Merge pull request #84 from Ma27/restart-worker
module: restart worker when cert is changed
This commit is contained in:
Maximilian Bosch
GitHub
commit
94c544f6cd
1 changed files with 16 additions and 0 deletions
16
module.nix
16
module.nix
|
|
@ -300,6 +300,16 @@ in
|
||||||
);
|
);
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
assertions = [
|
||||||
|
{
|
||||||
|
assertion = cfg.nginx.enableACME -> cfg.nginx.enable;
|
||||||
|
message = ''
|
||||||
|
Cannot enable `services.authentik.nginx.enableACME` when
|
||||||
|
`services.authentik.nginx.enable` is `false`.
|
||||||
|
'';
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
authentik.settings = {
|
authentik.settings = {
|
||||||
blueprints_dir = mkDefault "${cfg.authentikComponents.staticWorkdirDeps}/blueprints";
|
blueprints_dir = mkDefault "${cfg.authentikComponents.staticWorkdirDeps}/blueprints";
|
||||||
|
|
@ -441,6 +451,12 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
security.acme.certs = mkIf cfg.nginx.enableACME {
|
||||||
|
${cfg.nginx.host}.postRun = ''
|
||||||
|
systemctl restart authentik-worker.service
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
services.nginx = mkIf cfg.nginx.enable {
|
services.nginx = mkIf cfg.nginx.enable {
|
||||||
enable = true;
|
enable = true;
|
||||||
recommendedTlsSettings = true;
|
recommendedTlsSettings = true;
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue