From 0da0f610689b60b42e1b3391a4f2f8b23ac4469d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com>
Date: Tue, 30 Apr 2024 23:15:04 +0200
Subject: [PATCH] fix(vpn): fix nginx chown

---
 system/vpn.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/system/vpn.nix b/system/vpn.nix
index feb4ebe..17f991a 100644
--- a/system/vpn.nix
+++ b/system/vpn.nix
@@ -40,8 +40,8 @@ in {
       # some options cannot be set immediately
       ${cfg.package}/bin/tailscale up ${lib.escapeShellArgs cfg.extraUpFlags}
 
-      # TODO nginx.service currently fails because it supposedly doesn't have permissions for this file
       ${cfg.package}/bin/tailscale cert ${tailnetHost}
+    '' + lib.optionalString config.services.nginx.enable ''
       chown nginx:nginx /var/lib/tailscale/certs/${tailnetHost}.{key,crt}
     '';
   };