aboutsummaryrefslogtreecommitdiff
path: root/nixos-switch.sh
diff options
context:
space:
mode:
authorEuAndreh <eu@euandre.org>2020-08-16 18:21:03 -0300
committerEuAndreh <eu@euandre.org>2020-08-16 19:07:25 -0300
commitc26cf3f0dfa9df08201f344f625257daf7cb3a9c (patch)
tree9a29c1a3f34461052fe386d647f743b5fdf66548 /nixos-switch.sh
parentUse NGINX to handle the creation of certificates for prosody (diff)
downloadserver-c26cf3f0dfa9df08201f344f625257daf7cb3a9c.tar.gz
server-c26cf3f0dfa9df08201f344f625257daf7cb3a9c.tar.xz
Checkpoint: Working Prosody server
Use NGINX to create TLS certificate and then share it with prosody.
Diffstat (limited to 'nixos-switch.sh')
-rwxr-xr-xnixos-switch.sh10
1 files changed, 10 insertions, 0 deletions
diff --git a/nixos-switch.sh b/nixos-switch.sh
index 6a75a69..c972ea4 100755
--- a/nixos-switch.sh
+++ b/nixos-switch.sh
@@ -7,3 +7,13 @@ cd "$(dirname "${BASH_SOURCE[0]}")"
envsubst < vps-configuration.env.nix | ssh "$TLD" 'cat > /etc/nixos/configuration.nix'
echo "${USER_PASSWORD}" | ssh "$TLD" sudo -S nix-channel --add "https://nixos.org/channels/nixos-${SYSTEM_STATE_VERSION}" nixos
echo "${USER_PASSWORD}" | ssh "$TLD" sudo -S -i nixos-rebuild switch --upgrade
+
+# Ugly hack to change TLS certificates permissions
+echo "${USER_PASSWORD}" | ssh "$TLD" sudo -S "\
+sudo chmod 640 /var/lib/acme/chat.arrobaponto.org/key.pem; \
+sudo chmod 640 /var/lib/acme/chat.arrobaponto.org/fullchain.pem; \
+sudo chmod 770 /var/lib/acme/chat.arrobaponto.org/; \
+sudo chown nginx:prosody /var/lib/acme/chat.arrobaponto.org/fullchain.pem; \
+sudo chown nginx:prosody /var/lib/acme/chat.arrobaponto.org/key.pem; \
+sudo chown nginx:prosody /var/lib/acme/chat.arrobaponto.org/; \
+sudo systemctl restart prosody.service"