tamipes/authentik-nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

module: restart worker when cert is changed

Browse source 
Closes #12

The worker gets access to the ACME-managed certs via `LoadCredential`,
however that doesn't refresh files when the files in the credential
source change. Explicitly restart the worker to make sure these changes
are reflected in what the worker sees.
This commit is contained in:
Maximilian Bosch 2026-01-06 15:06:31 +01:00
parent e929253ded
commit cf07c71418
No known key found for this signature in database
1 changed files with 16 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

16
module.nix
View file

@ -300,6 +300,16 @@ in
); );
in in
{ {
assertions = [
{
assertion = cfg.nginx.enableACME -> cfg.nginx.enable;
message = ''
Cannot enable `services.authentik.nginx.enableACME` when
`services.authentik.nginx.enable` is `false`.
'';
}
];
services = { services = {
authentik.settings = { authentik.settings = {
blueprints_dir = mkDefault "${cfg.authentikComponents.staticWorkdirDeps}/blueprints"; blueprints_dir = mkDefault "${cfg.authentikComponents.staticWorkdirDeps}/blueprints";
@ -441,6 +451,12 @@ in
}; };
}; };
security.acme.certs = mkIf cfg.nginx.enableACME {
${cfg.nginx.host}.postRun = ''
systemctl restart authentik-worker.service
'';
};
services.nginx = mkIf cfg.nginx.enable { services.nginx = mkIf cfg.nginx.enable {
enable = true; enable = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;