about summary refs log tree commit diff
path: root/ops/modules/quassel.nix
diff options
context:
space:
mode:
Diffstat (limited to 'ops/modules/quassel.nix')
-rw-r--r--ops/modules/quassel.nix6
1 files changed, 5 insertions, 1 deletions
diff --git a/ops/modules/quassel.nix b/ops/modules/quassel.nix
index 275e2809d793..6acb0615f4c0 100644
--- a/ops/modules/quassel.nix
+++ b/ops/modules/quassel.nix
@@ -55,7 +55,7 @@ in
         "--port=${toString cfg.port}"
         "--configdir=/var/lib/quassel"
         "--require-ssl"
-        "--ssl-cert=/var/lib/acme/${cfg.acmeHost}/full.pem"
+        "--ssl-cert=$CREDENTIALS_DIRECTORY/quassel.pem"
         "--loglevel=${cfg.logLevel}"
       ];
 
@@ -64,6 +64,10 @@ in
         User = "quassel";
         Group = "quassel";
         StateDirectory = "quassel";
+
+        # Avoid trouble with the ACME file permissions by using the
+        # systemd credentials feature.
+        LoadCredential = "quassel.pem:/var/lib/acme/${cfg.acmeHost}/full.pem";
       };
     };