c3d2-web: fix telme10 startup
This commit is contained in:
parent
424242fe84
commit
11111118af
|
@ -130,42 +130,46 @@ in
|
|||
language = "de";
|
||||
};
|
||||
|
||||
systemd.services = {
|
||||
# lets agate access the tls certs
|
||||
agate = {
|
||||
requires = [ "agate-keys.service" ];
|
||||
after = [ "agate-keys.service" ];
|
||||
serviceConfig = {
|
||||
Group = "keys";
|
||||
systemd = {
|
||||
packages = with pkgs; [ telme10 ];
|
||||
services = {
|
||||
# lets agate access the tls certs
|
||||
agate = {
|
||||
requires = [ "agate-keys.service" ];
|
||||
after = [ "agate-keys.service" ];
|
||||
serviceConfig = {
|
||||
Group = "keys";
|
||||
};
|
||||
};
|
||||
agate-keys = {
|
||||
path = with pkgs; [ openssl ];
|
||||
script =
|
||||
let
|
||||
stateDir = "/var/lib/agate/certificates";
|
||||
in
|
||||
''
|
||||
mkdir -p ${stateDir}
|
||||
openssl x509 \
|
||||
-in /var/lib/acme/www.c3d2.de/cert.pem \
|
||||
-out ${stateDir}/cert.der \
|
||||
-outform DER
|
||||
openssl rsa \
|
||||
-in /var/lib/acme/www.c3d2.de/key.pem \
|
||||
-out ${stateDir}/key.der \
|
||||
-outform DER
|
||||
chown root:keys ${stateDir}/*
|
||||
chmod 0640 ${stateDir}/*
|
||||
'';
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
};
|
||||
};
|
||||
telme10 = {
|
||||
serviceConfig.AmbientCapabilities = "CAP_NET_BIND_SERVICE";
|
||||
};
|
||||
};
|
||||
agate-keys = {
|
||||
path = with pkgs; [ openssl ];
|
||||
script =
|
||||
let
|
||||
stateDir = "/var/lib/agate/certificates";
|
||||
in
|
||||
''
|
||||
mkdir -p ${stateDir}
|
||||
openssl x509 \
|
||||
-in /var/lib/acme/www.c3d2.de/cert.pem \
|
||||
-out ${stateDir}/cert.der \
|
||||
-outform DER
|
||||
openssl rsa \
|
||||
-in /var/lib/acme/www.c3d2.de/key.pem \
|
||||
-out ${stateDir}/key.der \
|
||||
-outform DER
|
||||
chown root:keys ${stateDir}/*
|
||||
chmod 0640 ${stateDir}/*
|
||||
'';
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
};
|
||||
};
|
||||
telm10 = {
|
||||
path = with pkgs; [ telme10 ];
|
||||
serviceConfig.AmbientCapabilities = "CAP_NET_BIND_SERVICE";
|
||||
};
|
||||
|
||||
sockets.telme10.wantedBy = [ "sockets.target" ];
|
||||
};
|
||||
|
||||
users = {
|
||||
|
|
Loading…
Reference in New Issue