diff options
author | Alyssa Ross <hi@alyssa.is> | 2020-05-09 01:27:20 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2020-05-09 01:27:20 +0000 |
commit | b6bffe2033db41aa177fe7d76b891b4029ad4e8c (patch) | |
tree | b52c091c06fb833c0e3de180c17a594f1bcb49a9 /nixpkgs/nixos | |
parent | 7463f3c140adf90b0681d95cb716b39108b5264e (diff) | |
download | nixlib-b6bffe2033db41aa177fe7d76b891b4029ad4e8c.tar nixlib-b6bffe2033db41aa177fe7d76b891b4029ad4e8c.tar.gz nixlib-b6bffe2033db41aa177fe7d76b891b4029ad4e8c.tar.bz2 nixlib-b6bffe2033db41aa177fe7d76b891b4029ad4e8c.tar.lz nixlib-b6bffe2033db41aa177fe7d76b891b4029ad4e8c.tar.xz nixlib-b6bffe2033db41aa177fe7d76b891b4029ad4e8c.tar.zst nixlib-b6bffe2033db41aa177fe7d76b891b4029ad4e8c.zip |
nixos/acme: hack to fix permissions issue
A *good* fix for this problem looks to be a long way off. But I need my certificates to not expire until that happens. Fixes: https://github.com/NixOS/nixpkgs/issues/48845
Diffstat (limited to 'nixpkgs/nixos')
-rw-r--r-- | nixpkgs/nixos/modules/security/acme.nix | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/nixpkgs/nixos/modules/security/acme.nix b/nixpkgs/nixos/modules/security/acme.nix index 39976380e3b4..4bdfd4ffe750 100644 --- a/nixpkgs/nixos/modules/security/acme.nix +++ b/nixpkgs/nixos/modules/security/acme.nix @@ -329,6 +329,11 @@ in WorkingDirectory = spath; # Only try loading the credentialsFile if the dns challenge is enabled EnvironmentFile = if data.dnsProvider != null then data.credentialsFile else null; + preStart = if data.allowKeysForGroup then '' + exec find ${spath}/accounts \ + -type f \! -perm 640 -exec chmod 640 '{}' \; , \ + -type d \! -perm 750 -exec chmod 750 '{}' \; + '' else null; ExecStart = pkgs.writeScript "acme-start" '' #!${pkgs.runtimeShell} -e test -L ${spath}/accounts -o -d ${spath}/accounts || ln -s ../accounts ${spath}/accounts |