cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
nixpkgs/nixos/tests
History
Arian van Putten 604b7c139f Fix letsencrypt (#60219) 
* nixos/acme: Fix ordering of cert requests

When subsequent certificates would be added, they would
not wake up nginx correctly due to target units only being triggered
once. We now added more fine-grained systemd dependencies to make sure
nginx always is aware of new certificates and doesn't restart too early
resulting in a crash.

Furthermore, the acme module has been refactored. Mostly to get
rid of the deprecated PermissionStartOnly systemd options which were
deprecated. Below is a summary of changes made.

* Use SERVICE_RESULT to determine status
This was added in systemd v232. we don't have to keep track
of the EXITCODE ourselves anymore.

* Add regression test for requesting mutliple domains

* Deprecate 'directory' option
We now use systemd's StateDirectory option to manage
create and permissions of the acme state directory.

* The webroot is created using a systemd.tmpfiles.rules rule
instead of the preStart script.

* Depend on certs directly

By getting rid of the target units, we make sure ordering
is correct in the case that you add new certs after already
having deployed some.

Reason it broke before:  acme-certificates.target would
be in active state, and if you then add a new cert, it
would still be active and hence nginx would restart
without even requesting a new cert. Not good!  We
make the dependencies more fine-grained now. this should fix that

* Remove activationDelay option

It complicated the code a lot, and is rather arbitrary. What if
your activation script takes more than activationDelay seconds?

Instead, one should use systemd dependencies to make sure some
action happens before setting the certificate live.

