diff options
author | Alyssa Ross <hi@alyssa.is> | 2020-04-15 16:22:56 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2020-04-15 16:25:10 +0000 |
commit | bb0e1f1b5d7f2b6030e6b2e6f8eb8fd177acf6de (patch) | |
tree | 73623e424a1c0b8fd820a4b7d48629e62ba71ce7 /sys | |
parent | a378e77f94d2786ec32612bdeabd656a5f864138 (diff) | |
download | nixlib-bb0e1f1b5d7f2b6030e6b2e6f8eb8fd177acf6de.tar nixlib-bb0e1f1b5d7f2b6030e6b2e6f8eb8fd177acf6de.tar.gz nixlib-bb0e1f1b5d7f2b6030e6b2e6f8eb8fd177acf6de.tar.bz2 nixlib-bb0e1f1b5d7f2b6030e6b2e6f8eb8fd177acf6de.tar.lz nixlib-bb0e1f1b5d7f2b6030e6b2e6f8eb8fd177acf6de.tar.xz nixlib-bb0e1f1b5d7f2b6030e6b2e6f8eb8fd177acf6de.tar.zst nixlib-bb0e1f1b5d7f2b6030e6b2e6f8eb8fd177acf6de.zip |
sys/atuin: add tls group
This will allow services other than nginx to access the ACME TLS certificates.
Diffstat (limited to 'sys')
-rw-r--r-- | sys/atuin.nix | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/sys/atuin.nix b/sys/atuin.nix index 4b19d187b5c8..e8c8647b27e8 100644 --- a/sys/atuin.nix +++ b/sys/atuin.nix @@ -114,6 +114,8 @@ domain: { postRun ? "systemctl reload nginx.service" , webroot ? "/var/lib/acme/acme-challenge" + , group ? "tls" + , allowKeysForGroup ? true , extraDomains ? {} , ... } @ value: @@ -123,11 +125,13 @@ toAttrs (filter (hasSuffix ".${domain}") vhostDomains); in value // { - inherit postRun webroot; + inherit postRun webroot group allowKeysForGroup; extraDomains = extraDomainsFromVhosts // (toAttrs extraDomains); } ) domains; + users.groups.tls.members = [ "nginx" ]; + services.nginx.virtualHosts = let vhosts = { |