From 8b0483d0dff8b2484ae0fc85491e6d7dad2156b3 Mon Sep 17 00:00:00 2001
From: Kalle Struik <kalle@kallestruik.nl>
Date: Thu, 26 Dec 2024 20:58:46 +0100
Subject: [PATCH] Give traefik a writeable persistent directory for ACME

---
 roles/traefik.nix | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/roles/traefik.nix b/roles/traefik.nix
index 13566e1..06467db 100644
--- a/roles/traefik.nix
+++ b/roles/traefik.nix
@@ -36,6 +36,19 @@
           ) (builtins.attrNames hosts);
         in
         {
+
+          environment.persistence."/persistent" = {
+            directories = [
+              "/etc/traefik"
+              {
+                directory = "/etc/traefik";
+                user = "traefik";
+                group = "root";
+                mode = "u=rwx,g=,o=";
+              }
+            ];
+          };
+
           sops.secrets = {
             "traefik/acmeEmail" = {
               owner = "traefik";
@@ -94,7 +107,7 @@
                 letsencrypt = {
                   acme = {
                     email = "$acmeEmail";
-                    storage = "acme.json";
+                    storage = "/etc/traefik/acme.json";
                     dnsChallenge = {
                       provider = "cloudflare";
                     };