diff options
| author | Winter <winter@winter.cafe> | 2022-01-08 15:05:34 -0500 |
|---|---|---|
| committer | Winter <winter@winter.cafe> | 2022-01-08 15:05:34 -0500 |
| commit | b52607f43b11319edb716d65bbecbfdbf2f5b92b (patch) | |
| tree | 29e66e146b373f2f65203bf9451b42e18ad39b81 /nixos/modules/services/web-servers/apache-httpd/default.nix | |
| parent | 85a078a25d7d41d805ef5fb3e90af7476d5fefd4 (diff) | |
| download | nixpkgs-b52607f43b11319edb716d65bbecbfdbf2f5b92b.tar nixpkgs-b52607f43b11319edb716d65bbecbfdbf2f5b92b.tar.gz nixpkgs-b52607f43b11319edb716d65bbecbfdbf2f5b92b.tar.bz2 nixpkgs-b52607f43b11319edb716d65bbecbfdbf2f5b92b.tar.lz nixpkgs-b52607f43b11319edb716d65bbecbfdbf2f5b92b.tar.xz nixpkgs-b52607f43b11319edb716d65bbecbfdbf2f5b92b.tar.zst nixpkgs-b52607f43b11319edb716d65bbecbfdbf2f5b92b.zip | |
nixos/acme: ensure web servers using certs can access them
Diffstat (limited to 'nixos/modules/services/web-servers/apache-httpd/default.nix')
| -rw-r--r-- | nixos/modules/services/web-servers/apache-httpd/default.nix | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/nixos/modules/services/web-servers/apache-httpd/default.nix b/nixos/modules/services/web-servers/apache-httpd/default.nix index 1a49b4ca15c..d817ff6019a 100644 --- a/nixos/modules/services/web-servers/apache-httpd/default.nix +++ b/nixos/modules/services/web-servers/apache-httpd/default.nix @@ -370,6 +370,8 @@ let cat ${php.phpIni} > $out echo "$options" >> $out ''; + + mkCertOwnershipAssertion = import ../../../security/acme/mk-cert-ownership-assertion.nix; in @@ -657,7 +659,11 @@ in `services.httpd.virtualHosts.<name>.useACMEHost` are mutually exclusive. ''; } - ]; + ] ++ map (name: mkCertOwnershipAssertion { + inherit (cfg) group user; + cert = config.security.acme.certs.${name}; + groups = config.users.groups; + }) dependentCertNames; warnings = mapAttrsToList (name: hostOpts: '' |