renge/coturn: Fix ACME copying

Sandboxing requires + instead of ! for elevating permissions of pre-start script.
2024-12-15 17:03:39 +01:00 · 2024-12-15 17:03:39 +01:00 · d23c15da90
parent 90d3720a75
commit d23c15da90
1 changed files with 2 additions and 1 deletions
--- a/machines/renge/services/coturn.nix
+++ b/machines/renge/services/coturn.nix
@ -72,7 +72,8 @@ in
  systemd.services.coturn = {
    after = [ "acme-finished-${fqdn}.target" ];
    serviceConfig = {
-      ExecStartPre = lib.singleton "!${pkgs.writeShellScript "coturn-setup-tls" ''
+      RuntimeDirectory = "turnserver";
+      ExecStartPre = lib.singleton "+${pkgs.writeShellScript "coturn-setup-tls" ''
        cp ${config.security.acme.certs."${fqdn}".directory}/{fullchain,key}.pem /run/turnserver/
        chgrp turnserver /run/turnserver/{fullchain,key}.pem
      ''}";