From: Ismaƫl Bouya Date: Sat, 18 Apr 2020 14:08:53 +0000 (+0200) Subject: Fix selfsigned certificates X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FConfig%2FNix.git;a=commitdiff_plain;h=2fe37e4945c19d25ec65fb1591ee010a97d8bf80 Fix selfsigned certificates --- diff --git a/modules/private/certificates.nix b/modules/private/certificates.nix index 5b86b6d..b9c0860 100644 --- a/modules/private/certificates.nix +++ b/modules/private/certificates.nix @@ -45,17 +45,19 @@ }; systemd.services = lib.attrsets.mapAttrs' (k: v: - lib.attrsets.nameValuePair "acme-selfsigned-${k}" { script = lib.mkBefore '' - cp $workdir/server.crt ${config.security.acme.certs."${k}".directory}/cert.pem - chown '${v.user}:${v.group}' ${config.security.acme.certs."${k}".directory}/cert.pem - chmod ${if v.allowKeysForGroup then "750" else "700"} ${config.security.acme.certs."${k}".directory}/cert.pem + lib.attrsets.nameValuePair "acme-selfsigned-${k}" { + wantedBy = [ "acme-selfsigned-certificates.target" ]; + script = lib.mkAfter '' + cp $workdir/server.crt ${config.security.acme.certs."${k}".directory}/cert.pem + chown '${v.user}:${v.group}' ${config.security.acme.certs."${k}".directory}/cert.pem + chmod ${if v.allowKeysForGroup then "750" else "700"} ${config.security.acme.certs."${k}".directory}/cert.pem - cp $workdir/ca.crt ${config.security.acme.certs."${k}".directory}/chain.pem - chown '${v.user}:${v.group}' ${config.security.acme.certs."${k}".directory}/chain.pem - chmod ${if v.allowKeysForGroup then "750" else "700"} ${config.security.acme.certs."${k}".directory}/chain.pem - ''; - } - ) config.security.acme.certs // + cp $workdir/ca.crt ${config.security.acme.certs."${k}".directory}/chain.pem + chown '${v.user}:${v.group}' ${config.security.acme.certs."${k}".directory}/chain.pem + chmod ${if v.allowKeysForGroup then "750" else "700"} ${config.security.acme.certs."${k}".directory}/chain.pem + ''; + } + ) config.security.acme.certs // lib.attrsets.mapAttrs' (k: data: lib.attrsets.nameValuePair "acme-${k}" { serviceConfig.ExecStartPre =