fix(ops/modules/quassel): use systemd LoadCredential to read certs
This avoids permission issues with nginx vs. quassel Change-Id: I770f8284d8fd8fc6d38add93c1681f9daebe8749 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8786 Reviewed-by: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI
This commit is contained in:
parent
e4fee75add
commit
2936a95efd
1 changed files with 5 additions and 1 deletions
|
@ -55,7 +55,7 @@ in
|
|||
"--port=${toString cfg.port}"
|
||||
"--configdir=/var/lib/quassel"
|
||||
"--require-ssl"
|
||||
"--ssl-cert=/var/lib/acme/${cfg.acmeHost}/full.pem"
|
||||
"--ssl-cert=$CREDENTIALS_DIRECTORY/quassel.pem"
|
||||
"--loglevel=${cfg.logLevel}"
|
||||
];
|
||||
|
||||
|
@ -64,6 +64,10 @@ in
|
|||
User = "quassel";
|
||||
Group = "quassel";
|
||||
StateDirectory = "quassel";
|
||||
|
||||
# Avoid trouble with the ACME file permissions by using the
|
||||
# systemd credentials feature.
|
||||
LoadCredential = "quassel.pem:/var/lib/acme/${cfg.acmeHost}/full.pem";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
Loading…
Reference in a new issue