};
systemd.services = lib.attrsets.mapAttrs' (k: v:
- lib.attrsets.nameValuePair "acme-selfsigned-${k}" { script = lib.mkBefore ''
- cp $workdir/server.crt ${config.security.acme.certs."${k}".directory}/cert.pem
- chown '${v.user}:${v.group}' ${config.security.acme.certs."${k}".directory}/cert.pem
- chmod ${if v.allowKeysForGroup then "750" else "700"} ${config.security.acme.certs."${k}".directory}/cert.pem
+ lib.attrsets.nameValuePair "acme-selfsigned-${k}" {
+ wantedBy = [ "acme-selfsigned-certificates.target" ];
+ script = lib.mkAfter ''
+ cp $workdir/server.crt ${config.security.acme.certs."${k}".directory}/cert.pem
+ chown '${v.user}:${v.group}' ${config.security.acme.certs."${k}".directory}/cert.pem
+ chmod ${if v.allowKeysForGroup then "750" else "700"} ${config.security.acme.certs."${k}".directory}/cert.pem
- cp $workdir/ca.crt ${config.security.acme.certs."${k}".directory}/chain.pem
- chown '${v.user}:${v.group}' ${config.security.acme.certs."${k}".directory}/chain.pem
- chmod ${if v.allowKeysForGroup then "750" else "700"} ${config.security.acme.certs."${k}".directory}/chain.pem
- '';
- }
- ) config.security.acme.certs //
+ cp $workdir/ca.crt ${config.security.acme.certs."${k}".directory}/chain.pem
+ chown '${v.user}:${v.group}' ${config.security.acme.certs."${k}".directory}/chain.pem
+ chmod ${if v.allowKeysForGroup then "750" else "700"} ${config.security.acme.certs."${k}".directory}/chain.pem
+ '';
+ }
+ ) config.security.acme.certs //
lib.attrsets.mapAttrs' (k: data:
lib.attrsets.nameValuePair "acme-${k}" {
serviceConfig.ExecStartPre =