john/dendritic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

creating certdir with tmpfiles

Browse Source
This commit is contained in:
John Lancaster
2026-03-28 00:05:43 -05:00
parent 5e6232eafe
commit 522df10764
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/features/mtls.nix
+8
View File
@@ -274,6 +274,10 @@ in
(mkMtlsRenewScript { inherit pkgs tlsCert tlsKey mtlsBundle; }) (mkMtlsRenewScript { inherit pkgs tlsCert tlsKey mtlsBundle; })
]; ];
systemd.tmpfiles.rules = [
"d ${cfg.certDir} 0750 ${cfg.renew.user} ${if cfg.renew.group == null then cfg.renew.user else cfg.renew.group} -"
];
systemd.services.mtls-renew = lib.mkIf cfg.renew.enable (mkNixosMtlsRenewService { systemd.services.mtls-renew = lib.mkIf cfg.renew.enable (mkNixosMtlsRenewService {
inherit pkgs tlsCert tlsKey mtlsBundle; inherit pkgs tlsCert tlsKey mtlsBundle;
inherit (cfg.renew) reloadUnits postCommands user group; inherit (cfg.renew) reloadUnits postCommands user group;
@@ -313,6 +317,10 @@ in
(mkMtlsRenewScript { inherit pkgs tlsCert tlsKey mtlsBundle; }) (mkMtlsRenewScript { inherit pkgs tlsCert tlsKey mtlsBundle; })
]; ];
systemd.user.tmpfiles.rules = lib.mkIf cfg.enable [
"d ${cfg.certDir} 0700 - - -"
];
systemd.user.services.mtls-renew = lib.mkIf cfg.renew.enable (mkHomeManagerMtlsRenewService { systemd.user.services.mtls-renew = lib.mkIf cfg.renew.enable (mkHomeManagerMtlsRenewService {
inherit pkgs tlsCert tlsKey mtlsBundle; inherit pkgs tlsCert tlsKey mtlsBundle;
inherit (cfg.renew) reloadUnits postCommands; inherit (cfg.renew) reloadUnits postCommands;