Don't create a challenge dir if no local domains

2021-12-10 18:54:00 -08:00 · 2021-12-10 18:54:00 -08:00 · 1edfcad643
commit 1edfcad643
parent 541890c08f
1 changed files with 18 additions and 16 deletions
--- a/lib/fudo/acme-certs.nix
+++ b/lib/fudo/acme-certs.nix
@ -152,22 +152,24 @@ in {
    networking.firewall.allowedTCPPorts = [ 80 443 ];
    systemd = {
-      tmpfiles.rules = let
+      tmpfiles = mkIf hasLocalDomains {
-        copies = concatMapAttrs (domain: domainOpts:
+        rules = let
-          domainOpts.local-copies) localDomains;
+          copies = concatMapAttrs (domain: domainOpts:
-        perms = copyOpts: if (copyOpts.group != null) then "0550" else "0500";
+            domainOpts.local-copies) localDomains;
-        copy-paths = mapAttrsToList (copy: copyOpts:
+          perms = copyOpts: if (copyOpts.group != null) then "0550" else "0500";
-          let
+          copy-paths = mapAttrsToList (copy: copyOpts:
-            dir-entry = copyOpts: file: "d \"${dirOf file}\" ${perms copyOpts} ${copyOpts.user} ${optionalStringOr copyOpts.group "-"} - -";
+            let
-          in map (dir-entry copyOpts) [
+              dir-entry = copyOpts: file: "d \"${dirOf file}\" ${perms copyOpts} ${copyOpts.user} ${optionalStringOr copyOpts.group "-"} - -";
-            copyOpts.certificate
+            in map (dir-entry copyOpts) [
-            copyOpts.full-certificate
+              copyOpts.certificate
-            copyOpts.chain
+              copyOpts.full-certificate
-            copyOpts.private-key
+              copyOpts.chain
-          ]) copies;
+              copyOpts.private-key
-      in (unique (concatMap (i: unique i) copy-paths)) ++ [
+            ]) copies;
-        "d \"${cfg.challenge-path}\" 755 acme nginx - -"
+        in (unique (concatMap (i: unique i) copy-paths)) ++ [
-      ];
+          "d \"${cfg.challenge-path}\" 755 acme nginx - -"
        ];
      };
      services = concatMapAttrs (domain: domainOpts:
        concatMapAttrs (copy: copyOpts: let