aboutsummaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to 'modules')
-rw-r--r--modules/acme2.nix12
1 files changed, 12 insertions, 0 deletions
diff --git a/modules/acme2.nix b/modules/acme2.nix
index 408c098..6c6d9a7 100644
--- a/modules/acme2.nix
+++ b/modules/acme2.nix
@@ -239,6 +239,17 @@ in
239 PrivateTmp = true; 239 PrivateTmp = true;
240 StateDirectory = lpath; 240 StateDirectory = lpath;
241 StateDirectoryMode = rights; 241 StateDirectoryMode = rights;
242 ExecStartPre =
243 let
244 script = pkgs.writeScript "acme-pre-start" ''
245 #!${pkgs.runtimeShell} -e
246 mkdir -p '${data.webroot}/.well-known/acme-challenge'
247 chmod a+w '${data.webroot}/.well-known/acme-challenge'
248 #doesn't work for multiple concurrent runs
249 #chown -R '${data.user}:${data.group}' '${data.webroot}/.well-known/acme-challenge'
250 '';
251 in
252 "+${script}";
242 WorkingDirectory = "/var/lib/${lpath}"; 253 WorkingDirectory = "/var/lib/${lpath}";
243 ExecStart = "${pkgs.simp_le_0_17}/bin/simp_le ${escapeShellArgs cmdline}"; 254 ExecStart = "${pkgs.simp_le_0_17}/bin/simp_le ${escapeShellArgs cmdline}";
244 ExecStartPost = 255 ExecStartPost =
@@ -308,6 +319,7 @@ in
308 in 319 in
309 servicesAttr; 320 servicesAttr;
310 321
322 # FIXME: this doesn't work for multiple users
311 systemd.tmpfiles.rules = 323 systemd.tmpfiles.rules =
312 flip mapAttrsToList cfg.certs 324 flip mapAttrsToList cfg.certs
313 (cert: data: "d ${data.webroot}/.well-known/acme-challenge - ${data.user} ${data.group}"); 325 (cert: data: "d ${data.webroot}/.well-known/acme-challenge - ${data.user} ${data.group}");