aboutsummaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2020-04-18 16:08:53 +0200
committerIsmaël Bouya <ismael.bouya@normalesup.org>2020-04-18 16:08:53 +0200
commit2fe37e4945c19d25ec65fb1591ee010a97d8bf80 (patch)
tree28ca779f22b73e465b12ce4fc57ef98abb9031b5 /modules
parentb23c5027b611a40ad348aaaa60cb8419fb7e1ba9 (diff)
downloadNix-2fe37e4945c19d25ec65fb1591ee010a97d8bf80.tar.gz
Nix-2fe37e4945c19d25ec65fb1591ee010a97d8bf80.tar.zst
Nix-2fe37e4945c19d25ec65fb1591ee010a97d8bf80.zip
Fix selfsigned certificates
Diffstat (limited to 'modules')
-rw-r--r--modules/private/certificates.nix22
1 files changed, 12 insertions, 10 deletions
diff --git a/modules/private/certificates.nix b/modules/private/certificates.nix
index 5b86b6d..b9c0860 100644
--- a/modules/private/certificates.nix
+++ b/modules/private/certificates.nix
@@ -45,17 +45,19 @@
45 }; 45 };
46 46
47 systemd.services = lib.attrsets.mapAttrs' (k: v: 47 systemd.services = lib.attrsets.mapAttrs' (k: v:
48 lib.attrsets.nameValuePair "acme-selfsigned-${k}" { script = lib.mkBefore '' 48 lib.attrsets.nameValuePair "acme-selfsigned-${k}" {
49 cp $workdir/server.crt ${config.security.acme.certs."${k}".directory}/cert.pem 49 wantedBy = [ "acme-selfsigned-certificates.target" ];
50 chown '${v.user}:${v.group}' ${config.security.acme.certs."${k}".directory}/cert.pem 50 script = lib.mkAfter ''
51 chmod ${if v.allowKeysForGroup then "750" else "700"} ${config.security.acme.certs."${k}".directory}/cert.pem 51 cp $workdir/server.crt ${config.security.acme.certs."${k}".directory}/cert.pem
52 chown '${v.user}:${v.group}' ${config.security.acme.certs."${k}".directory}/cert.pem
53 chmod ${if v.allowKeysForGroup then "750" else "700"} ${config.security.acme.certs."${k}".directory}/cert.pem
52 54
53 cp $workdir/ca.crt ${config.security.acme.certs."${k}".directory}/chain.pem 55 cp $workdir/ca.crt ${config.security.acme.certs."${k}".directory}/chain.pem
54 chown '${v.user}:${v.group}' ${config.security.acme.certs."${k}".directory}/chain.pem 56 chown '${v.user}:${v.group}' ${config.security.acme.certs."${k}".directory}/chain.pem
55 chmod ${if v.allowKeysForGroup then "750" else "700"} ${config.security.acme.certs."${k}".directory}/chain.pem 57 chmod ${if v.allowKeysForGroup then "750" else "700"} ${config.security.acme.certs."${k}".directory}/chain.pem
56 ''; 58 '';
57 } 59 }
58 ) config.security.acme.certs // 60 ) config.security.acme.certs //
59 lib.attrsets.mapAttrs' (k: data: 61 lib.attrsets.mapAttrs' (k: data:
60 lib.attrsets.nameValuePair "acme-${k}" { 62 lib.attrsets.nameValuePair "acme-${k}" {
61 serviceConfig.ExecStartPre = 63 serviceConfig.ExecStartPre =