Try throwing all certificates into the same group to avoid permission issues
This commit is contained in:
parent
0186d8bd52
commit
c8c50c0744
3 changed files with 5 additions and 2 deletions
3
acme.nix
3
acme.nix
|
@ -3,4 +3,7 @@
|
|||
{
|
||||
security.acme.acceptTerms = true;
|
||||
security.acme.email = "kontakt@hamburg.freifunk.net";
|
||||
users.groups.certs = {
|
||||
members = [ "dovecot2" "nginx" "postfix" ];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -119,7 +119,7 @@ in
|
|||
security = lib.mkIf config.variables.useSSL {
|
||||
acme.certs."dovecot2.${config.variables.myFQDN}" = {
|
||||
domain = "${config.variables.myFQDN}";
|
||||
group = config.services.dovecot2.group;
|
||||
group = "certs";
|
||||
postRun = "systemctl restart dovecot2.service";
|
||||
# cheat by getting the webroot from another certificate configured through nginx.
|
||||
webroot = config.security.acme.certs."${config.variables.myFQDN}".webroot;
|
||||
|
|
|
@ -37,7 +37,7 @@ in
|
|||
# Configure the certificates...
|
||||
acme.certs."postfix.${config.variables.myFQDN}" = {
|
||||
domain = "${config.variables.myFQDN}";
|
||||
group = config.services.postfix.group;
|
||||
group = "certs";
|
||||
postRun = "systemctl restart postfix.service";
|
||||
# cheat by getting some settings from another certificate configured through nginx.
|
||||
webroot = config.security.acme.certs."${config.variables.myFQDN}".webroot;
|
||||
|
|
Loading…
Reference in a new issue