public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/acme: Fix postRun in acme certificate being ran at every run

This commit is contained in:
Ismaël Bouya 2020-04-16 12:32:47 +02:00
parent bcfca556f4
commit 8e88b8dce2
No known key found for this signature in database
GPG Key ID: FD1D4EF57FA95902
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
nixos/modules/security/acme.nix
View File

@ -349,7 +349,9 @@ in
# Test that existing cert is older than new cert # Test that existing cert is older than new cert
KEY=${spath}/certificates/${keyName}.key KEY=${spath}/certificates/${keyName}.key
KEY_CHANGED=no
if [ -e $KEY -a $KEY -nt key.pem ]; then if [ -e $KEY -a $KEY -nt key.pem ]; then
KEY_CHANGED=yes
cp -p ${spath}/certificates/${keyName}.key key.pem cp -p ${spath}/certificates/${keyName}.key key.pem
cp -p ${spath}/certificates/${keyName}.crt fullchain.pem cp -p ${spath}/certificates/${keyName}.crt fullchain.pem
cp -p ${spath}/certificates/${keyName}.issuer.crt chain.pem cp -p ${spath}/certificates/${keyName}.issuer.crt chain.pem
@ -360,7 +362,10 @@ in
chmod ${fileMode} *.pem chmod ${fileMode} *.pem
chown '${data.user}:${data.group}' *.pem chown '${data.user}:${data.group}' *.pem
${data.postRun} if [ "$KEY_CHANGED" = "yes" ]; then
: # noop in case postRun is empty
${data.postRun}
fi
''; '';
in in
"+${script}"; "+${script}";