|
|
|
@ -406,10 +406,10 @@
|
|
|
|
|
Restart = "on-failure";
|
|
|
|
|
} // hardeningFlags;
|
|
|
|
|
preStart = ''
|
|
|
|
|
if [ ! -d ${cfg.certDir}/${name}.${cfg.externalHost} ]; then
|
|
|
|
|
mkdir -p ${cfg.certDir}/${name}.${cfg.externalHost}
|
|
|
|
|
fi
|
|
|
|
|
if ${boolToString cfg.generateCerts}; then
|
|
|
|
|
if [ ! -d ${cfg.certDir}/${name}.${cfg.externalHost} ]; then
|
|
|
|
|
mkdir -p ${cfg.certDir}/${name}.${cfg.externalHost}
|
|
|
|
|
fi
|
|
|
|
|
if [ ! -f ${cfg.certDir}/${name}.${cfg.externalHost}/fullchain.pem ] || \
|
|
|
|
|
[ ! -f ${cfg.certDir}/${name}.${cfg.externalHost}/privkey.pem ]; then
|
|
|
|
|
${pkgs.libressl}/bin/openssl req -x509 -newkey rsa:4096 \
|
|
|
|
|