JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

acme: create certificates in subdirectory

Browse Source 
This allows to have multiple certificates with the same common name.
Lego uses in its internal directory the common name to name the certificate.

fixes #84409
This commit is contained in:
Jörg Thalheim 2020-02-14 02:14:42 +00:00
parent 98790dab3b
commit d7ff6ab94a
No known key found for this signature in database
GPG Key ID: 003F2096411B5F92
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
nixos/modules/security/acme.nix
View File

@ -301,7 +301,7 @@ in
# StateDirectory must be relative, and will be created under /var/lib by systemd # StateDirectory must be relative, and will be created under /var/lib by systemd
lpath = "acme/${cert}"; lpath = "acme/${cert}";
apath = "/var/lib/${lpath}"; apath = "/var/lib/${lpath}";
spath = "/var/lib/acme/.lego"; spath = "/var/lib/acme/.lego/${cert}";
fileMode = if data.allowKeysForGroup then "640" else "600"; fileMode = if data.allowKeysForGroup then "640" else "600";
globalOpts = [ "-d" data.domain "--email" data.email "--path" "." "--key-type" data.keyType ] globalOpts = [ "-d" data.domain "--email" data.email "--path" "." "--key-type" data.keyType ]
++ optionals (cfg.acceptTerms) [ "--accept-tos" ] ++ optionals (cfg.acceptTerms) [ "--accept-tos" ]
@ -330,7 +330,7 @@ in
User = data.user; User = data.user;
Group = data.group; Group = data.group;
PrivateTmp = true; PrivateTmp = true;
StateDirectory = "acme/.lego ${lpath}"; StateDirectory = "acme/.lego/${cert} ${lpath}";
StateDirectoryMode = if data.allowKeysForGroup then "750" else "700"; StateDirectoryMode = if data.allowKeysForGroup then "750" else "700";
WorkingDirectory = spath; WorkingDirectory = spath;
# Only try loading the credentialsFile if the dns challenge is enabled # Only try loading the credentialsFile if the dns challenge is enabled