about summary refs log tree commit diff
path: root/users/wpcarro
diff options
context:
space:
mode:
authorWilliam Carroll <wpcarro@gmail.com>2021-12-30T19·26-0400
committerclbot <clbot@tvl.fyi>2022-01-08T05·33+0000
commitd6725296cac5ddb29d734ca4db8c01ee260ea471 (patch)
treed92e610515ba7fdcc8832072be3167d53af7f4ae /users/wpcarro
parent6500fb551f5c5bf7b5c784fa6aaf45da12b43bc1 (diff)
fix(wpcarro/diogenes): Ensure quassel can read ACME cert r/3536
Add quassel to the nginx group because only user=acme and group=nginx can read
/var/lib/acme/*

Change-Id: If456b8ebf43ee098cd8007c3c6235c78c1071250
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4752
Tested-by: BuildkiteCI
Reviewed-by: wpcarro <wpcarro@gmail.com>
Autosubmit: wpcarro <wpcarro@gmail.com>
Diffstat (limited to 'users/wpcarro')
-rw-r--r--users/wpcarro/nixos/diogenes/default.nix3
1 files changed, 3 insertions, 0 deletions
diff --git a/users/wpcarro/nixos/diogenes/default.nix b/users/wpcarro/nixos/diogenes/default.nix
index 13fb046a2457..b253dd3a24ad 100644
--- a/users/wpcarro/nixos/diogenes/default.nix
+++ b/users/wpcarro/nixos/diogenes/default.nix
@@ -58,6 +58,9 @@ in wpcarro.terraform.googleCloudVM {
           openssh.authorizedKeys.keys = wpcarro.keys.all;
           shell = pkgs.fish;
         };
+        # This is required so that quasselcore can read the ACME cert in
+        # /var/lib/acme, which is only available to user=acme or group=nginx.
+        quassel.extraGroups = [ "nginx" ];
       };
     };