nixos/kanidm: Bind mount cacert path in unixd service

In order to be able to use the unixd service with the `verify_ca` and `verify_hostnames` set to `true` it needs to be able to read the certificate store. This change bind mounts the cacert paths for the unixd service.
2022-09-05 20:46:46 +02:00 · 2022-09-05 20:46:46 +02:00 · 3df41451e3
parent 99536a41e3
commit 3df41451e3
1 changed files with 2 additions and 0 deletions
--- a/nixos/modules/services/security/kanidm.nix
+++ b/nixos/modules/services/security/kanidm.nix
@ -248,6 +248,8 @@ in
          "-/etc/localtime"
          "-/etc/kanidm"
          "-/etc/static/kanidm"
+          "-/etc/ssl"
+          "-/etc/static/ssl"
        ];
        BindPaths = [
          # To create the socket