nixos/tests/acme: use CAP_NET_BIND_SERVICE
This commit is contained in:
parent
d0f04c1623
commit
695fd78ac4
@ -33,8 +33,7 @@ in import ./make-test-python.nix {
|
|||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = "${pkgs.pebble}/bin/pebble-challtestsrv -dns01 ':53' -defaultIPv6 '' -defaultIPv4 '${nodes.webserver.config.networking.primaryIPAddress}'";
|
ExecStart = "${pkgs.pebble}/bin/pebble-challtestsrv -dns01 ':53' -defaultIPv6 '' -defaultIPv4 '${nodes.webserver.config.networking.primaryIPAddress}'";
|
||||||
# Required to bind on privileged ports.
|
# Required to bind on privileged ports.
|
||||||
User = "root";
|
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
|
||||||
Group = "root";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -126,8 +126,7 @@ in {
|
|||||||
'';
|
'';
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
# Required to bind on privileged ports.
|
# Required to bind on privileged ports.
|
||||||
User = "root";
|
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
|
||||||
Group = "root";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
Loading…
Reference in New Issue
Block a user