nixos/acme: Fix postRun in acme certificate being ran at every run

2020-04-16 12:32:47 +02:00 · 2020-04-16 12:32:47 +02:00 · 8e88b8dce2
commit 8e88b8dce2
parent bcfca556f4
1 changed files with 6 additions and 1 deletions
--- a/nixos/modules/security/acme.nix
+++ b/nixos/modules/security/acme.nix
@ -349,7 +349,9 @@ in

                          # Test that existing cert is older than new cert
                          KEY=${spath}/certificates/${keyName}.key
+                          KEY_CHANGED=no
                          if [ -e $KEY -a $KEY -nt key.pem ]; then
+                            KEY_CHANGED=yes
                            cp -p ${spath}/certificates/${keyName}.key key.pem
                            cp -p ${spath}/certificates/${keyName}.crt fullchain.pem
                            cp -p ${spath}/certificates/${keyName}.issuer.crt chain.pem
@ -360,7 +362,10 @@ in
                          chmod ${fileMode} *.pem
                          chown '${data.user}:${data.group}' *.pem

-                          ${data.postRun}
+                          if [ "$KEY_CHANGED" = "yes" ]; then
+                            : # noop in case postRun is empty
+                            ${data.postRun}
+                          fi
                        '';
                      in
                        "+${script}";