JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

nixos/acme: Remove dependency on system version for hash

Browse Source 
This means that all systems running from master will trigger
new certificate creation on next rebuild. Race conditions around
multiple account creation are fixed in #106857, not this commit.
This commit is contained in:
Lucas Savva 2020-12-18 12:57:35 +00:00
parent 79ecf069f5
commit e3120397a5
1 changed files with 1 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
nixos/modules/security/acme.nix
View File

@ -104,12 +104,7 @@ let
mkHash = with builtins; val: substring 0 20 (hashString "sha256" val); mkHash = with builtins; val: substring 0 20 (hashString "sha256" val);
certDir = mkHash hashData; certDir = mkHash hashData;
domainHash = mkHash "${concatStringsSep " " extraDomains} ${data.domain}"; domainHash = mkHash "${concatStringsSep " " extraDomains} ${data.domain}";
othersHash = mkHash ( othersHash = mkHash "${toString acmeServer} ${data.keyType} ${data.email}";
"${toString acmeServer} ${data.keyType}"
+ (
optionalString (versionOlder "20.09" config.system.stateVersion) data.email
)
);
accountDir = "/var/lib/acme/.lego/accounts/" + othersHash; accountDir = "/var/lib/acme/.lego/accounts/" + othersHash;
protocolOpts = if useDns then ( protocolOpts = if useDns then (