diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2020-02-21 23:27:06 +0100 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2020-04-25 00:04:49 +0200 |
commit | 5a979e9806fe8e38d312d589c8ff199b173f7911 (patch) | |
tree | e6516d3c2196f5619835944567eef2eccd9e7b88 /modules/acme2.nix | |
parent | b27b9ddfe41ef7add0c2be7fa252d19f1bb886a8 (diff) | |
download | NUR-5a979e9806fe8e38d312d589c8ff199b173f7911.tar.gz NUR-5a979e9806fe8e38d312d589c8ff199b173f7911.tar.zst NUR-5a979e9806fe8e38d312d589c8ff199b173f7911.zip |
Make acme-challenge writable
Diffstat (limited to 'modules/acme2.nix')
-rw-r--r-- | modules/acme2.nix | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/modules/acme2.nix b/modules/acme2.nix index 408c098e..6c6d9a7a 100644 --- a/modules/acme2.nix +++ b/modules/acme2.nix | |||
@@ -239,6 +239,17 @@ in | |||
239 | PrivateTmp = true; | 239 | PrivateTmp = true; |
240 | StateDirectory = lpath; | 240 | StateDirectory = lpath; |
241 | StateDirectoryMode = rights; | 241 | StateDirectoryMode = rights; |
242 | ExecStartPre = | ||
243 | let | ||
244 | script = pkgs.writeScript "acme-pre-start" '' | ||
245 | #!${pkgs.runtimeShell} -e | ||
246 | mkdir -p '${data.webroot}/.well-known/acme-challenge' | ||
247 | chmod a+w '${data.webroot}/.well-known/acme-challenge' | ||
248 | #doesn't work for multiple concurrent runs | ||
249 | #chown -R '${data.user}:${data.group}' '${data.webroot}/.well-known/acme-challenge' | ||
250 | ''; | ||
251 | in | ||
252 | "+${script}"; | ||
242 | WorkingDirectory = "/var/lib/${lpath}"; | 253 | WorkingDirectory = "/var/lib/${lpath}"; |
243 | ExecStart = "${pkgs.simp_le_0_17}/bin/simp_le ${escapeShellArgs cmdline}"; | 254 | ExecStart = "${pkgs.simp_le_0_17}/bin/simp_le ${escapeShellArgs cmdline}"; |
244 | ExecStartPost = | 255 | ExecStartPost = |
@@ -308,6 +319,7 @@ in | |||
308 | in | 319 | in |
309 | servicesAttr; | 320 | servicesAttr; |
310 | 321 | ||
322 | # FIXME: this doesn't work for multiple users | ||
311 | systemd.tmpfiles.rules = | 323 | systemd.tmpfiles.rules = |
312 | flip mapAttrsToList cfg.certs | 324 | flip mapAttrsToList cfg.certs |
313 | (cert: data: "d ${data.webroot}/.well-known/acme-challenge - ${data.user} ${data.group}"); | 325 | (cert: data: "d ${data.webroot}/.well-known/acme-challenge - ${data.user} ${data.group}"); |