From d6725296cac5ddb29d734ca4db8c01ee260ea471 Mon Sep 17 00:00:00 2001 From: William Carroll Date: Thu, 30 Dec 2021 15:26:23 -0400 Subject: fix(wpcarro/diogenes): Ensure quassel can read ACME cert Add quassel to the nginx group because only user=acme and group=nginx can read /var/lib/acme/* Change-Id: If456b8ebf43ee098cd8007c3c6235c78c1071250 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4752 Tested-by: BuildkiteCI Reviewed-by: wpcarro Autosubmit: wpcarro --- users/wpcarro/nixos/diogenes/default.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'users/wpcarro') diff --git a/users/wpcarro/nixos/diogenes/default.nix b/users/wpcarro/nixos/diogenes/default.nix index 13fb046a2457..b253dd3a24ad 100644 --- a/users/wpcarro/nixos/diogenes/default.nix +++ b/users/wpcarro/nixos/diogenes/default.nix @@ -58,6 +58,9 @@ in wpcarro.terraform.googleCloudVM { openssh.authorizedKeys.keys = wpcarro.keys.all; shell = pkgs.fish; }; + # This is required so that quasselcore can read the ACME cert in + # /var/lib/acme, which is only available to user=acme or group=nginx. + quassel.extraGroups = [ "nginx" ]; }; }; -- cgit 1.4.1