From: Ismaƫl Bouya Date: Fri, 21 Feb 2020 22:27:06 +0000 (+0100) Subject: Make acme-challenge writable X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FConfig%2FNix%2FNUR.git;a=commitdiff_plain;h=5a979e9806fe8e38d312d589c8ff199b173f7911 Make acme-challenge writable --- diff --git a/modules/acme2.nix b/modules/acme2.nix index 408c098e..6c6d9a7a 100644 --- a/modules/acme2.nix +++ b/modules/acme2.nix @@ -239,6 +239,17 @@ in PrivateTmp = true; StateDirectory = lpath; StateDirectoryMode = rights; + ExecStartPre = + let + script = pkgs.writeScript "acme-pre-start" '' + #!${pkgs.runtimeShell} -e + mkdir -p '${data.webroot}/.well-known/acme-challenge' + chmod a+w '${data.webroot}/.well-known/acme-challenge' + #doesn't work for multiple concurrent runs + #chown -R '${data.user}:${data.group}' '${data.webroot}/.well-known/acme-challenge' + ''; + in + "+${script}"; WorkingDirectory = "/var/lib/${lpath}"; ExecStart = "${pkgs.simp_le_0_17}/bin/simp_le ${escapeShellArgs cmdline}"; ExecStartPost = @@ -308,6 +319,7 @@ in in servicesAttr; + # FIXME: this doesn't work for multiple users systemd.tmpfiles.rules = flip mapAttrsToList cfg.certs (cert: data: "d ${data.webroot}/.well-known/acme-challenge - ${data.user} ${data.group}");