summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2021-09-20 15:18:10 +0200
committerGregor Kleen <gkleen@yggdrasil.li>2021-09-20 15:18:10 +0200
commitf3ae9ae928204a74d5736083cddad7a122779acf (patch)
treef5d457e6c8f526f876f89558b8d56bc042f879a9
parent72eb3cc60b09694ab5a31ff71dd0e088f2f42ab9 (diff)
downloadnixos-f3ae9ae928204a74d5736083cddad7a122779acf.tar
nixos-f3ae9ae928204a74d5736083cddad7a122779acf.tar.gz
nixos-f3ae9ae928204a74d5736083cddad7a122779acf.tar.bz2
nixos-f3ae9ae928204a74d5736083cddad7a122779acf.tar.xz
nixos-f3ae9ae928204a74d5736083cddad7a122779acf.zip
surtr(tls): ...
Diffstat
-rw-r--r--hosts/surtr/tls.nix7
1 files changed, 6 insertions, 1 deletions
diff --git a/hosts/surtr/tls.nix b/hosts/surtr/tls.nix
index 9a531930..7c62366a 100644
--- a/hosts/surtr/tls.nix
+++ b/hosts/surtr/tls.nix
@@ -24,6 +24,10 @@ let
24 [[ -n "''${commited}" ]] || ${knotCfg.cliWrappers}/bin/knotc zone-abort "${zone}" 24 [[ -n "''${commited}" ]] || ${knotCfg.cliWrappers}/bin/knotc zone-abort "${zone}"
25 } 25 }
26 26
27 ${pkgs.coreutils}/bin/stat /run/knot/knot.sock
28 ${pkgs.coreutils}/bin/ls -lhaFR /run/knot /run/knot/knot.sock
29 ${pkgs.coreutils}/bin/groups
30
27 ${knotCfg.cliWrappers}/bin/knotc zone-begin "${zone}" 31 ${knotCfg.cliWrappers}/bin/knotc zone-begin "${zone}"
28 trap abort EXIT 32 trap abort EXIT
29 33
@@ -75,8 +79,9 @@ in {
75 after = [ "knot.service" ]; 79 after = [ "knot.service" ];
76 bindsTo = [ "knot.service" ]; 80 bindsTo = [ "knot.service" ];
77 serviceConfig = { 81 serviceConfig = {
78 BindPaths = ["/run/knot:/run/knot"]; 82 ReadWritePaths = ["/run/knot/knot.sock"];
79 SupplementaryGroups = ["knot"]; 83 SupplementaryGroups = ["knot"];
84 RestrictAddressFamilies = ["AF_UNIX"];
80 }; 85 };
81 }; 86 };
82 in mapAttrs' (domain: nameValuePair "acme-${domain}") (genAttrs domains serviceAttrset); 87 in mapAttrs' (domain: nameValuePair "acme-${domain}") (genAttrs domains serviceAttrset);
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-11 09:44:48 +0000