diff options
| author | Martin Weinelt <mweinelt@users.noreply.github.com> | 2021-10-25 20:27:29 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-10-25 20:27:29 +0200 |
| commit | 1c20719373c2344eae6ddd34d9892780b4fb5fdb (patch) | |
| tree | 4657ac24929b44fa635037243595d0f03aff08d3 /nixos/modules/security | |
| parent | e01a4c7fc5cbfe4b3dc538be2ddc915f2534f449 (diff) | |
| parent | 73846b372fe93b5c674ff56e59b2a1dfa70d3d85 (diff) | |
| download | nixpkgs-1c20719373c2344eae6ddd34d9892780b4fb5fdb.tar nixpkgs-1c20719373c2344eae6ddd34d9892780b4fb5fdb.tar.gz nixpkgs-1c20719373c2344eae6ddd34d9892780b4fb5fdb.tar.bz2 nixpkgs-1c20719373c2344eae6ddd34d9892780b4fb5fdb.tar.lz nixpkgs-1c20719373c2344eae6ddd34d9892780b4fb5fdb.tar.xz nixpkgs-1c20719373c2344eae6ddd34d9892780b4fb5fdb.tar.zst nixpkgs-1c20719373c2344eae6ddd34d9892780b4fb5fdb.zip | |
Merge pull request #139311 from NinjaTrappeur/nin-acme-fix-webroot
Diffstat (limited to 'nixos/modules/security')
| -rw-r--r-- | nixos/modules/security/acme.nix | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/nixos/modules/security/acme.nix b/nixos/modules/security/acme.nix index f522b7c4128..cfbc8e91903 100644 --- a/nixos/modules/security/acme.nix +++ b/nixos/modules/security/acme.nix @@ -192,6 +192,14 @@ let ++ data.extraLegoRenewFlags ); + # We need to collect all the ACME webroots to grant them write + # access in the systemd service. + webroots = + lib.remove null + (lib.unique + (builtins.map + (certAttrs: certAttrs.webroot) + (lib.attrValues config.security.acme.certs))); in { inherit accountHash cert selfsignedDeps; @@ -288,6 +296,8 @@ let "acme/.lego/accounts/${accountHash}" ]; + ReadWritePaths = commonServiceConfig.ReadWritePaths ++ webroots; + # Needs to be space separated, but can't use a multiline string because that'll include newlines BindPaths = [ "${accountDir}:/tmp/accounts" |