ashie/nixos-vps
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Allow AdGuard Home to read ACME certificates via ReadOnlyPaths

Browse source
This commit is contained in:
ashisgreat22 2026-03-18 22:12:28 +01:00
parent deedd00762
commit c51c7183c1
1 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
modules/adguard.nix
View file

@ -141,7 +141,8 @@ in
systemd.services.adguardhome = { systemd.services.adguardhome = {
requires = [ "acme-${cfg.domain}.service" ]; requires = [ "acme-${cfg.domain}.service" ];
after = [ "acme-${cfg.domain}.service" ]; after = [ "acme-${cfg.domain}.service" ];
serviceConfig.SupplementaryGroups = [ "acme" ]; serviceConfig.SupplementaryGroups = [ "acme" "nginx" ];
serviceConfig.ReadOnlyPaths = [ "/var/lib/acme/${cfg.domain}" ];
serviceConfig.SystemCallFilter = lib.mkForce []; # Allow yq-go to run its syscalls serviceConfig.SystemCallFilter = lib.mkForce []; # Allow yq-go to run its syscalls
preStart = lib.mkAfter '' preStart = lib.mkAfter ''
if [ -f /var/lib/private/AdGuardHome/AdGuardHome.yaml ]; then if [ -f /var/lib/private/AdGuardHome/AdGuardHome.yaml ]; then