From ac1e65d4d6e600e7e5466b78fc9eb83c99af9a4c Mon Sep 17 00:00:00 2001
From: Gene Liverman <gene@technicalissues.us>
Date: Thu, 12 Jun 2025 11:12:50 -0400
Subject: [PATCH] Make sure mosquitto uses updated cert

---
 .../hosts/nixos/hetznix01/post-install/mosquitto.nix   | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/modules/hosts/nixos/hetznix01/post-install/mosquitto.nix b/modules/hosts/nixos/hetznix01/post-install/mosquitto.nix
index 5e6a7fe..d3405e4 100644
--- a/modules/hosts/nixos/hetznix01/post-install/mosquitto.nix
+++ b/modules/hosts/nixos/hetznix01/post-install/mosquitto.nix
@@ -1,4 +1,8 @@
-{ config, ... }: {
+{ config, ... }: let
+  mqtt_domain = "mqtt.technicalissues.us";
+in {
+  security.acme.certs.${mqtt_domain}.postRun = "systemctl restart ${config.systemd.services.mosquitto.name}";
+
   services.mosquitto = {
     enable = true;
     bridges = {
@@ -83,7 +87,7 @@
         port = 8883;
         users = mqtt_users;
         settings = let
-          certDir = config.security.acme.certs."mqtt.technicalissues.us".directory;
+          certDir = config.security.acme.certs."${mqtt_domain}".directory;
         in {
           allow_anonymous = false;
           keyfile = certDir + "/key.pem";
@@ -95,7 +99,7 @@
         port = 9001;
         users = mqtt_users;
         settings = let
-          certDir = config.security.acme.certs."mqtt.technicalissues.us".directory;
+          certDir = config.security.acme.certs."${mqtt_domain}".directory;
         in {
           allow_anonymous = false;
           keyfile = certDir + "/key.pem";