talexander/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Releases Activity

nixos/galene: allow using self-signed certificates

Browse Source 
Fixes #356170

Later we might also want to make it easier to run behind nginx as a reverse proxy, for consistency with other modules.
This commit is contained in:
Arnout Engelen 2025-06-17 11:18:24 +02:00
parent 3e3afe5174
commit 87fbf71ed6
No known key found for this signature in database
GPG Key ID: 061107B0F74A6DAA
1 changed files with 1 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
nixos/modules/services/web-apps/galene.nix
View File

@ -128,23 +128,13 @@ in
};
config = mkIf cfg.enable {
assertions = [
{
assertion = cfg.insecure || (cfg.certFile != null && cfg.keyFile != null);
message = ''
Galene needs both certFile and keyFile defined for encryption, or
the insecure flag.
'';
}
];
systemd.services.galene = {
description = "galene";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
preStart = ''
${optionalString (cfg.insecure != true) ''
${optionalString (cfg.insecure != true && cfg.certFile != null && cfg.keyFile != null) ''
install -m 700 -o '${cfg.user}' -g '${cfg.group}' ${cfg.certFile} ${cfg.dataDir}/cert.pem
install -m 700 -o '${cfg.user}' -g '${cfg.group}' ${cfg.keyFile} ${cfg.dataDir}/key.pem
''}