fix(wpcarro/diogenes): Ensure quassel can read ACME cert r/3536

Add quassel to the nginx group because only user=acme and group=nginx can read /var/lib/acme/* Change-Id: If456b8ebf43ee098cd8007c3c6235c78c1071250 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4752 Tested-by: BuildkiteCI Reviewed-by: wpcarro <wpcarro@gmail.com> Autosubmit: wpcarro <wpcarro@gmail.com>
author: William Carroll <wpcarro@gmail.com> 2021-12-30T19·26-0400
committer: clbot <clbot@tvl.fyi> 2022-01-08T05·33+0000
commit: d6725296cac5ddb29d734ca4db8c01ee260ea471 (patch)
tree: d92e610515ba7fdcc8832072be3167d53af7f4ae /users/wpcarro/nixos
parent: 6500fb551f5c5bf7b5c784fa6aaf45da12b43bc1 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/users/wpcarro/nixos/diogenes/default.nix b/users/wpcarro/nixos/diogenes/default.nix
index 13fb046a2457..b253dd3a24ad 100644
--- a/users/wpcarro/nixos/diogenes/default.nix
+++ b/users/wpcarro/nixos/diogenes/default.nix
@@ -58,6 +58,9 @@ in wpcarro.terraform.googleCloudVM {
           openssh.authorizedKeys.keys = wpcarro.keys.all;
           shell = pkgs.fish;
         };
+        # This is required so that quasselcore can read the ACME cert in
+        # /var/lib/acme, which is only available to user=acme or group=nginx.
+        quassel.extraGroups = [ "nginx" ];
       };
     };
author	William Carroll <wpcarro@gmail.com>	2021-12-30T19·26-0400
committer	clbot <clbot@tvl.fyi>	2022-01-08T05·33+0000
commit	d6725296cac5ddb29d734ca4db8c01ee260ea471 (patch)
tree	d92e610515ba7fdcc8832072be3167d53af7f4ae /users/wpcarro/nixos
parent	6500fb551f5c5bf7b5c784fa6aaf45da12b43bc1 (diff)