Fixes to procul postgres SSL certs

config/host-config/procul.nix

@@ -3,6 +3,7 @@
 with lib;
 let
   hostname = "procul";
+
   host-ipv4 = "172.86.179.18";
   git-ipv4 = "172.86.179.19";
   domain-name = config.fudo.hosts.${hostname}.domain;
@@ -14,10 +15,6 @@ let
   local-networks =
     domain.local-networks ++ site.local-networks;
 
-  acme-private-key = hostname: "/var/lib/acme/${hostname}/key.pem";
-  acme-certificate = hostname: "/var/lib/acme/${hostname}/fullchain.pem";
-  acme-ca = "/etc/nixos/static/letsencryptauthorityx3.pem";
-
   local-packages = with pkgs; [ ldns.examples ];
 
   secrets = config.fudo.secrets.host-secrets.procul;
@@ -87,6 +84,14 @@ in {
   fudo = {
     hosts.procul.external-interfaces = [ "extif0" ];
 
+    acme.host-domains.${hostname}.${host-fqdn}.local-copies = {
+      postgresql = {
+        user = postgresql-user;
+        dependent-services = [ "postgresql.service" ];
+        part-of = [ config.fudo.postgresql.systemd-target ];
+      };
+    };
+
     secrets.host-secrets.procul = let
       files = config.fudo.secrets.files;
     in {
@@ -170,10 +175,12 @@ in {
       };
     };
 
-    postgresql = {
+    postgresql = let
+      cert-copy = config.fudo.acme.host-domains.${hostname}.${host-fqdn}.local-copies.postgresql;
+    in {
       enable = true;
-      ssl-certificate = (acme-certificate host-fqdn);
+      ssl-certificate = cert-copy.full-certificate;
-      ssl-private-key = (acme-private-key host-fqdn);
+      ssl-private-key = cert-copy.private-key;
       keytab = secrets.postgres-keytab.target-file;
       local-networks = local-networks;
 

flake.nix

@@ -57,8 +57,8 @@
 
       latest-modified-timestamp = head
         (sort (a: b: a > b)
-          (filter (timestamp: timestamp != null)
+          (map (input: toInt input.lastModifiedDate)
-            (map (input: toInt input.lastModifiedDate)
+            (filter (input: hasAttr "lastModifiedDate" input)
               (attrValues inputs))));
 
       concat-timestamp = timestamp: