acme: ensure nginx challenges directory is writeable

This commit is contained in:
Domen Kožar 2016-11-29 15:55:33 +01:00
parent 69e0740baa
commit 75f131da02
2 changed files with 2 additions and 1 deletions

View File

@ -178,6 +178,7 @@ in
path = [ pkgs.simp_le ];
preStart = ''
mkdir -p '${cfg.directory}'
chown '${data.user}:${data.group}' '${cfg.directory}'
if [ ! -d '${cpath}' ]; then
mkdir '${cpath}'
fi

View File

@ -75,7 +75,7 @@ options for the <literal>security.acme</literal> module.</para>
<programlisting>
security.acme.certs."foo.example.com" = {
webroot = "/var/www/challenges";
webroot = config.security.acme.directory + "/acme-challenge";
email = "foo@example.com";
user = "nginx";
group = "nginx";