Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: c92a00ccbfe7
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: fd438d5f09d8
Choose a head ref
  • 2 commits
  • 1 file changed
  • 2 contributors

Commits on Apr 13, 2020

  1. acme: share accounts between certificates 

    There are strict rate limits on account creation for Let's Encrypt
certificates. It is important to reuse credentails when possible.
    @m1cr0man
    m1cr0man committed Apr 13, 2020
    Copy the full SHA
    827d5e6 View commit details

Commits on Apr 14, 2020

  1. Merge pull request #85185 from m1cr0man/legoaccounts 

    acme: share accounts between certificates
    @Mic92
    Mic92 authored Apr 14, 2020
    Copy the full SHA
    fd438d5 View commit details
Showing with 2 additions and 1 deletion.
  1. +2 −1 nixos/modules/security/acme.nix
3 changes: 2 additions & 1 deletion nixos/modules/security/acme.nix
View file
Original file line number Diff line number Diff line change
@@ -330,13 +330,14 @@ in
User = data.user;
Group = data.group;
PrivateTmp = true;
StateDirectory = "acme/.lego/${cert} ${lpath}";
StateDirectory = "acme/.lego/${cert} acme/.lego/accounts ${lpath}";
StateDirectoryMode = if data.allowKeysForGroup then "750" else "700";
WorkingDirectory = spath;
# Only try loading the credentialsFile if the dns challenge is enabled
EnvironmentFile = if data.dnsProvider != null then data.credentialsFile else null;
ExecStart = pkgs.writeScript "acme-start" ''
#!${pkgs.runtimeShell} -e
test -L ${spath}/accounts -o -d ${spath}/accounts || ln -s ../accounts ${spath}/accounts
${pkgs.lego}/bin/lego ${renewOpts} || ${pkgs.lego}/bin/lego ${runOpts}
'';
ExecStartPost =