e.g. If you want to wait until your cert is published in DNS DANE /
TLSA, you could create a unit that blocks until it appears in DNS:

```
RequiredBy=acme-${cert}.service
After=acme-${cert}.service
ExecStart=publish-wait-for-dns-script
```
2019-08-29 16:32:59 +02:00
..
common
google-oslogin
hadoop
hitch
hocker-fetchdocker
hydra
initrd-network-ssh
kerberos
krb5
kubernetes
nextcloud nixos/nextcloud: write config to additional config file 2019-07-22 18:29:52 +02:00
wireguard
xmpp nixos/ejabberd: fix test for new release 2019-08-20 11:09:40 +02:00
acme.nix Fix letsencrypt (#60219) 2019-08-29 16:32:59 +02:00
all-tests.nix Merge pull request #66859 from worldofpeace/xfce4-14-module 2019-08-27 22:37:03 -04:00
ammonite.nix
atd.nix
automysqlbackup.nix
avahi.nix
bcachefs.nix
beanstalkd.nix
beegfs.nix
bees.nix
bind.nix
bittorrent.nix
blivet.nix
boot-stage1.nix
boot.nix boot tests: don't use globbing 2019-07-22 14:44:53 +03:00
borgbackup.nix
buildbot.nix
cadvisor.nix
cassandra.nix nixos/tests/cassandra: Test jmxPort 2019-07-31 00:55:04 +02:00
ceph.nix
certmgr.nix
cfssl.nix
chromium.nix
cjdns.nix
clickhouse.nix
cloud-init.nix
cockroachdb.nix
codimd.nix
colord.nix
containers-bridge.nix
containers-ephemeral.nix nixos/containers: add 'ephemeral' option 2019-08-19 15:21:35 +02:00
containers-extra_veth.nix
containers-hosts.nix
containers-imperative.nix
containers-ipv4.nix
containers-ipv6.nix
containers-macvlans.nix
containers-physical_interfaces.nix
containers-portforward.nix
containers-reloadable.nix
containers-restart_networking.nix
containers-tmpfs.nix
couchdb.nix
deluge.nix
dhparams.nix
dnscrypt-proxy.nix
docker-containers.nix
docker-edge.nix
docker-preloader.nix
docker-registry.nix
docker-tools-overlay.nix
docker-tools.nix
docker.nix
documize.nix
dovecot.nix
ec2.nix
ecryptfs.nix
elk.nix
emacs-daemon.nix
env.nix
etcd-cluster.nix
etcd.nix
ferm.nix
firefox.nix
firewall.nix
fish.nix
flannel.nix
flatpak-builder.nix nixosTests.flatpak-builder: enable portals 2019-07-30 23:52:25 -04:00
flatpak.nix
fluentd.nix fluentd: add simple test 2019-07-30 00:37:21 +09:00
fsck.nix
fwupd.nix
gdk-pixbuf.nix gdk-pixbuf: rename from gdk_pixbuf 2019-07-22 18:50:57 -04:00
gitea.nix
gitlab.nix
gitolite.nix
gjs.nix
glusterfs.nix nixos/glusterfs: add test 2019-08-18 18:58:00 +02:00
gnome-photos.nix gnome-photos: add installed tests 2019-08-23 19:31:14 +02:00
gnome3-xorg.nix nixosTests.gnome3{xorg}: add gnome3 maintainers 2019-08-06 20:51:44 -04:00
gnome3.nix nixosTests.gnome3{xorg}: add gnome3 maintainers 2019-08-06 20:51:44 -04:00
gocd-agent.nix
gocd-server.nix
grafana.nix
graphene.nix
graphite.nix
graylog.nix
haka.nix
handbrake.nix
haproxy.nix
hardened.nix
hibernate.nix
home-assistant.nix
hound.nix
i3wm.nix
icingaweb2.nix
iftop.nix
incron.nix
influxdb.nix
initdb.nix postgresql: running initdb from command line now works (#65309) 2019-08-07 14:17:36 +03:00
initrd-network.nix
installer.nix
ipfs.nix
ipv6.nix
jackett.nix
jellyfin.nix
jenkins.nix
jormungandr.nix nixos/jormungandr: adding genesis tests 2019-08-25 18:33:13 +02:00
kafka.nix
kernel-latest.nix
kernel-lts.nix
kernel-testing.nix
kexec.nix
keymap.nix
knot.nix
ldap.nix
leaps.nix
libxmlb.nix nixos/tests/libxmlb: init 2019-08-23 01:34:48 +02:00
lidarr.nix
lightdm.nix nixosTests.lightdm: add me to maintainers 2019-08-06 20:51:44 -04:00
limesurvey.nix
login.nix
loki.nix
magnetico.nix nixos/magnetico: add test 2019-08-28 14:19:24 +02:00
mailcatcher.nix
make-test.nix
mathics.nix
matrix-synapse.nix
mediawiki.nix nixos/mediawiki: init service to replace httpd subservice 2019-07-23 22:02:33 -04:00
memcached.nix
mesos.nix
mesos_test.py
metabase.nix tests: adding metabase service test 2019-08-18 13:44:26 +02:00
miniflux.nix
minio.nix
misc.nix
mongodb.nix
moodle.nix nixos/moodle: init service 2019-08-25 08:12:28 -04:00
morty.nix
mosquitto.nix
mpd.nix
mpich-example.c
mumble.nix
munin.nix
mutable-users.nix
mxisd.nix
mysql-backup.nix
mysql-replication.nix
mysql.nix nixos/mysql: test the mysql package, not just mariadb 2019-08-04 10:41:55 -04:00
nat.nix
ndppd.nix
neo4j.nix
nesting.nix
netdata.nix
networking-proxy.nix
networking.nix Merge branch 'master' into flip-map-foreach 2019-08-05 14:09:28 +03:00
nexus.nix
nfs.nix
nghttpx.nix
nginx-sso.nix
nginx.nix nginx: expose generated config and allow nginx reloads (#57429) 2019-08-21 16:52:46 +03:00
nix-ssh-serve.nix
nixos-generate-config.nix nixos-generate-config: enable overriding configuration.nix 2019-08-08 17:00:10 +02:00
novacomd.nix
nsd.nix
nzbget.nix
openldap.nix
opensmtpd.nix
openssh.nix
openstack-image.nix
osquery.nix
osrm-backend.nix
ostree.nix gdk-pixbuf: rename from gdk_pixbuf 2019-07-22 18:50:57 -04:00
overlayfs.nix
packagekit.nix
pam-oath-login.nix
pam-u2f.nix
pantheon.nix
paperless.nix
partition.nix
pdns-recursor.nix
peerflix.nix
pgjwt.nix
pgmanage.nix
php-pcre.nix nixos/tests/php-pcre: replace usage of deprecated services.httpd.extraSubservices 2019-08-15 21:00:27 -04:00
plasma5.nix
plotinus.nix
postgis.nix
postgresql-wal-receiver.nix nixos/postgresql-wal-receiver: add module (#63799) 2019-08-11 20:09:42 +03:00
postgresql.nix
powerdns.nix
predictable-interface-names.nix
printing.nix cups: add myself as maintainer 2019-08-14 11:47:48 -04:00
prometheus-2.nix nixos/tests/prometheus-2.nix: increase diskSize of the store machine 2019-07-28 13:28:27 +02:00
prometheus-exporters.nix nixos/prometheus-exporters: use DynamicUser by default 2019-08-02 18:50:01 +02:00
prometheus.nix
proxy.nix
quagga.nix
quake3.nix
rabbitmq.nix
radarr.nix
radicale.nix
redmine.nix
riak.nix
roundcube.nix
rspamd.nix
rss2email.nix
rsyslogd.nix
run-in-machine.nix
rxe.nix
samba.nix
sddm.nix
signal-desktop.nix
simple.nix
slim.nix
slurm.nix
smokeping.nix
snapper.nix
solr.nix
sonarr.nix
ssh-keys.nix
strongswan-swanctl.nix
sudo.nix
switch-test.nix
syncthing-init.nix syncthing: 1.1.4 -> 1.2.1 2019-08-11 08:35:04 +07:00
syncthing-relay.nix
systemd-confinement.nix
systemd-networkd-wireguard.nix systemd-networkd: add tests 2019-08-21 11:11:28 +02:00
systemd-timesyncd.nix
systemd.nix nixos/systemd: add cgroup accounting test 2019-08-25 22:26:12 +02:00
taskserver.nix
telegraf.nix
testdb.sql
tiddlywiki.nix nixos/tiddlywiki: init 2019-07-16 23:12:16 +01:00
timezone.nix
tinydns.nix
tor.nix
transmission.nix
trezord.nix tests: adding trezord 2019-08-16 17:05:13 +02:00
udisks2.nix
upnp.nix
uwsgi.nix
vault.nix
virtualbox.nix
wordpress.nix
xautolock.nix
xdg-desktop-portal.nix
xfce.nix
xfce4-14.nix nixosTests.xfce4-14: init 2019-08-21 22:04:29 -04:00
xmonad.nix
xrdp.nix
xss-lock.nix
yabar.nix
zfs.nix
zookeeper.nix