diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2020-04-18 16:08:53 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2020-04-18 16:08:53 +0200 |
commit | 2fe37e4945c19d25ec65fb1591ee010a97d8bf80 (patch) | |
tree | 28ca779f22b73e465b12ce4fc57ef98abb9031b5 /modules | |
parent | b23c5027b611a40ad348aaaa60cb8419fb7e1ba9 (diff) | |
download | Nix-2fe37e4945c19d25ec65fb1591ee010a97d8bf80.tar.gz Nix-2fe37e4945c19d25ec65fb1591ee010a97d8bf80.tar.zst Nix-2fe37e4945c19d25ec65fb1591ee010a97d8bf80.zip |
Fix selfsigned certificates
Diffstat (limited to 'modules')
-rw-r--r-- | modules/private/certificates.nix | 22 |
1 files changed, 12 insertions, 10 deletions
diff --git a/modules/private/certificates.nix b/modules/private/certificates.nix index 5b86b6d..b9c0860 100644 --- a/modules/private/certificates.nix +++ b/modules/private/certificates.nix | |||
@@ -45,17 +45,19 @@ | |||
45 | }; | 45 | }; |
46 | 46 | ||
47 | systemd.services = lib.attrsets.mapAttrs' (k: v: | 47 | systemd.services = lib.attrsets.mapAttrs' (k: v: |
48 | lib.attrsets.nameValuePair "acme-selfsigned-${k}" { script = lib.mkBefore '' | 48 | lib.attrsets.nameValuePair "acme-selfsigned-${k}" { |
49 | cp $workdir/server.crt ${config.security.acme.certs."${k}".directory}/cert.pem | 49 | wantedBy = [ "acme-selfsigned-certificates.target" ]; |
50 | chown '${v.user}:${v.group}' ${config.security.acme.certs."${k}".directory}/cert.pem | 50 | script = lib.mkAfter '' |
51 | chmod ${if v.allowKeysForGroup then "750" else "700"} ${config.security.acme.certs."${k}".directory}/cert.pem | 51 | cp $workdir/server.crt ${config.security.acme.certs."${k}".directory}/cert.pem |
52 | chown '${v.user}:${v.group}' ${config.security.acme.certs."${k}".directory}/cert.pem | ||
53 | chmod ${if v.allowKeysForGroup then "750" else "700"} ${config.security.acme.certs."${k}".directory}/cert.pem | ||
52 | 54 | ||
53 | cp $workdir/ca.crt ${config.security.acme.certs."${k}".directory}/chain.pem | 55 | cp $workdir/ca.crt ${config.security.acme.certs."${k}".directory}/chain.pem |
54 | chown '${v.user}:${v.group}' ${config.security.acme.certs."${k}".directory}/chain.pem | 56 | chown '${v.user}:${v.group}' ${config.security.acme.certs."${k}".directory}/chain.pem |
55 | chmod ${if v.allowKeysForGroup then "750" else "700"} ${config.security.acme.certs."${k}".directory}/chain.pem | 57 | chmod ${if v.allowKeysForGroup then "750" else "700"} ${config.security.acme.certs."${k}".directory}/chain.pem |
56 | ''; | 58 | ''; |
57 | } | 59 | } |
58 | ) config.security.acme.certs // | 60 | ) config.security.acme.certs // |
59 | lib.attrsets.mapAttrs' (k: data: | 61 | lib.attrsets.mapAttrs' (k: data: |
60 | lib.attrsets.nameValuePair "acme-${k}" { | 62 | lib.attrsets.nameValuePair "acme-${k}" { |
61 | serviceConfig.ExecStartPre = | 63 | serviceConfig.ExecStartPre = |