Try throwing all certificates into the same group to avoid permission issues

This commit is contained in:
Daniel Frank 2020-11-27 23:49:54 +01:00
parent 0186d8bd52
commit c8c50c0744
Signed by: tokudan
GPG key ID: 063CCCAD04182D32
3 changed files with 5 additions and 2 deletions

View file

@ -3,4 +3,7 @@
{ {
security.acme.acceptTerms = true; security.acme.acceptTerms = true;
security.acme.email = "kontakt@hamburg.freifunk.net"; security.acme.email = "kontakt@hamburg.freifunk.net";
users.groups.certs = {
members = [ "dovecot2" "nginx" "postfix" ];
};
} }

View file

@ -119,7 +119,7 @@ in
security = lib.mkIf config.variables.useSSL { security = lib.mkIf config.variables.useSSL {
acme.certs."dovecot2.${config.variables.myFQDN}" = { acme.certs."dovecot2.${config.variables.myFQDN}" = {
domain = "${config.variables.myFQDN}"; domain = "${config.variables.myFQDN}";
group = config.services.dovecot2.group; group = "certs";
postRun = "systemctl restart dovecot2.service"; postRun = "systemctl restart dovecot2.service";
# cheat by getting the webroot from another certificate configured through nginx. # cheat by getting the webroot from another certificate configured through nginx.
webroot = config.security.acme.certs."${config.variables.myFQDN}".webroot; webroot = config.security.acme.certs."${config.variables.myFQDN}".webroot;

View file

@ -37,7 +37,7 @@ in
# Configure the certificates... # Configure the certificates...
acme.certs."postfix.${config.variables.myFQDN}" = { acme.certs."postfix.${config.variables.myFQDN}" = {
domain = "${config.variables.myFQDN}"; domain = "${config.variables.myFQDN}";
group = config.services.postfix.group; group = "certs";
postRun = "systemctl restart postfix.service"; postRun = "systemctl restart postfix.service";
# cheat by getting some settings from another certificate configured through nginx. # cheat by getting some settings from another certificate configured through nginx.
webroot = config.security.acme.certs."${config.variables.myFQDN}".webroot; webroot = config.security.acme.certs."${config.variables.myFQDN}".webroot;