include: - nginx kyriasis.com: acme.cert: - email: johannes@kyriasis.com - webroot: /srv/http/ - keysize: 4096 - renew: 30 - watch_in: - service: nginx_service - require_in: - service: nginx_service /etc/synapse/ssl/fullchain.pem: file.managed: - source: /etc/letsencrypt/live/kyriasis.com/fullchain.pem - user: synapse - group: synapse - mode: 600 /etc/synapse/ssl/privkey.pem: file.managed: - source: /etc/letsencrypt/live/kyriasis.com/privkey.pem - user: synapse - group: synapse - mode: 600 prosody-access-kyriasis.com-cert: acl.present: - name: /etc/letsencrypt/archive/kyriasis.com/ - acl_type: user - acl_name: prosody - perms: r-x - recurse: True - require_in: - acme: kyriasis.com # vim: set ft=yaml et: