Try throwing all certificates into the same group to avoid permission issues

2020-11-27 23:49:54 +01:00 · 2020-11-27 23:49:54 +01:00 · c8c50c0744
parent 0186d8bd52
commit c8c50c0744
3 changed files with 5 additions and 2 deletions
--- a/acme.nix
+++ b/acme.nix
@ -3,4 +3,7 @@
 {
  security.acme.acceptTerms = true;
  security.acme.email = "kontakt@hamburg.freifunk.net";
+  users.groups.certs = {
+    members = [ "dovecot2" "nginx" "postfix" ];
+  };
 }
--- a/dovecot.nix
+++ b/dovecot.nix
@ -119,7 +119,7 @@ in
  security = lib.mkIf config.variables.useSSL {
    acme.certs."dovecot2.${config.variables.myFQDN}" = {
      domain = "${config.variables.myFQDN}";
-      group = config.services.dovecot2.group;
+      group = "certs";
      postRun = "systemctl restart dovecot2.service";
      # cheat by getting the webroot from another certificate configured through nginx.
      webroot = config.security.acme.certs."${config.variables.myFQDN}".webroot;
--- a/postfix.nix
+++ b/postfix.nix
@ -37,7 +37,7 @@ in
    # Configure the certificates...
    acme.certs."postfix.${config.variables.myFQDN}" = {
      domain = "${config.variables.myFQDN}";
-      group = config.services.postfix.group;
+      group = "certs";
      postRun = "systemctl restart postfix.service";
      # cheat by getting some settings from another certificate configured through nginx.
      webroot = config.security.acme.certs."${config.variables.myFQDN}".webroot;