Try throwing all certificates into the same group to avoid permission issues
This commit is contained in:
parent
0186d8bd52
commit
c8c50c0744
3 changed files with 5 additions and 2 deletions
3
acme.nix
3
acme.nix
|
@ -3,4 +3,7 @@
|
||||||
{
|
{
|
||||||
security.acme.acceptTerms = true;
|
security.acme.acceptTerms = true;
|
||||||
security.acme.email = "kontakt@hamburg.freifunk.net";
|
security.acme.email = "kontakt@hamburg.freifunk.net";
|
||||||
|
users.groups.certs = {
|
||||||
|
members = [ "dovecot2" "nginx" "postfix" ];
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -119,7 +119,7 @@ in
|
||||||
security = lib.mkIf config.variables.useSSL {
|
security = lib.mkIf config.variables.useSSL {
|
||||||
acme.certs."dovecot2.${config.variables.myFQDN}" = {
|
acme.certs."dovecot2.${config.variables.myFQDN}" = {
|
||||||
domain = "${config.variables.myFQDN}";
|
domain = "${config.variables.myFQDN}";
|
||||||
group = config.services.dovecot2.group;
|
group = "certs";
|
||||||
postRun = "systemctl restart dovecot2.service";
|
postRun = "systemctl restart dovecot2.service";
|
||||||
# cheat by getting the webroot from another certificate configured through nginx.
|
# cheat by getting the webroot from another certificate configured through nginx.
|
||||||
webroot = config.security.acme.certs."${config.variables.myFQDN}".webroot;
|
webroot = config.security.acme.certs."${config.variables.myFQDN}".webroot;
|
||||||
|
|
|
@ -37,7 +37,7 @@ in
|
||||||
# Configure the certificates...
|
# Configure the certificates...
|
||||||
acme.certs."postfix.${config.variables.myFQDN}" = {
|
acme.certs."postfix.${config.variables.myFQDN}" = {
|
||||||
domain = "${config.variables.myFQDN}";
|
domain = "${config.variables.myFQDN}";
|
||||||
group = config.services.postfix.group;
|
group = "certs";
|
||||||
postRun = "systemctl restart postfix.service";
|
postRun = "systemctl restart postfix.service";
|
||||||
# cheat by getting some settings from another certificate configured through nginx.
|
# cheat by getting some settings from another certificate configured through nginx.
|
||||||
webroot = config.security.acme.certs."${config.variables.myFQDN}".webroot;
|
webroot = config.security.acme.certs."${config.variables.myFQDN}".webroot;
|
||||||
|
|
Loading…
Reference in a new issue