From d23c15da90073e25fab84e47e8f20209fdc99766 Mon Sep 17 00:00:00 2001
From: Simon Bruder <simon@sbruder.de>
Date: Sun, 15 Dec 2024 17:03:39 +0100
Subject: [PATCH] renge/coturn: Fix ACME copying

Sandboxing requires + instead of ! for elevating permissions of
pre-start script.
---
 machines/renge/services/coturn.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/machines/renge/services/coturn.nix b/machines/renge/services/coturn.nix
index 0552a85..5602d6c 100644
--- a/machines/renge/services/coturn.nix
+++ b/machines/renge/services/coturn.nix
@@ -72,7 +72,8 @@ in
   systemd.services.coturn = {
     after = [ "acme-finished-${fqdn}.target" ];
     serviceConfig = {
-      ExecStartPre = lib.singleton "!${pkgs.writeShellScript "coturn-setup-tls" ''
+      RuntimeDirectory = "turnserver";
+      ExecStartPre = lib.singleton "+${pkgs.writeShellScript "coturn-setup-tls" ''
         cp ${config.security.acme.certs."${fqdn}".directory}/{fullchain,key}.pem /run/turnserver/
         chgrp turnserver /run/turnserver/{fullchain,key}.pem
       ''}";