From ce57c2564c5a90db71998ebeb7589df770e20751 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sun, 22 Mar 2020 23:12:57 +0100
Subject: ...

---
 ymir.nix | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'ymir.nix')

diff --git a/ymir.nix b/ymir.nix
index 8d5f9e62..1853affa 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -835,7 +835,6 @@ in rec {
   security.wrappers = { "newgrp".source = "${pkgs.shadow}/bin/newgrp"; };
 
   security.acme = {
-    acceptTerms = true;
     certs = {
       "yggdrasil.li" = {
         allowKeysForGroup = true;
@@ -851,6 +850,11 @@ in rec {
   };
 
   systemd.services."acme-yggdrasil.li".requires = [ "nginx.service" ]; 
+  systemd.services."acme-yggdrasil.li".preStart
+    = let mkDir = domain: ''
+            install -d -g ssl -o acme -m 2750 /srv/www/acme/${domain}
+          '';
+       in concatStringsSep "\n" (map mkDir myDomains);
 
   services.uucp = {
     enable = true;
-- 
cgit v1.2.3