summaryrefslogtreecommitdiff
path: root/hosts/surtr
diff options
context:
space:
mode:
Diffstat (limited to 'hosts/surtr')
-rw-r--r--hosts/surtr/tls/default.nix5
1 files changed, 4 insertions, 1 deletions
diff --git a/hosts/surtr/tls/default.nix b/hosts/surtr/tls/default.nix
index 9b1fd1f3..d4eb1fb0 100644
--- a/hosts/surtr/tls/default.nix
+++ b/hosts/surtr/tls/default.nix
@@ -96,7 +96,10 @@ in {
96 serviceAttrset = domain: { 96 serviceAttrset = domain: {
97 after = [ "knot.service" ]; 97 after = [ "knot.service" ];
98 bindsTo = [ "knot.service" ]; 98 bindsTo = [ "knot.service" ];
99 serviceConfig.LoadCredential = ["tsig_secret:${config.sops.secrets.${tsigSecretName domain}.path}"]; 99 serviceConfig = {
100 LoadCredential = ["tsig_secret:${config.sops.secrets.${tsigSecretName domain}.path}"];
101 SystemCallFilter = mkForce [ "@system-service" "~@privileged" "@chown" ];
102 };
100 }; 103 };
101 in mapAttrs' (domain: nameValuePair "acme-${domain}") (genAttrs (attrNames config.security.acme.certs) serviceAttrset); 104 in mapAttrs' (domain: nameValuePair "acme-${domain}") (genAttrs (attrNames config.security.acme.certs) serviceAttrset);
102 105