From c8c50c07448000f0f9b32fa3f9343df7ae017167 Mon Sep 17 00:00:00 2001 From: Daniel Frank Date: Fri, 27 Nov 2020 23:49:54 +0100 Subject: [PATCH] Try throwing all certificates into the same group to avoid permission issues --- acme.nix | 3 +++ dovecot.nix | 2 +- postfix.nix | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/acme.nix b/acme.nix index 484b7dd..9eef03e 100644 --- a/acme.nix +++ b/acme.nix @@ -3,4 +3,7 @@ { security.acme.acceptTerms = true; security.acme.email = "kontakt@hamburg.freifunk.net"; + users.groups.certs = { + members = [ "dovecot2" "nginx" "postfix" ]; + }; } diff --git a/dovecot.nix b/dovecot.nix index e004db7..417f1a1 100644 --- a/dovecot.nix +++ b/dovecot.nix @@ -119,7 +119,7 @@ in security = lib.mkIf config.variables.useSSL { acme.certs."dovecot2.${config.variables.myFQDN}" = { domain = "${config.variables.myFQDN}"; - group = config.services.dovecot2.group; + group = "certs"; postRun = "systemctl restart dovecot2.service"; # cheat by getting the webroot from another certificate configured through nginx. webroot = config.security.acme.certs."${config.variables.myFQDN}".webroot; diff --git a/postfix.nix b/postfix.nix index 3c274bb..c9fe644 100644 --- a/postfix.nix +++ b/postfix.nix @@ -37,7 +37,7 @@ in # Configure the certificates... acme.certs."postfix.${config.variables.myFQDN}" = { domain = "${config.variables.myFQDN}"; - group = config.services.postfix.group; + group = "certs"; postRun = "systemctl restart postfix.service"; # cheat by getting some settings from another certificate configured through nginx. webroot = config.security.acme.certs."${config.variables.myFQDN}".webroot;