Skip to content
This repository was archived by the owner on Apr 12, 2021. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 900b58e4eed2
Choose a base ref
...
head repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 2ee6b5ce7c3f
Choose a head ref
  • 2 commits
  • 1 file changed
  • 2 contributors

Commits on Apr 16, 2020

  1. Revert "nixos/acme: Fix allowKeysForGroup not applying immediately" 

    This reverts commit 5532065.

As far as I can tell setting RemainAfterExit=true here completely breaks
certificate renewal, which is really bad!

the sytemd timer will activate the service unit every OnCalendar=,
however with RemainAfterExit=true the service is already active! So the
timer doesn't rerun the service!

The commit also broke the actual tests, (As it broke activation too)
but this was fixed later in NixOS/nixpkgs#76052
I wrongly assumed that PR fixed renewal too, which it didn't!

testing renewals is hard, as we need to sleep in tests.
    @arianvp
    arianvp committed Apr 16, 2020
    Copy the full SHA
    c51c677 View commit details

  2. Merge pull request #85333 from arianvp/revert-acme-backport 

    [20.03] Revert "nixos/acme: Fix allowKeysForGroup not applying immediately"
    @worldofpeace
    worldofpeace authored Apr 16, 2020

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    2ee6b5c View commit details
Showing with 0 additions and 6 deletions.
  1. +0 −6 nixos/modules/security/acme.nix
6 changes: 0 additions & 6 deletions nixos/modules/security/acme.nix
View file
Original file line number Diff line number Diff line change
@@ -297,12 +297,6 @@ in
wantedBy = mkIf (!config.boot.isContainer) [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
# With RemainAfterExit the service is considered active even
# after the main process having exited, which means when it
# gets changed, the activation phase restarts it, meaning
# the permissions of the StateDirectory get adjusted
# according to the specified group
RemainAfterExit = true;
User = data.user;
Group = data.group;
PrivateTmp = true;