cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

Merge pull request #147498 from helsinki-systems/feat/disable-acme-debugging

Browse source 
nixos/acme: Disable bash tracing
This commit is contained in:
Robert Hensing 2021-12-07 15:14:40 +01:00 committed by GitHub
commit e8862a91ff
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
nixos/modules/security/acme.nix
View file

@ -325,7 +325,8 @@ let
# Working directory will be /tmp
script = ''
set -euxo pipefail
${optionalString data.enableDebugLogs "set -x"}
set -euo pipefail
# This reimplements the expiration date check, but without querying
# the acme server first. By doing this offline, we avoid errors
@ -438,6 +439,8 @@ let
default = "_mkMergedOptionModule";
};
enableDebugLogs = mkEnableOption "debug logging for this certificate" // { default = cfg.enableDebugLogs; };
webroot = mkOption {
type = types.nullOr types.str;
default = null;
@ -616,6 +619,8 @@ in {
options = {
security.acme = {
enableDebugLogs = mkEnableOption "debug logging for all certificates by default" // { default = true; };
validMinDays = mkOption {
type = types.int;
default = 30;