diff options
author | Lucas Savva <lucas@m1cr0man.com> | 2022-09-18 21:27:11 +0100 |
---|---|---|
committer | Winter <winter@winter.cafe> | 2022-10-06 10:30:24 -0400 |
commit | 39796cad46f1d0b0a14e84a680ababf5ab1ff86d (patch) | |
tree | bce414c8416529972401d5611d707f921b47f435 /nixos/modules | |
parent | 22d41f921fa82c891cc2522ffb90a303ecc8a115 (diff) |
nixos/acme: Fix cert renewal with built in webserver
Fixes #191794 Lego threw a permission denied error binding to port 80. AmbientCapabilities with CAP_NET_BIND_SERVICE was required. Also added a test for this.
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/security/acme/default.nix | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/nixos/modules/security/acme/default.nix b/nixos/modules/security/acme/default.nix index 377b543c58136..45e4dab087ec6 100644 --- a/nixos/modules/security/acme/default.nix +++ b/nixos/modules/security/acme/default.nix @@ -325,6 +325,7 @@ let ''); } // optionalAttrs (data.listenHTTP != null && toInt (elemAt (splitString ":" data.listenHTTP) 1) < 1024) { CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ]; + AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ]; }; # Working directory will be /tmp |