From 16b0f078907b39fcdf1c938342c3529a49e3cafb Mon Sep 17 00:00:00 2001
From: Richard Marko <srk@48.io>
Date: Fri, 12 Feb 2021 09:20:25 +0100
Subject: [PATCH] nixos/nginx: fix comment about acme postRun not running as
 root

As of 67a5d66 this is no longer true, since acme postRun runs as root.
The idea of the service is good so reword a comment a bit.
---
 nixos/modules/services/web-servers/nginx/default.nix | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix
index 1a078ea6bd5f..705f041eeaba 100644
--- a/nixos/modules/services/web-servers/nginx/default.nix
+++ b/nixos/modules/services/web-servers/nginx/default.nix
@@ -867,8 +867,9 @@ in
       source = configFile;
     };
 
-    # postRun hooks on cert renew can't be used to restart Nginx since renewal
-    # runs as the unprivileged acme user. sslTargets are added to wantedBy + before
+    # This service waits for all certificates to be available
+    # before reloading nginx configuration.
+    # sslTargets are added to wantedBy + before
     # which allows the acme-finished-$cert.target to signify the successful updating
     # of certs end-to-end.
     systemd.services.nginx-config-reload = let