From 32b35888d6e20e97e22d16c0e9c6e716f6f247d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Fri, 23 Dec 2022 06:38:48 +0100 Subject: [PATCH] nixos/dex: fix ssl cert validation --- nixos/modules/services/web-apps/dex.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/nixos/modules/services/web-apps/dex.nix b/nixos/modules/services/web-apps/dex.nix index 1dcc6f7a7c5b..f69f1749aeb8 100644 --- a/nixos/modules/services/web-apps/dex.nix +++ b/nixos/modules/services/web-apps/dex.nix @@ -83,11 +83,12 @@ in AmbientCapabilities = "CAP_NET_BIND_SERVICE"; BindReadOnlyPaths = [ "/nix/store" - "-/etc/resolv.conf" - "-/etc/nsswitch.conf" + "-/etc/dex" "-/etc/hosts" "-/etc/localtime" - "-/etc/dex" + "-/etc/nsswitch.conf" + "-/etc/resolv.conf" + "-/etc/ssl/certs/ca-certificates.crt" ]; BindPaths = optional (cfg.settings.storage.type == "postgres") "/var/run/postgresql"; CapabilityBoundingSet = "CAP_NET_BIND_SERVICE";