diff options
author | EuAndreh <eu@euandre.org> | 2020-08-16 18:21:03 -0300 |
---|---|---|
committer | EuAndreh <eu@euandre.org> | 2020-08-16 19:07:25 -0300 |
commit | c26cf3f0dfa9df08201f344f625257daf7cb3a9c (patch) | |
tree | 9a29c1a3f34461052fe386d647f743b5fdf66548 /nixos-switch.sh | |
parent | Use NGINX to handle the creation of certificates for prosody (diff) | |
download | server-c26cf3f0dfa9df08201f344f625257daf7cb3a9c.tar.gz server-c26cf3f0dfa9df08201f344f625257daf7cb3a9c.tar.xz |
Checkpoint: Working Prosody server
Use NGINX to create TLS certificate and then share it with prosody.
Diffstat (limited to 'nixos-switch.sh')
-rwxr-xr-x | nixos-switch.sh | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/nixos-switch.sh b/nixos-switch.sh index 6a75a69..c972ea4 100755 --- a/nixos-switch.sh +++ b/nixos-switch.sh @@ -7,3 +7,13 @@ cd "$(dirname "${BASH_SOURCE[0]}")" envsubst < vps-configuration.env.nix | ssh "$TLD" 'cat > /etc/nixos/configuration.nix' echo "${USER_PASSWORD}" | ssh "$TLD" sudo -S nix-channel --add "https://nixos.org/channels/nixos-${SYSTEM_STATE_VERSION}" nixos echo "${USER_PASSWORD}" | ssh "$TLD" sudo -S -i nixos-rebuild switch --upgrade + +# Ugly hack to change TLS certificates permissions +echo "${USER_PASSWORD}" | ssh "$TLD" sudo -S "\ +sudo chmod 640 /var/lib/acme/chat.arrobaponto.org/key.pem; \ +sudo chmod 640 /var/lib/acme/chat.arrobaponto.org/fullchain.pem; \ +sudo chmod 770 /var/lib/acme/chat.arrobaponto.org/; \ +sudo chown nginx:prosody /var/lib/acme/chat.arrobaponto.org/fullchain.pem; \ +sudo chown nginx:prosody /var/lib/acme/chat.arrobaponto.org/key.pem; \ +sudo chown nginx:prosody /var/lib/acme/chat.arrobaponto.org/; \ +sudo systemctl restart prosody.service" |