acme: ensure nginx challenges directory is writeable

domenkozar · domenkozar · commit 75f131da02c0 · 2016-11-29T15:56:01.000+01:00
diff --git a/nixos/modules/security/acme.nix b/nixos/modules/security/acme.nix
@@ -178,6 +178,7 @@ in
                   path = [ pkgs.simp_le ];
                   preStart = ''
                     mkdir -p '${cfg.directory}'
+                    chown '${data.user}:${data.group}' '${cfg.directory}'
                     if [ ! -d '${cpath}' ]; then
                       mkdir '${cpath}'
                     fi
diff --git a/nixos/modules/security/acme.xml b/nixos/modules/security/acme.xml
@@ -75,7 +75,7 @@ options for the <literal>security.acme</literal> module.</para>
 
 <programlisting>
 security.acme.certs."foo.example.com" = {
-  webroot = "/var/www/challenges";
+  webroot = config.security.acme.directory + "/acme-challenge";
   email = "foo@example.com";
   user = "nginx";
   group = "nginx";
