nixos/acme: Make sure nginx is running before certs are requested
This fixes https://github.com/NixOS/nixpkgs/issues/81842 We should probably also fix this for Apache, which recently also learned to use ACME.
This commit is contained in:
parent
60247e8560
commit
681cc105ce
@ -693,6 +693,10 @@ in
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
wants = concatLists (map (vhostConfig: ["acme-${vhostConfig.serverName}.service" "acme-selfsigned-${vhostConfig.serverName}.service"]) acmeEnabledVhosts);
|
||||
after = [ "network.target" ] ++ map (vhostConfig: "acme-selfsigned-${vhostConfig.serverName}.service") acmeEnabledVhosts;
|
||||
# Nginx needs to be started in order to be able to request certificates
|
||||
# (it's hosting the acme challenge after all)
|
||||
# This fixes https://github.com/NixOS/nixpkgs/issues/81842
|
||||
before = map (vhostConfig: "acme-${vhostConfig.serverName}.service") acmeEnabledVhosts;
|
||||
stopIfChanged = false;
|
||||
preStart = ''
|
||||
${cfg.preStart}
|
||||
|
@ -71,9 +71,6 @@ in import ./make-test-python.nix ({ lib, ... }: {
|
||||
after = [ "acme-a.example.test.service" ];
|
||||
wantedBy = [ "acme-a.example.test.service" ];
|
||||
};
|
||||
systemd.services."acme-a.example.test" = {
|
||||
after = [ "nginx.service" ];
|
||||
};
|
||||
|
||||
services.nginx.enable = true;
|
||||
|
||||
@ -93,9 +90,6 @@ in import ./make-test-python.nix ({ lib, ... }: {
|
||||
after = [ "acme-b.example.test.service" ];
|
||||
wantedBy = [ "acme-b.example.test.service" ];
|
||||
};
|
||||
systemd.services."acme-b.example.test" = {
|
||||
after = [ "nginx.service" ];
|
||||
};
|
||||
services.nginx.virtualHosts."b.example.test" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
|
Loading…
x
Reference in New Issue
Block a user