diff --git a/hosts/c3d2-web/default.nix b/hosts/c3d2-web/default.nix index f83d073e..3c358d98 100644 --- a/hosts/c3d2-web/default.nix +++ b/hosts/c3d2-web/default.nix @@ -130,42 +130,46 @@ in language = "de"; }; - systemd.services = { - # lets agate access the tls certs - agate = { - requires = [ "agate-keys.service" ]; - after = [ "agate-keys.service" ]; - serviceConfig = { - Group = "keys"; + systemd = { + packages = with pkgs; [ telme10 ]; + services = { + # lets agate access the tls certs + agate = { + requires = [ "agate-keys.service" ]; + after = [ "agate-keys.service" ]; + serviceConfig = { + Group = "keys"; + }; + }; + agate-keys = { + path = with pkgs; [ openssl ]; + script = + let + stateDir = "/var/lib/agate/certificates"; + in + '' + mkdir -p ${stateDir} + openssl x509 \ + -in /var/lib/acme/www.c3d2.de/cert.pem \ + -out ${stateDir}/cert.der \ + -outform DER + openssl rsa \ + -in /var/lib/acme/www.c3d2.de/key.pem \ + -out ${stateDir}/key.der \ + -outform DER + chown root:keys ${stateDir}/* + chmod 0640 ${stateDir}/* + ''; + serviceConfig = { + Type = "oneshot"; + }; + }; + telme10 = { + serviceConfig.AmbientCapabilities = "CAP_NET_BIND_SERVICE"; }; }; - agate-keys = { - path = with pkgs; [ openssl ]; - script = - let - stateDir = "/var/lib/agate/certificates"; - in - '' - mkdir -p ${stateDir} - openssl x509 \ - -in /var/lib/acme/www.c3d2.de/cert.pem \ - -out ${stateDir}/cert.der \ - -outform DER - openssl rsa \ - -in /var/lib/acme/www.c3d2.de/key.pem \ - -out ${stateDir}/key.der \ - -outform DER - chown root:keys ${stateDir}/* - chmod 0640 ${stateDir}/* - ''; - serviceConfig = { - Type = "oneshot"; - }; - }; - telm10 = { - path = with pkgs; [ telme10 ]; - serviceConfig.AmbientCapabilities = "CAP_NET_BIND_SERVICE"; - }; + + sockets.telme10.wantedBy = [ "sockets.target" ]; }; users = {