diff options
| author | Sandro Jäckel <sandro.jaeckel@gmail.com> | 2022-12-23 06:38:48 +0100 |
|---|---|---|
| committer | Sandro Jäckel <sandro.jaeckel@gmail.com> | 2022-12-23 06:39:26 +0100 |
| commit | 32b35888d6e20e97e22d16c0e9c6e716f6f247d4 (patch) | |
| tree | 1b4e4ede4d157d90984dbe2ce7c216c537ab440d /nixos | |
| parent | 51850fafcc93ef0e307ae6265e9948df59e7b625 (diff) | |
nixos/dex: fix ssl cert validation
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/services/web-apps/dex.nix | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/nixos/modules/services/web-apps/dex.nix b/nixos/modules/services/web-apps/dex.nix index 1dcc6f7a7c5bc..f69f1749aeb83 100644 --- a/nixos/modules/services/web-apps/dex.nix +++ b/nixos/modules/services/web-apps/dex.nix @@ -83,11 +83,12 @@ in AmbientCapabilities = "CAP_NET_BIND_SERVICE"; BindReadOnlyPaths = [ "/nix/store" - "-/etc/resolv.conf" - "-/etc/nsswitch.conf" + "-/etc/dex" "-/etc/hosts" "-/etc/localtime" - "-/etc/dex" + "-/etc/nsswitch.conf" + "-/etc/resolv.conf" + "-/etc/ssl/certs/ca-certificates.crt" ]; BindPaths = optional (cfg.settings.storage.type == "postgres") "/var/run/postgresql"; CapabilityBoundingSet = "CAP_NET_BIND_SERVICE"; |