From 1ea58b491e77e165313a127856dffbeebca5423b Mon Sep 17 00:00:00 2001
From: kat <kat@inskip.me>
Date: Sun, 25 Sep 2022 22:48:55 -0700
Subject: [PATCH] fix(network): bleh

---
 nixos/network.nix             | 2 +-
 services/keycloak.nix         | 2 +-
 services/openldap/default.nix | 3 +++
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/nixos/network.nix b/nixos/network.nix
index 681eadee..ebbde5cb 100644
--- a/nixos/network.nix
+++ b/nixos/network.nix
@@ -365,7 +365,7 @@
           ) (filterAttrs (network: settings: settings.create_cert) config.domains);
           domains' = mapAttrs' (network: settings:
             nameValuePair "${fixedTarget settings}-key" {
-              text = tf.acme.certs.${fixedTarget settings}.out.refFullchainPem;
+              text = tf.acme.certs.${fixedTarget settings}.out.refPrivateKeyPem;
               owner = settings.owner;
               group = settings.group;
               mode = "0440";
diff --git a/services/keycloak.nix b/services/keycloak.nix
index c639b1c1..a931e539 100644
--- a/services/keycloak.nix
+++ b/services/keycloak.nix
@@ -30,7 +30,7 @@ in {
 
   users.groups.domain-auth = {
     gid = 10600;
-    members = [ "keycloak" ];
+    members = [ "keycloak" "openldap" ];
   };
 
   systemd.services.keycloak.script  = lib.mkBefore ''
diff --git a/services/openldap/default.nix b/services/openldap/default.nix
index bc2e788d..13351ce3 100644
--- a/services/openldap/default.nix
+++ b/services/openldap/default.nix
@@ -2,8 +2,11 @@
   networks.internet.tcp = [ 636 ];
 
   users.groups.domain-auth.members = [ "openldap" ];
+
+
   services.openldap = {
     enable = true;
+    group = "domain-auth";
     urlList = [ "ldap:///" "ldaps:///" ];
     settings = {
       attrs = {