3
0
Fork 0
forked from mirrors/nixpkgs
nixpkgs/nixos/modules/security
Arian van Putten 5c1c642939 Revert "nixos/acme: Fix allowKeysForGroup not applying immediately"
This reverts commit 5532065d06.

As far as I can tell setting RemainAfterExit=true here completely breaks
certificate renewal, which is really bad!

the sytemd timer will activate the service unit every OnCalendar=,
however with RemainAfterExit=true the service is already active! So the
timer doesn't rerun the service!

The commit also broke the actual tests, (As it broke activation too)
but this was fixed later in https://github.com/NixOS/nixpkgs/pull/76052
I wrongly assumed that PR fixed renewal too, which it didn't!

testing renewals is hard, as we need to sleep in tests.
2020-04-16 10:37:04 +02:00
..
wrappers nixos/treewide: Move rename.nix imports to their respective modules 2019-12-10 02:51:19 +01:00
acme.nix Revert "nixos/acme: Fix allowKeysForGroup not applying immediately" 2020-04-16 10:37:04 +02:00
acme.xml nixos/acme: fix some descriptions, default acceptTerms to false 2020-01-19 18:24:04 +00:00
apparmor-suid.nix nixos/treewide: Move rename.nix imports to their respective modules 2019-12-10 02:51:19 +01:00
apparmor.nix nixos/apparmor: ensure that apparmor is selected at boot 2019-05-11 18:21:38 +02:00
audit.nix nixos: Move uses of stdenv.shell to runtimeShell. 2018-03-01 14:38:53 -05:00
auditd.nix auditd service: make more useful 2019-06-10 18:55:11 +03:00
ca.nix nixos: add preferLocalBuild=true; on derivations for config files 2019-02-22 20:11:27 +01:00
chromium-suid-sandbox.nix nixos/treewide: Move rename.nix imports to their respective modules 2019-12-10 02:51:19 +01:00
dhparams.nix dhparams module: add self as maintainer 2018-10-31 01:05:35 +09:00
duosec.nix nixos/duosec: rename ikey option to integrationKey 2020-03-22 20:25:11 -04:00
google_oslogin.nix nixos/sshd: add authorizedKeysCommand and authorizedKeysCommandUser options 2020-03-12 21:00:12 -04:00
hidepid.nix [bot] nixos/*: remove unused arguments in lambdas 2018-07-20 20:56:59 +00:00
hidepid.xml Revert "nixos/doc: re-format" 2019-09-19 19:17:30 +02:00
lock-kernel-modules.nix nixos/lock-kernel-modules: add myself to maintainers 2018-10-15 01:33:30 +02:00
misc.nix nixos/hardened: make pti=on overridable 2019-07-30 02:24:56 +02:00
oath.nix [bot] nixos/*: remove unused arguments in lambdas 2018-07-20 20:56:59 +00:00
pam.nix nixos/pam: cleanup services (#76885) 2020-01-09 10:09:13 +00:00
pam_mount.nix treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
pam_usb.nix [bot] treewide: remove unused 'inherit' in let blocks 2018-07-20 19:38:19 +00:00
polkit.nix nixos/polkit: remove root from adminIdentities 2019-12-09 19:11:09 -05:00
prey.nix treewide: remove redundant quotes 2019-08-26 21:40:19 +00:00
rngd.nix nixos/rngd: fix clean shutdown 2020-02-23 18:53:52 -05:00
rtkit.nix treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
sudo.nix nixos/sudo: Fix extraRules example rendering 2020-02-10 01:37:07 +01:00
systemd-confinement.nix nixos/confinement: Use PrivateMounts option 2019-03-27 20:34:32 +01:00
tpm2.nix nixos/tpm2: init 2020-03-15 12:16:32 +01:00