Give traefik a writeable persistent directory for ACME

2024-12-26 20:58:46 +01:00 · 2024-12-26 20:58:46 +01:00 · 8b0483d0df
parent 2c6f2b0030
commit 8b0483d0df
1 changed files with 14 additions and 1 deletions
--- a/roles/traefik.nix
+++ b/roles/traefik.nix
@ -36,6 +36,19 @@
          ) (builtins.attrNames hosts);
        in
        {
+
+          environment.persistence."/persistent" = {
+            directories = [
+              "/etc/traefik"
+              {
+                directory = "/etc/traefik";
+                user = "traefik";
+                group = "root";
+                mode = "u=rwx,g=,o=";
+              }
+            ];
+          };
+
          sops.secrets = {
            "traefik/acmeEmail" = {
              owner = "traefik";
@ -94,7 +107,7 @@
                letsencrypt = {
                  acme = {
                    email = "$acmeEmail";
-                    storage = "acme.json";
+                    storage = "/etc/traefik/acme.json";
                    dnsChallenge = {
                      provider = "cloudflare";
                    };