Merge pull request #84781 from Mic92/acme

acme: create certificates in subdirectory
2020-04-09 10:59:12 +01:00
parent 71a768a6e8 d7ff6ab94a
commit 6cbc9c82e6
1 changed files with 2 additions and 2 deletions
--- a/nixos/modules/security/acme.nix
+++ b/nixos/modules/security/acme.nix
@@ -301,7 +301,7 @@ in
                # StateDirectory must be relative, and will be created under /var/lib by systemd
                lpath = "acme/${cert}";
                apath = "/var/lib/${lpath}";
-                spath = "/var/lib/acme/.lego";
+                spath = "/var/lib/acme/.lego/${cert}";
                fileMode = if data.allowKeysForGroup then "640" else "600";
                globalOpts = [ "-d" data.domain "--email" data.email "--path" "." "--key-type" data.keyType ]
                          ++ optionals (cfg.acceptTerms) [ "--accept-tos" ]
@@ -330,7 +330,7 @@ in
                    User = data.user;
                    Group = data.group;
                    PrivateTmp = true;
-                    StateDirectory = "acme/.lego ${lpath}";
+                    StateDirectory = "acme/.lego/${cert} ${lpath}";
                    StateDirectoryMode = if data.allowKeysForGroup then "750" else "700";
                    WorkingDirectory = spath;
                    # Only try loading the credentialsFile if the dns challenge is enabled