JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #85185 from m1cr0man/legoaccounts

Browse Source 
acme: share accounts between certificates
This commit is contained in:
Jörg Thalheim 2020-04-14 13:12:57 +01:00 committed by GitHub
commit fd438d5f09
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
nixos/modules/security/acme.nix
View File

@ -330,13 +330,14 @@ in
User = data.user; User = data.user;
Group = data.group; Group = data.group;
PrivateTmp = true; PrivateTmp = true;
StateDirectory = "acme/.lego/${cert} ${lpath}"; StateDirectory = "acme/.lego/${cert} acme/.lego/accounts ${lpath}";
StateDirectoryMode = if data.allowKeysForGroup then "750" else "700"; StateDirectoryMode = if data.allowKeysForGroup then "750" else "700";
WorkingDirectory = spath; WorkingDirectory = spath;
# Only try loading the credentialsFile if the dns challenge is enabled # Only try loading the credentialsFile if the dns challenge is enabled
EnvironmentFile = if data.dnsProvider != null then data.credentialsFile else null; EnvironmentFile = if data.dnsProvider != null then data.credentialsFile else null;
ExecStart = pkgs.writeScript "acme-start" '' ExecStart = pkgs.writeScript "acme-start" ''
#!${pkgs.runtimeShell} -e #!${pkgs.runtimeShell} -e
test -L ${spath}/accounts -o -d ${spath}/accounts || ln -s ../accounts ${spath}/accounts
${pkgs.lego}/bin/lego ${renewOpts} || ${pkgs.lego}/bin/lego ${runOpts} ${pkgs.lego}/bin/lego ${renewOpts} || ${pkgs.lego}/bin/lego ${runOpts}
''; '';
ExecStartPost = ExecStartPost =