steffen/cryodev
1
0
Fork 0
Code Issues Pull requests Projects Releases 2 Packages Wiki Activity Actions

fix ACME: set default group to nginx for webroot permissions
Some checks failed
Build Raspberry Pi SD Images / create-release (push) Has been cancelled
Details
Build Raspberry Pi SD Images / build-pi-images (cryodev-pi) (push) Has been cancelled
Details
Deploy cryodev-main / deploy-cryodev-main (push) Has been cancelled
Details

Browse source 
The ACME challenge directory was created with group 'acme' but nginx
needs read access to serve challenge responses. Setting defaults.group
to 'nginx' ensures all ACME directories are accessible by nginx.
This commit is contained in:
steffen 2026-03-14 13:45:08 +01:00
parent 5225974c2a
commit d623a01ebd
1 changed files with 1 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
modules/nixos/nginx/default.nix
View file

@ -62,6 +62,7 @@ in
acceptTerms = true; acceptTerms = true;
defaults.email = mkDefault "postmaster@${config.networking.domain}"; defaults.email = mkDefault "postmaster@${config.networking.domain}";
defaults.webroot = mkDefault "/var/lib/acme/acme-challenge"; defaults.webroot = mkDefault "/var/lib/acme/acme-challenge";
defaults.group = mkDefault "nginx";
}; };
security.dhparams = mkIf cfg.forceSSL { security.dhparams = mkIf cfg.forceSSL {