nixos: Working ACME certs

2022-06-06 00:18:24 +01:00
parent b472f4fe2e
commit 7da7458a34
10 changed files with 126 additions and 18 deletions
--- a/nixos/modules/tmproot.nix
+++ b/nixos/modules/tmproot.nix
@@ -225,6 +225,16 @@ in
        my.tmproot.persistence.config.files =
          concatMap (k: [ k.path "${k.path}.pub" ]) config.services.openssh.hostKeys;
      })
+      (mkIf (config.security.acme.certs != { }) {
+        my.tmproot.persistence.config.directories = [
+          {
+            directory = "/var/lib/acme";
+            mode = "0750";
+            user = "acme";
+            group = "acme";
+          }
+        ];
+      })
      (mkIf config.my.build.isDevVM {
        fileSystems = mkVMOverride {
          # Hijack the "root" device for persistence in the VM