From 8956bc32071e47da5d79dd08ba9e25eac7ef67c6 Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Mon, 28 Dec 2020 17:12:06 +0000 Subject: [PATCH] pomerium: use /var/lib/pomerium for autocert state --- nix/pkgs/pomerium/module.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/nix/pkgs/pomerium/module.nix b/nix/pkgs/pomerium/module.nix index 14b367f753..f64d1fc726 100644 --- a/nix/pkgs/pomerium/module.nix +++ b/nix/pkgs/pomerium/module.nix @@ -30,9 +30,12 @@ with lib; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; + Environment.AUTOCERT_DIR = "/var/lib/pomerium/autocert"; + serviceConfig = { DynamicUser = true; ExecStart = pkgs.writeShellScript "run-pomerium" '' + mkdir -p "$AUTOCERT_DIR" if [[ -v CREDENTIALS_DIRECTORY ]]; then cd "$CREDENTIALS_DIRECTORY" fi