caspervk/nixos
1
0
Fork 0
Code Actions Activity

caddy: don't take exclusive lock on acme cert

Browse source
This commit is contained in:
Casper V. Kristensen 2024-04-16 02:32:16 +02:00
parent ad7db51d8b
commit 03f6b81b1b
2 changed files with 10 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
hosts/alpha/acme.nix
View file

@ -1,10 +1,14 @@
{...}: {
{lib, ...}: {
security.acme.certs."caspervk.net" = {
domain = "*.caspervk.net";
reloadServices = [
"caddy.service"
"murmur.service"
];
# The NixOS Caddy module is a little too clever and sets the cert's group
# to 'caddy', which means other services can't load it. This is not needed
# since we handle the group membership manually.
group = lib.mkForce "acme";
};
users.groups.acme.members = [
"caddy"

6
hosts/sigma/acme.nix
View file

@ -1,9 +1,13 @@
{...}: {
{lib, ...}: {
security.acme.certs."caspervk.net" = {
domain = "*.caspervk.net";
reloadServices = [
"caddy.service"
];
# The NixOS Caddy module is a little too clever and sets the cert's group
# to 'caddy', which means other services can't load it. This is not needed
# since we handle the group membership manually.
group = lib.mkForce "acme";
};
users.groups.acme.members = [
"caddy"