nixos/acme: Make sure nginx is running before certs are requested

This fixes https://github.com/NixOS/nixpkgs/issues/81842

We should probably also fix this for Apache, which recently also learned
to use ACME.
This commit is contained in:
Arian van Putten 2020-04-14 14:55:05 +02:00
parent 60247e8560
commit 681cc105ce
2 changed files with 4 additions and 6 deletions

View File

@ -693,6 +693,10 @@ in
wantedBy = [ "multi-user.target" ];
wants = concatLists (map (vhostConfig: ["acme-${vhostConfig.serverName}.service" "acme-selfsigned-${vhostConfig.serverName}.service"]) acmeEnabledVhosts);
after = [ "network.target" ] ++ map (vhostConfig: "acme-selfsigned-${vhostConfig.serverName}.service") acmeEnabledVhosts;
# Nginx needs to be started in order to be able to request certificates
# (it's hosting the acme challenge after all)
# This fixes https://github.com/NixOS/nixpkgs/issues/81842
before = map (vhostConfig: "acme-${vhostConfig.serverName}.service") acmeEnabledVhosts;
stopIfChanged = false;
preStart = ''
${cfg.preStart}

View File

@ -71,9 +71,6 @@ in import ./make-test-python.nix ({ lib, ... }: {
after = [ "acme-a.example.test.service" ];
wantedBy = [ "acme-a.example.test.service" ];
};
systemd.services."acme-a.example.test" = {
after = [ "nginx.service" ];
};
services.nginx.enable = true;
@ -93,9 +90,6 @@ in import ./make-test-python.nix ({ lib, ... }: {
after = [ "acme-b.example.test.service" ];
wantedBy = [ "acme-b.example.test.service" ];
};
systemd.services."acme-b.example.test" = {
after = [ "nginx.service" ];
};
services.nginx.virtualHosts."b.example.test" = {
enableACME = true;
forceSSL = true;