fix(system/services/taskserver): Switch to strings instead of paths

author: Soispha <soispha@vhack.eu> 2023-10-04 20:19:52 +0200
committer: Soispha <soispha@vhack.eu> 2023-10-16 17:20:02 +0200
commit: fe9c31f2838c7c5bf1835ea4c48e0627399d02d4 (patch)
tree: c494f117d5569b7a913247c1abae0972715f8102 /system
parent: fix(system/services/taskserver): Store the self-signed ca key in agenix (diff)
download: nixos-server-fe9c31f2838c7c5bf1835ea4c48e0627399d02d4.tar.gz
nixos-server-fe9c31f2838c7c5bf1835ea4c48e0627399d02d4.zip
1 files changed, 2 insertions, 4 deletions
diff --git a/system/services/taskserver/default.nix b/system/services/taskserver/default.nix
index 7595700..200562f 100644
--- a/system/services/taskserver/default.nix
+++ b/system/services/taskserver/default.nix
@@ -6,10 +6,8 @@ in {
     pki.manual = {
       ca.cert = ./ca.cert.pem;
       server = {
-        # FIXME(@soispha): These are put _world-readable_ in the nix store, which is
-        # obviously very bad. These values should be strings <2023-10-04>
-        cert = /. + "${taskStore}/fullchain.pem";
-        key = /. + "${taskStore}/privkey.pem";
+        cert = "${taskStore}/fullchain.pem";
+        key = "${taskStore}/privkey.pem";
       };
     };
     organisations = import ./organisations.nix;
author	Soispha <soispha@vhack.eu>	2023-10-04 20:19:52 +0200
committer	Soispha <soispha@vhack.eu>	2023-10-16 17:20:02 +0200
commit	fe9c31f2838c7c5bf1835ea4c48e0627399d02d4 (patch)
tree	c494f117d5569b7a913247c1abae0972715f8102 /system
parent	fix(system/services/taskserver): Store the self-signed ca key in agenix (diff)
download	nixos-server-fe9c31f2838c7c5bf1835ea4c48e0627399d02d4.tar.gz nixos-server-fe9c31f2838c7c5bf1835ea4c48e0627399d02d4.zip