diff options
Diffstat (limited to 'hosts/surtr/tls.nix')
-rw-r--r-- | hosts/surtr/tls.nix | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/hosts/surtr/tls.nix b/hosts/surtr/tls.nix index 9a531930..7c62366a 100644 --- a/hosts/surtr/tls.nix +++ b/hosts/surtr/tls.nix | |||
@@ -24,6 +24,10 @@ let | |||
24 | [[ -n "''${commited}" ]] || ${knotCfg.cliWrappers}/bin/knotc zone-abort "${zone}" | 24 | [[ -n "''${commited}" ]] || ${knotCfg.cliWrappers}/bin/knotc zone-abort "${zone}" |
25 | } | 25 | } |
26 | 26 | ||
27 | ${pkgs.coreutils}/bin/stat /run/knot/knot.sock | ||
28 | ${pkgs.coreutils}/bin/ls -lhaFR /run/knot /run/knot/knot.sock | ||
29 | ${pkgs.coreutils}/bin/groups | ||
30 | |||
27 | ${knotCfg.cliWrappers}/bin/knotc zone-begin "${zone}" | 31 | ${knotCfg.cliWrappers}/bin/knotc zone-begin "${zone}" |
28 | trap abort EXIT | 32 | trap abort EXIT |
29 | 33 | ||
@@ -75,8 +79,9 @@ in { | |||
75 | after = [ "knot.service" ]; | 79 | after = [ "knot.service" ]; |
76 | bindsTo = [ "knot.service" ]; | 80 | bindsTo = [ "knot.service" ]; |
77 | serviceConfig = { | 81 | serviceConfig = { |
78 | BindPaths = ["/run/knot:/run/knot"]; | 82 | ReadWritePaths = ["/run/knot/knot.sock"]; |
79 | SupplementaryGroups = ["knot"]; | 83 | SupplementaryGroups = ["knot"]; |
84 | RestrictAddressFamilies = ["AF_UNIX"]; | ||
80 | }; | 85 | }; |
81 | }; | 86 | }; |
82 | in mapAttrs' (domain: nameValuePair "acme-${domain}") (genAttrs domains serviceAttrset); | 87 | in mapAttrs' (domain: nameValuePair "acme-${domain}") (genAttrs domains serviceAttrset); |