.xyz".extraConfig = ''
         reverse_proxy http://127.0.0.1:3000
@@ -348,26 +348,26 @@
         }
       '';
     };
-    virtualHosts = {
+    # virtualHosts = {
-      "truthmatters.cc".extraConfig = ''
+    #   "truthmatters.cc".extraConfig = ''
-        encode gzip
+    #     encode gzip
-        root * /srv/truthmatters
+    #     root * /srv/truthmatters
-	      file_server        
+	  #     file_server        
-        header {
+    #     header {
-              Access-Control-Allow-Origin *
+    #           Access-Control-Allow-Origin *
-        }
+    #     }
-      '';
+    #   '';
-    };
+    # };
-    virtualHosts = {
+    # virtualHosts = {
-      "new.luctorcrc.org".extraConfig = ''
+    #   "new.luctorcrc.org".extraConfig = ''
-        encode gzip
+    #     encode gzip
-        root * /srv/luctorcrc
+    #     root * /srv/luctorcrc
-	      file_server        
+	  #     file_server        
-        header {
+    #     header {
-              Access-Control-Allow-Origin *
+    #           Access-Control-Allow-Origin *
-        }
+    #     }
-      '';
+    #   '';
-    };
+    # };
     virtualHosts = {
       "nc.cochrun.xyz".extraConfig = ''
         reverse_proxy localhost:8080