From 516760a6fb82ec856ca0eecc8fa637ebfd4852e9 Mon Sep 17 00:00:00 2001
From: Franz Pletz <fpletz@fnordicwalking.de>
Date: Wed, 25 Jan 2017 19:11:42 +0100
Subject: [PATCH] nixos/acme: add random delay to timer

This way we behave like good citizens and won't overload Let's Encrypt
with lots of cert renewal requests at the same time.
---
 nixos/modules/security/acme.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/nixos/modules/security/acme.nix b/nixos/modules/security/acme.nix
index 726e54711410..4e7c966a463a 100644
--- a/nixos/modules/security/acme.nix
+++ b/nixos/modules/security/acme.nix
@@ -284,6 +284,8 @@ in
             OnCalendar = cfg.renewInterval;
             Unit = "acme-${cert}.service";
             Persistent = "yes";
+            AccuracySec = "5m";
+            RandomizedDelaySec = "1h";
           };
         })
       );