mirrors/nixpkgs
1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-18 03:30:45 +00:00
Code Issues Wiki Activity

nixos/acme: allow setting security.acme.defaults.server = null to keep old accounts directory

Browse source 
The accounts directory is based on the hash of the settings.

https://github.com/NixOS/nixpkgs/pull/270221 changed the  default of
security.acme.defaults.server from null to the default letsencrypt URL
however as an unwanted side effect this means the accounts directory
changes and the ACME module will create a new a new account.

This can cause issues with people using CAA records that pin the
account ID or people who have datacenter-scale NixOS deployments

We allow setting this option to null again for people who want
to keep the old account and migrate at their own leisure.

Fixes https://github.com/NixOS/nixpkgs/issues/316608

Co-authored-by: Arian van Putten <arian.vanputten@gmail.com>
This commit is contained in:
Stéphan Kochen 2024-06-03 12:59:05 +02:00 committed by Arian van Putten
parent a2e77d0bea
commit d1f07e6382
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
nixos/modules/security/acme/default.nix
View file

@ -545,7 +545,7 @@ let
};
server = mkOption {
type = types.str;
type = types.nullOr types.str;
inherit (defaultAndText "server" "https://acme-v02.api.letsencrypt.org/directory") default defaultText;
example = "https://acme-staging-v02.api.letsencrypt.org/directory";
description = ''