nixos/acme: fix chown hack

1 files changed, 5 insertions, 5 deletions

diff --git a/nixpkgs/nixos/modules/security/acme.nix b/nixpkgs/nixos/modules/security/acme.nix
index b0c9a7407786..06e5c0ede297 100644
--- a/nixpkgs/nixos/modules/security/acme.nix
+++ b/nixpkgs/nixos/modules/security/acme.nix
@@ -319,6 +319,11 @@ in
                   after = [ "network.target" "network-online.target" ];
                   wants = [ "network-online.target" ];
                   wantedBy = mkIf (!config.boot.isContainer) [ "multi-user.target" ];
+                  preStart = optionalString data.allowKeysForGroup ''
+                    exec find ${spath}/accounts \
+                        -type f \! -perm 640 -exec chmod 640 '{}' \; , \
+                        -type d \! -perm 750 -exec chmod 750 '{}' \;
+                  '';
                   serviceConfig = {
                     Type = "oneshot";
                     User = data.user;
@@ -329,11 +334,6 @@ in
                     WorkingDirectory = spath;
                     # Only try loading the credentialsFile if the dns challenge is enabled
                     EnvironmentFile = if data.dnsProvider != null then data.credentialsFile else null;
-                    preStart = if data.allowKeysForGroup then ''
-                      exec find ${spath}/accounts \
-                          -type f \! -perm 640 -exec chmod 640 '{}' \; , \
-                          -type d \! -perm 750 -exec chmod 750 '{}' \;
-                    '' else null;
                     ExecStart = pkgs.writeScript "acme-start" ''
                       #!${pkgs.runtimeShell} -e
                       test -L ${spath}/accounts -o -d ${spath}/accounts || ln -s ../accounts ${spath}/accounts