caddy: don't take exclusive lock on acme cert
This commit is contained in:
parent
ad7db51d8b
commit
03f6b81b1b
|
|
@ -1,10 +1,14 @@
|
||||||
{...}: {
|
{lib, ...}: {
|
||||||
security.acme.certs."caspervk.net" = {
|
security.acme.certs."caspervk.net" = {
|
||||||
domain = "*.caspervk.net";
|
domain = "*.caspervk.net";
|
||||||
reloadServices = [
|
reloadServices = [
|
||||||
"caddy.service"
|
"caddy.service"
|
||||||
"murmur.service"
|
"murmur.service"
|
||||||
];
|
];
|
||||||
|
# The NixOS Caddy module is a little too clever and sets the cert's group
|
||||||
|
# to 'caddy', which means other services can't load it. This is not needed
|
||||||
|
# since we handle the group membership manually.
|
||||||
|
group = lib.mkForce "acme";
|
||||||
};
|
};
|
||||||
users.groups.acme.members = [
|
users.groups.acme.members = [
|
||||||
"caddy"
|
"caddy"
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,13 @@
|
||||||
{...}: {
|
{lib, ...}: {
|
||||||
security.acme.certs."caspervk.net" = {
|
security.acme.certs."caspervk.net" = {
|
||||||
domain = "*.caspervk.net";
|
domain = "*.caspervk.net";
|
||||||
reloadServices = [
|
reloadServices = [
|
||||||
"caddy.service"
|
"caddy.service"
|
||||||
];
|
];
|
||||||
|
# The NixOS Caddy module is a little too clever and sets the cert's group
|
||||||
|
# to 'caddy', which means other services can't load it. This is not needed
|
||||||
|
# since we handle the group membership manually.
|
||||||
|
group = lib.mkForce "acme";
|
||||||
};
|
};
|
||||||
users.groups.acme.members = [
|
users.groups.acme.members = [
|
||||||
"caddy"
|
"caddy"
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue