theos/certs/matrix: Copy cert instead of ACL

They're reset on every run otherwise, which is annoying. Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
author: Johannes Löthberg <johannes@kyriasis.com> 2019-01-02 20:40:05 +0100
committer: Johannes Löthberg <johannes@kyriasis.com> 2019-01-02 20:40:05 +0100
commit: 8fb8a773fe939a00a44384b55e33abc53474ac89 (patch)
tree: 46bddb1ebb28091d3bd0a4aed5a0074a3635cb71
parent: bd7248d27115b46f6e4ae35d1af2fd32f5101b73 (diff)
download: file-8fb8a773fe939a00a44384b55e33abc53474ac89.tar.xz
1 files changed, 16 insertions, 8 deletions
diff --git a/theos/certs/matrix_kyriasis_com.sls b/theos/certs/matrix_kyriasis_com.sls
index 26981f3..0828d04 100644
--- a/theos/certs/matrix_kyriasis_com.sls
+++ b/theos/certs/matrix_kyriasis_com.sls
@@ -13,14 +13,22 @@ matrix.kyriasis.com:
     - require_in:
       - service: nginx_service
 
-synapse-access-matrix:
-  acl.present:
-    - name: /etc/letsencrypt/archive/matrix.kyriasis.com/
-    - acl_type: default:user
-    - acl_name: synapse
-    - perms: r-x
-    - recurse: True
-    - require_in:
+/etc/synapse/ssl/fullchain.pem:
+  file.copy:
+    - source: /etc/letsencrypt/live/matrix.kyriasis.com/fullchain.pem
+    - user: synapse
+    - group: synapse
+    - mode: 600
+    - onchanges:
+      - acme: matrix.kyriasis.com
+
+/etc/synapse/ssl/privkey.pem:
+  file.copy:
+    - source: /etc/letsencrypt/live/matrix.kyriasis.com/fullchain.pem
+    - user: synapse
+    - group: synapse
+    - mode: 600
+    - onchanges:
       - acme: matrix.kyriasis.com
 
 # vim: set ft=yaml et:
author	Johannes Löthberg <johannes@kyriasis.com>	2019-01-02 20:40:05 +0100
committer	Johannes Löthberg <johannes@kyriasis.com>	2019-01-02 20:40:05 +0100
commit	8fb8a773fe939a00a44384b55e33abc53474ac89 (patch)
tree	46bddb1ebb28091d3bd0a4aed5a0074a3635cb71
parent	bd7248d27115b46f6e4ae35d1af2fd32f5101b73 (diff)
download	file-8fb8a773fe939a00a44384b55e33abc53474ac89.tar.xz