Skip to content
This repository was archived by the owner on Apr 12, 2021. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 8c6a5a26a764
Choose a base ref
...
head repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 377b0248c50b
Choose a head ref
  • 1 commit
  • 1 file changed
  • 1 contributor

Commits on Apr 9, 2020

  1. acme: create certificates in subdirectory 

    This allows to have multiple certificates with the same common name.
Lego uses in its internal directory the common name to name the certificate.

fixes #84409

(cherry picked from commit d7ff6ab)
    @Mic92
    Mic92 committed Apr 9, 2020

    Unverified

    This user has not yet uploaded their public signing key.
    GPG key ID: CED392DE0C483D00
    Learn about vigilant mode
    Copy the full SHA
    377b024 View commit details
Showing with 2 additions and 2 deletions.
  1. +2 −2 nixos/modules/security/acme.nix
4 changes: 2 additions & 2 deletions nixos/modules/security/acme.nix
View file
Original file line number Diff line number Diff line change
@@ -280,7 +280,7 @@ in
# StateDirectory must be relative, and will be created under /var/lib by systemd
lpath = "acme/${cert}";
apath = "/var/lib/${lpath}";
spath = "/var/lib/acme/.lego";
spath = "/var/lib/acme/.lego/${cert}";
fileMode = if data.allowKeysForGroup then "640" else "600";
globalOpts = [ "-d" data.domain "--email" data.email "--path" "." "--key-type" data.keyType ]
++ optionals (cfg.acceptTerms) [ "--accept-tos" ]
@@ -306,7 +306,7 @@ in
User = data.user;
Group = data.group;
PrivateTmp = true;
StateDirectory = "acme/.lego ${lpath}";
StateDirectory = "acme/.lego/${cert} ${lpath}";
StateDirectoryMode = if data.allowKeysForGroup then "750" else "700";
WorkingDirectory = spath;
# Only try loading the credentialsFile if the dns challenge is enabled