...

author: Gregor Kleen <gkleen@yggdrasil.li> 2022-05-05 14:26:32 +0200
committer: Gregor Kleen <gkleen@yggdrasil.li> 2022-05-05 14:26:32 +0200
commit: 056552a1dad6bec2c2255c05166cccf25fe56273 (patch)
tree: 66e8eda39c2355ffad4cea018c19bd92eeb9f9d6
parent: 2c54894883689cb59cd371d226a4a19ee414d6df (diff)
download: nixos-056552a1dad6bec2c2255c05166cccf25fe56273.tar
nixos-056552a1dad6bec2c2255c05166cccf25fe56273.tar.gz
nixos-056552a1dad6bec2c2255c05166cccf25fe56273.tar.bz2
nixos-056552a1dad6bec2c2255c05166cccf25fe56273.tar.xz
nixos-056552a1dad6bec2c2255c05166cccf25fe56273.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix
index 9c56fb93..52955cd2 100644
--- a/hosts/surtr/email/default.nix
+++ b/hosts/surtr/email/default.nix
@@ -167,7 +167,11 @@ with lib;
    systemd.services.postfix = {
      preStart = concatMapStringsSep "\n" (domain: ''
-        cat /var/lib/acme/${domain}/key.pem /var/lib/acme/${domain}/full.pem > /var/lib/acme/${domain}/sni.pem
+        (
+          umask 0037
+          cat /var/lib/acme/${domain}/key.pem /var/lib/acme/${domain}/full.pem > /var/lib/acme/${domain}/sni.pem
+          chown acme:acme /var/lib/acme/${domain}/sni.pem
+        )
      '') ["bouncy.email" "mailin.bouncy.email" "mailsub.bouncy.email" "surtr.yggdrasil.li"];
      
      serviceConfig.LoadCredential = [
author	Gregor Kleen <gkleen@yggdrasil.li>	2022-05-05 14:26:32 +0200
committer	Gregor Kleen <gkleen@yggdrasil.li>	2022-05-05 14:26:32 +0200
commit	056552a1dad6bec2c2255c05166cccf25fe56273 (patch)
tree	66e8eda39c2355ffad4cea018c19bd92eeb9f9d6
parent	2c54894883689cb59cd371d226a4a19ee414d6df (diff)
download	nixos-056552a1dad6bec2c2255c05166cccf25fe56273.tar nixos-056552a1dad6bec2c2255c05166cccf25fe56273.tar.gz nixos-056552a1dad6bec2c2255c05166cccf25fe56273.tar.bz2 nixos-056552a1dad6bec2c2255c05166cccf25fe56273.tar.xz nixos-056552a1dad6bec2c2255c05166cccf25fe56273.zip