movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-13 21:50:33 +03:00
Code Activity

Merge pull request #190052 from JasonWoof/acme-example

Browse source 
nixos/doc: fix acme dns-01 example
This commit is contained in:
Christian Kögler 2022-10-07 12:53:15 +02:00 committed by GitHub
commit aff16d8bc8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

11
nixos/modules/security/acme/doc.xml
View file

@ -237,8 +237,8 @@ services.bind = {
<programlisting> <programlisting>
systemd.services.dns-rfc2136-conf = { systemd.services.dns-rfc2136-conf = {
requiredBy = ["acme-example.com.service", "bind.service"]; requiredBy = ["acme-example.com.service" "bind.service"];
before = ["acme-example.com.service", "bind.service"]; before = ["acme-example.com.service" "bind.service"];
unitConfig = { unitConfig = {
ConditionPathExists = "!/var/lib/secrets/dnskeys.conf"; ConditionPathExists = "!/var/lib/secrets/dnskeys.conf";
}; };
@ -249,18 +249,19 @@ systemd.services.dns-rfc2136-conf = {
path = [ pkgs.bind ]; path = [ pkgs.bind ];
script = '' script = ''
mkdir -p /var/lib/secrets mkdir -p /var/lib/secrets
chmod 755 /var/lib/secrets
tsig-keygen rfc2136key.example.com &gt; /var/lib/secrets/dnskeys.conf tsig-keygen rfc2136key.example.com &gt; /var/lib/secrets/dnskeys.conf
chown named:root /var/lib/secrets/dnskeys.conf chown named:root /var/lib/secrets/dnskeys.conf
chmod 400 /var/lib/secrets/dnskeys.conf chmod 400 /var/lib/secrets/dnskeys.conf
# Copy the secret value from the dnskeys.conf, and put it in # extract secret value from the dnskeys.conf
# RFC2136_TSIG_SECRET below while read x y; do if [ "$x" = "secret" ]; then secret="''${y:1:''${#y}-3}"; fi; done &lt; /var/lib/secrets/dnskeys.conf
cat &gt; /var/lib/secrets/certs.secret &lt;&lt; EOF cat &gt; /var/lib/secrets/certs.secret &lt;&lt; EOF
RFC2136_NAMESERVER='127.0.0.1:53' RFC2136_NAMESERVER='127.0.0.1:53'
RFC2136_TSIG_ALGORITHM='hmac-sha256.' RFC2136_TSIG_ALGORITHM='hmac-sha256.'
RFC2136_TSIG_KEY='rfc2136key.example.com' RFC2136_TSIG_KEY='rfc2136key.example.com'
RFC2136_TSIG_SECRET='your secret key' RFC2136_TSIG_SECRET='$secret'
EOF EOF
chmod 400 /var/lib/secrets/certs.secret chmod 400 /var/lib/secrets/certs.secret
''; '';