Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 71a768a6e814
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 6cbc9c82e6ad
Choose a head ref
  • 2 commits
  • 1 file changed
  • 2 contributors

Commits on Apr 9, 2020

  1. acme: create certificates in subdirectory 

    This allows to have multiple certificates with the same common name.
Lego uses in its internal directory the common name to name the certificate.

fixes #84409
    @Mic92
    Mic92 committed Apr 9, 2020
    Copy the full SHA
    d7ff6ab View commit details

  2. Merge pull request #84781 from Mic92/acme 

    acme: create certificates in subdirectory
    @Mic92
    Mic92 authored Apr 9, 2020
    Copy the full SHA
    6cbc9c8 View commit details
Showing with 2 additions and 2 deletions.
  1. +2 −2 nixos/modules/security/acme.nix
4 changes: 2 additions & 2 deletions nixos/modules/security/acme.nix
View file
Original file line number Diff line number Diff line change
@@ -301,7 +301,7 @@ in
# StateDirectory must be relative, and will be created under /var/lib by systemd
lpath = "acme/${cert}";
apath = "/var/lib/${lpath}";
spath = "/var/lib/acme/.lego";
spath = "/var/lib/acme/.lego/${cert}";
fileMode = if data.allowKeysForGroup then "640" else "600";
globalOpts = [ "-d" data.domain "--email" data.email "--path" "." "--key-type" data.keyType ]
++ optionals (cfg.acceptTerms) [ "--accept-tos" ]
@@ -330,7 +330,7 @@ in
User = data.user;
Group = data.group;
PrivateTmp = true;
StateDirectory = "acme/.lego ${lpath}";
StateDirectory = "acme/.lego/${cert} ${lpath}";
StateDirectoryMode = if data.allowKeysForGroup then "750" else "700";
WorkingDirectory = spath;
# Only try loading the credentialsFile if the dns challenge is enabled