...

author: Gregor Kleen <gkleen@yggdrasil.li> 2020-03-22 23:12:57 +0100
committer: Gregor Kleen <gkleen@yggdrasil.li> 2020-03-22 23:12:57 +0100
commit: ce57c2564c5a90db71998ebeb7589df770e20751 (patch)
tree: 05bc8b0ec8df719d959e442c34a5e471bd573779
parent: 5be46f445ba17a92cdda17c7c51de34befff7631 (diff)
download: nixos-ce57c2564c5a90db71998ebeb7589df770e20751.tar
nixos-ce57c2564c5a90db71998ebeb7589df770e20751.tar.gz
nixos-ce57c2564c5a90db71998ebeb7589df770e20751.tar.bz2
nixos-ce57c2564c5a90db71998ebeb7589df770e20751.tar.xz
nixos-ce57c2564c5a90db71998ebeb7589df770e20751.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/ymir.nix b/ymir.nix
index 8d5f9e62..1853affa 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -835,7 +835,6 @@ in rec {
  security.wrappers = { "newgrp".source = "${pkgs.shadow}/bin/newgrp"; };
  security.acme = {
-    acceptTerms = true;
    certs = {
      "yggdrasil.li" = {
        allowKeysForGroup = true;
@@ -851,6 +850,11 @@ in rec {
  };
  systemd.services."acme-yggdrasil.li".requires = [ "nginx.service" ]; 
+  systemd.services."acme-yggdrasil.li".preStart
+    = let mkDir = domain: ''
+            install -d -g ssl -o acme -m 2750 /srv/www/acme/${domain}
+          '';
+       in concatStringsSep "\n" (map mkDir myDomains);
  services.uucp = {
    enable = true;
author	Gregor Kleen <gkleen@yggdrasil.li>	2020-03-22 23:12:57 +0100
committer	Gregor Kleen <gkleen@yggdrasil.li>	2020-03-22 23:12:57 +0100
commit	ce57c2564c5a90db71998ebeb7589df770e20751 (patch)
tree	05bc8b0ec8df719d959e442c34a5e471bd573779
parent	5be46f445ba17a92cdda17c7c51de34befff7631 (diff)
download	nixos-ce57c2564c5a90db71998ebeb7589df770e20751.tar nixos-ce57c2564c5a90db71998ebeb7589df770e20751.tar.gz nixos-ce57c2564c5a90db71998ebeb7589df770e20751.tar.bz2 nixos-ce57c2564c5a90db71998ebeb7589df770e20751.tar.xz nixos-ce57c2564c5a90db71998ebeb7589df770e20751.zip