summaryrefslogtreecommitdiff
path: root/hosts/surtr/tls.nix
diff options
context:
space:
mode:
Diffstat (limited to 'hosts/surtr/tls.nix')
-rw-r--r--hosts/surtr/tls.nix7
1 files changed, 6 insertions, 1 deletions
diff --git a/hosts/surtr/tls.nix b/hosts/surtr/tls.nix
index 9a531930..7c62366a 100644
--- a/hosts/surtr/tls.nix
+++ b/hosts/surtr/tls.nix
@@ -24,6 +24,10 @@ let
24 [[ -n "''${commited}" ]] || ${knotCfg.cliWrappers}/bin/knotc zone-abort "${zone}" 24 [[ -n "''${commited}" ]] || ${knotCfg.cliWrappers}/bin/knotc zone-abort "${zone}"
25 } 25 }
26 26
27 ${pkgs.coreutils}/bin/stat /run/knot/knot.sock
28 ${pkgs.coreutils}/bin/ls -lhaFR /run/knot /run/knot/knot.sock
29 ${pkgs.coreutils}/bin/groups
30
27 ${knotCfg.cliWrappers}/bin/knotc zone-begin "${zone}" 31 ${knotCfg.cliWrappers}/bin/knotc zone-begin "${zone}"
28 trap abort EXIT 32 trap abort EXIT
29 33
@@ -75,8 +79,9 @@ in {
75 after = [ "knot.service" ]; 79 after = [ "knot.service" ];
76 bindsTo = [ "knot.service" ]; 80 bindsTo = [ "knot.service" ];
77 serviceConfig = { 81 serviceConfig = {
78 BindPaths = ["/run/knot:/run/knot"]; 82 ReadWritePaths = ["/run/knot/knot.sock"];
79 SupplementaryGroups = ["knot"]; 83 SupplementaryGroups = ["knot"];
84 RestrictAddressFamilies = ["AF_UNIX"];
80 }; 85 };
81 }; 86 };
82 in mapAttrs' (domain: nameValuePair "acme-${domain}") (genAttrs domains serviceAttrset); 87 in mapAttrs' (domain: nameValuePair "acme-${domain}") (genAttrs domains serviceAttrset);
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-21 20:30:43 +0000