nixpkgs/pkgs/tools
Lucas Savva 982c5a1f0e
nixos/acme: Restructure module
- Use an acme user and group, allow group override only
- Use hashes to determine when certs actually need to regenerate
- Avoid running lego more than necessary
- Harden permissions
- Support "systemctl clean" for cert regeneration
- Support reuse of keys between some configuration changes
- Permissions fix services solves for previously root owned certs
- Add a note about multiple account creation and emails
- Migrate extraDomains to a list
- Deprecate user option
- Use minica for self-signed certs
- Rewrite all tests

I thought of a few more cases where things may go wrong,
and added tests to cover them. In particular, the web server
reload services were depending on the target - which stays alive,
meaning that the renewal timer wouldn't be triggering a reload
and old certs would stay on the web servers.

I encountered some problems ensuring that the reload took place
without accidently triggering it as part of the test. The sync
commands I added ended up being essential and I'm not sure why,
it seems like either node.succeed ends too early or there's an
oddity of the vm's filesystem I'm not aware of.

- Fix duplicate systemd rules on reload services

Since useACMEHost is not unique to every vhost, if one cert
was reused many times it would create duplicate entries in
${server}-config-reload.service for wants, before and
ConditionPathExists
2020-09-02 19:22:43 +01:00
..
admin Merge pull request #96149 from JJJollyjim/acme-test-go-15 2020-08-31 13:54:19 +02:00
archivers Merge pull request #89249 from david-sawatzke/maxcso-init 2020-08-22 16:28:53 +02:00
audio qastools: 0.22.0 -> 0.23.0 2020-08-31 17:09:48 +02:00
backup Merge pull request #96480 from Izorkin/dar 2020-08-31 06:54:45 +01:00
bluetooth rfkill: remove 2020-08-24 02:49:27 +02:00
bootloaders/refind treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
cd-dvd Merge pull request #84141 from mkg20001/pkg/isolyzer 2020-07-30 14:57:05 -04:00
compression bzip2_1_1: init at 2020-08-11 2020-08-30 17:28:41 +02:00
filesystems reiser4progs: 2.0.0 -> 2.0.1 2020-08-31 16:56:28 +02:00
graphics Merge pull request #96117 from jtojnar/swfdec-drop 2020-08-23 18:45:52 -04:00
inputmethods ibus-engines.mozc: enable handwriting recognition 2020-08-22 18:16:04 +02:00
misc Merge pull request #96757 from r-ryantm/auto-update/yubikey-manager-qt 2020-08-31 07:33:46 -07:00
networking toss: init at 1.1 2020-08-31 13:20:51 +02:00
nix nixpkgs-fmt: 0.9.0 -> 1.0.0 2020-08-18 20:18:59 +07:00
package-management nix-template: init at 0.1.0 2020-08-30 17:50:56 -07:00
security nixos/acme: Restructure module 2020-09-02 19:22:43 +01:00
system htop: disable use glyphs for checkmarks 2020-08-30 12:09:13 +03:00
text podiff: 1.1 -> 1.2 2020-08-27 07:28:12 +00:00
toml2nix
typesetting lowdown: 0.7.3 → 0.7.4 2020-08-31 14:02:45 +02:00
video buildRustPackage: remove platform.all from packages 2020-08-16 12:48:18 +10:00
virtualization cri-tools: 1.18.0 -> 1.19.0 2020-08-28 21:11:46 +10:00
wayland wayland-utils: init at 1.0.0 (#94471) 2020-08-01 23:05:01 +02:00
X11 ckbcomp: 1.195 -> 1.196 2020-08-31 16:52:57 +02:00