nixpkgs/nixos
Lucas Savva 982c5a1f0e
nixos/acme: Restructure module
- Use an acme user and group, allow group override only
- Use hashes to determine when certs actually need to regenerate
- Avoid running lego more than necessary
- Harden permissions
- Support "systemctl clean" for cert regeneration
- Support reuse of keys between some configuration changes
- Permissions fix services solves for previously root owned certs
- Add a note about multiple account creation and emails
- Migrate extraDomains to a list
- Deprecate user option
- Use minica for self-signed certs
- Rewrite all tests

I thought of a few more cases where things may go wrong,
and added tests to cover them. In particular, the web server
reload services were depending on the target - which stays alive,
meaning that the renewal timer wouldn't be triggering a reload
and old certs would stay on the web servers.

I encountered some problems ensuring that the reload took place
without accidently triggering it as part of the test. The sync
commands I added ended up being essential and I'm not sure why,
it seems like either node.succeed ends too early or there's an
oddity of the vm's filesystem I'm not aware of.

- Fix duplicate systemd rules on reload services

Since useACMEHost is not unique to every vhost, if one cert
was reused many times it would create duplicate entries in
${server}-config-reload.service for wants, before and
ConditionPathExists
2020-09-02 19:22:43 +01:00
..
doc Merge pull request #94804 from hercules-ci/init-nixos-hercules-ci-agent 2020-08-29 10:20:14 +02:00
lib Revert "Merge pull request #96254 from Mic92/logging" 2020-08-30 15:46:39 -07:00
maintainers Merge pull request #89116 from wagdav/fix-args-create-amis 2020-08-22 16:47:54 +02:00
modules nixos/acme: Restructure module 2020-09-02 19:22:43 +01:00
tests nixos/acme: Restructure module 2020-09-02 19:22:43 +01:00
COPYING
default.nix
README treewide: use https for nixos.org and hydra.nixos.org 2020-05-03 22:14:21 -07:00
release-combined.nix nixosTests: Disable networking.networkd.macvlan 2020-08-30 17:43:34 -07:00
release-small.nix nixos/release-small: drop latestKernel.login 2020-04-19 22:20:07 +03:00
release.nix nixos/release: add pantheon closure 2020-07-26 15:30:08 -04:00

*** NixOS ***

NixOS is a Linux distribution based on the purely functional package
management system Nix.  More information can be found at
https://nixos.org/nixos and in the manual in doc/manual.