From 2fe37e4945c19d25ec65fb1591ee010a97d8bf80 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
Date: Sat, 18 Apr 2020 16:08:53 +0200
Subject: [PATCH] Fix selfsigned certificates

---
 modules/private/certificates.nix | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/modules/private/certificates.nix b/modules/private/certificates.nix
index 5b86b6d..b9c0860 100644
--- a/modules/private/certificates.nix
+++ b/modules/private/certificates.nix
@@ -45,17 +45,19 @@
     };
 
     systemd.services = lib.attrsets.mapAttrs' (k: v:
-      lib.attrsets.nameValuePair "acme-selfsigned-${k}" { script = lib.mkBefore ''
-        cp $workdir/server.crt ${config.security.acme.certs."${k}".directory}/cert.pem
-        chown '${v.user}:${v.group}' ${config.security.acme.certs."${k}".directory}/cert.pem
-        chmod ${if v.allowKeysForGroup then "750" else "700"} ${config.security.acme.certs."${k}".directory}/cert.pem
+      lib.attrsets.nameValuePair "acme-selfsigned-${k}" {
+          wantedBy = [ "acme-selfsigned-certificates.target" ];
+          script = lib.mkAfter ''
+          cp $workdir/server.crt ${config.security.acme.certs."${k}".directory}/cert.pem
+          chown '${v.user}:${v.group}' ${config.security.acme.certs."${k}".directory}/cert.pem
+          chmod ${if v.allowKeysForGroup then "750" else "700"} ${config.security.acme.certs."${k}".directory}/cert.pem
 
-        cp $workdir/ca.crt ${config.security.acme.certs."${k}".directory}/chain.pem
-        chown '${v.user}:${v.group}' ${config.security.acme.certs."${k}".directory}/chain.pem
-        chmod ${if v.allowKeysForGroup then "750" else "700"} ${config.security.acme.certs."${k}".directory}/chain.pem
-        '';
-      }
-    ) config.security.acme.certs //
+          cp $workdir/ca.crt ${config.security.acme.certs."${k}".directory}/chain.pem
+          chown '${v.user}:${v.group}' ${config.security.acme.certs."${k}".directory}/chain.pem
+          chmod ${if v.allowKeysForGroup then "750" else "700"} ${config.security.acme.certs."${k}".directory}/chain.pem
+          '';
+        }
+      ) config.security.acme.certs //
     lib.attrsets.mapAttrs' (k: data:
       lib.attrsets.nameValuePair "acme-${k}" {
         serviceConfig.ExecStartPre =
-- 
2.41.0