diff options
| author | Lucas Savva <lucas@m1cr0man.com> | 2022-09-18 21:27:11 +0100 |
|---|---|---|
| committer | Winter <winter@winter.cafe> | 2022-10-06 10:30:24 -0400 |
| commit | 39796cad46f1d0b0a14e84a680ababf5ab1ff86d (patch) | |
| tree | bce414c8416529972401d5611d707f921b47f435 /nixos/modules/security | |
| parent | 22d41f921fa82c891cc2522ffb90a303ecc8a115 (diff) | |
| download | nixpkgs-39796cad46f1d0b0a14e84a680ababf5ab1ff86d.tar nixpkgs-39796cad46f1d0b0a14e84a680ababf5ab1ff86d.tar.gz nixpkgs-39796cad46f1d0b0a14e84a680ababf5ab1ff86d.tar.bz2 nixpkgs-39796cad46f1d0b0a14e84a680ababf5ab1ff86d.tar.lz nixpkgs-39796cad46f1d0b0a14e84a680ababf5ab1ff86d.tar.xz nixpkgs-39796cad46f1d0b0a14e84a680ababf5ab1ff86d.tar.zst nixpkgs-39796cad46f1d0b0a14e84a680ababf5ab1ff86d.zip | |
nixos/acme: Fix cert renewal with built in webserver
Fixes #191794 Lego threw a permission denied error binding to port 80. AmbientCapabilities with CAP_NET_BIND_SERVICE was required. Also added a test for this.
Diffstat (limited to 'nixos/modules/security')
| -rw-r--r-- | nixos/modules/security/acme/default.nix | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/nixos/modules/security/acme/default.nix b/nixos/modules/security/acme/default.nix index 377b543c581..45e4dab087e 100644 --- a/nixos/modules/security/acme/default.nix +++ b/nixos/modules/security/acme/default.nix @@ -325,6 +325,7 @@ let ''); } // optionalAttrs (data.listenHTTP != null && toInt (elemAt (splitString ":" data.listenHTTP) 1) < 1024) { CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ]; + AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ]; }; # Working directory will be /tmp |