From fd7a8f1b91a002cd0de93b59064f83e29e3e8034 Mon Sep 17 00:00:00 2001
From: lassulus <lass@lassul.us>
Date: Mon, 8 May 2017 18:14:37 +0200
Subject: nixos/security/acme: fix acme folder permissions

---
 nixos/modules/security/acme.nix | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/nixos/modules/security/acme.nix b/nixos/modules/security/acme.nix
index 5301ac14805..321b9f7f375 100644
--- a/nixos/modules/security/acme.nix
+++ b/nixos/modules/security/acme.nix
@@ -185,12 +185,15 @@ in
                   path = [ pkgs.simp_le ];
                   preStart = ''
                     mkdir -p '${cfg.directory}'
-                    chown -R '${data.user}:${data.group}' '${cfg.directory}'
+                    chown 'root:root' '${cfg.directory}'
+                    chmod 755 '${cfg.directory}'
                     if [ ! -d '${cpath}' ]; then
                       mkdir '${cpath}'
                     fi
                     chmod ${rights} '${cpath}'
                     chown -R '${data.user}:${data.group}' '${cpath}'
+                    mkdir -p '${data.webroot}/.well-known/acme-challenge'
+                    chown -R '${data.user}:${data.group}' '${data.webroot}/.well-known/acme-challenge'
                   '';
                   script = ''
                     cd '${cpath}'
-- 
cgit 1.4.1