summaryrefslogtreecommitdiff
path: root/hosts/surtr/tls
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2022-11-08 09:32:15 +0100
committerGregor Kleen <gkleen@yggdrasil.li>2022-11-08 09:32:15 +0100
commitac9bdcb42a3396268aebda74b7a69b1a6a4117b5 (patch)
tree6518317405892055fd0c1fb30db19822914ea99c /hosts/surtr/tls
parenta13b3508981258145a9a7b516225e66f20d82473 (diff)
downloadnixos-ac9bdcb42a3396268aebda74b7a69b1a6a4117b5.tar
nixos-ac9bdcb42a3396268aebda74b7a69b1a6a4117b5.tar.gz
nixos-ac9bdcb42a3396268aebda74b7a69b1a6a4117b5.tar.bz2
nixos-ac9bdcb42a3396268aebda74b7a69b1a6a4117b5.tar.xz
nixos-ac9bdcb42a3396268aebda74b7a69b1a6a4117b5.zip
...
Diffstat (limited to 'hosts/surtr/tls')
-rw-r--r--hosts/surtr/tls/default.nix5
1 files changed, 4 insertions, 1 deletions
diff --git a/hosts/surtr/tls/default.nix b/hosts/surtr/tls/default.nix
index 9b1fd1f3..d4eb1fb0 100644
--- a/hosts/surtr/tls/default.nix
+++ b/hosts/surtr/tls/default.nix
@@ -96,7 +96,10 @@ in {
96 serviceAttrset = domain: { 96 serviceAttrset = domain: {
97 after = [ "knot.service" ]; 97 after = [ "knot.service" ];
98 bindsTo = [ "knot.service" ]; 98 bindsTo = [ "knot.service" ];
99 serviceConfig.LoadCredential = ["tsig_secret:${config.sops.secrets.${tsigSecretName domain}.path}"]; 99 serviceConfig = {
100 LoadCredential = ["tsig_secret:${config.sops.secrets.${tsigSecretName domain}.path}"];
101 SystemCallFilter = mkForce [ "@system-service" "~@privileged" "@chown" ];
102 };
100 }; 103 };
101 in mapAttrs' (domain: nameValuePair "acme-${domain}") (genAttrs (attrNames config.security.acme.certs) serviceAttrset); 104 in mapAttrs' (domain: nameValuePair "acme-${domain}") (genAttrs (attrNames config.security.acme.certs) serviceAttrset);
102 105