aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--modules/private/certificates.nix9
1 files changed, 9 insertions, 0 deletions
diff --git a/modules/private/certificates.nix b/modules/private/certificates.nix
index 1881ac8..b97d0bc 100644
--- a/modules/private/certificates.nix
+++ b/modules/private/certificates.nix
@@ -142,6 +142,14 @@
142 ''); 142 '');
143 ExecStartPost = 143 ExecStartPost =
144 let 144 let
145 ISRG_Root_X1 = pkgs.fetchurl {
146 url = "https://letsencrypt.org/certs/isrgrootx1.pem";
147 sha256 = "1la36n2f31j9s03v847ig6ny9lr875q3g7smnq33dcsmf2i5gd92";
148 };
149 fix_ISRG_Root_X1 = pkgs.writeScript "fix-pem" ''
150 cat ${ISRG_Root_X1} | grep -v " CERTIFICATE" | \
151 sed -i.bak -ne "/MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/ {r /dev/stdin" -e ":a; n; /Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5/ { b }; ba };p" chain.pem fullchain.pem full.pem
152 '';
145 script = pkgs.writeScript "acme-post-start" '' 153 script = pkgs.writeScript "acme-post-start" ''
146 #!${pkgs.runtimeShell} -e 154 #!${pkgs.runtimeShell} -e
147 install -m 0755 -o root -g root -d /var/lib/acme 155 install -m 0755 -o root -g root -d /var/lib/acme
@@ -163,6 +171,7 @@
163 171
164 chmod ${fileMode} *.pem 172 chmod ${fileMode} *.pem
165 chown '${data.user}:${data.group}' *.pem 173 chown '${data.user}:${data.group}' *.pem
174 ${fix_ISRG_Root_X1}
166 175
167 if [ "$KEY_CHANGED" = "yes" ]; then 176 if [ "$KEY_CHANGED" = "yes" ]; then
168 : # noop in case postRun is empty 177 : # noop in case postRun is empty
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-23 09:48:44 +0000