grant traefik write access to state/acme.json

and ensure the file exists and is private before launching
2025-12-18 21:54:05 +08:00 · 2018-07-30 15:26:09 +02:00
parent 7f07bfbec4
commit 8e75a44502
2 changed files with 7 additions and 1 deletions
--- a/tljh/traefik.py
+++ b/tljh/traefik.py
@@ -77,3 +77,8 @@ def ensure_traefik_config(state_dir):
    with open(os.path.join(state_dir, "traefik.toml"), "w") as f:
        os.fchmod(f.fileno(), 0o744)
        f.write(new_toml)
+
+    # ensure acme.json exists and is private
+    with open(os.path.join(state_dir, "acme.json"), "a") as f:
+        os.fchmod(f.fileno(), 0o600)
+