nixos/dex: fix ssl cert validation

This commit is contained in:
Sandro Jäckel 2022-12-23 06:38:48 +01:00
parent 51850fafcc
commit 32b35888d6
No known key found for this signature in database
GPG key ID: 3AF5A43A3EECC2E5

View file

@ -83,11 +83,12 @@ in
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
BindReadOnlyPaths = [
"/nix/store"
"-/etc/resolv.conf"
"-/etc/nsswitch.conf"
"-/etc/dex"
"-/etc/hosts"
"-/etc/localtime"
"-/etc/dex"
"-/etc/nsswitch.conf"
"-/etc/resolv.conf"
"-/etc/ssl/certs/ca-certificates.crt"
];
BindPaths = optional (cfg.settings.storage.type == "postgres") "/var/run/postgresql";
CapabilityBoundingSet = "CAP_NET_BIND_SERVICE";