acme: ensure nginx challenges directory is writeable

domenkozar · domenkozar · commit 9d0e39bced83 · 2016-11-29T15:56:24.000+01:00
(cherry picked from commit 75f131d) Signed-off-by: Domen Kožar <domen@dev.si>
diff --git a/nixos/modules/security/acme.nix b/nixos/modules/security/acme.nix
@@ -179,6 +179,7 @@ in
                   path = [ pkgs.simp_le ];
                   preStart = ''
                     mkdir -p '${cfg.directory}'
+                    chown '${data.user}:${data.group}' '${cfg.directory}'
                     if [ ! -d '${cpath}' ]; then
                       mkdir '${cpath}'
                     fi
diff --git a/nixos/modules/security/acme.xml b/nixos/modules/security/acme.xml
@@ -75,7 +75,7 @@ options for the <literal>security.acme</literal> module.</para>
 
 <programlisting>
 security.acme.certs."foo.example.com" = {
-  webroot = "/var/www/challenges";
+  webroot = config.security.acme.directory + "/acme-challenge";
   email = "foo@example.com";
   user = "nginx";
   group = "nginx";
