cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
nixpkgs/nixos/modules/services/networking
History
Lucas Savva 982c5a1f0e
nixos/acme: Restructure module 
- Use an acme user and group, allow group override only
- Use hashes to determine when certs actually need to regenerate
- Avoid running lego more than necessary
- Harden permissions
- Support "systemctl clean" for cert regeneration
- Support reuse of keys between some configuration changes
- Permissions fix services solves for previously root owned certs
- Add a note about multiple account creation and emails
- Migrate extraDomains to a list
- Deprecate user option
- Use minica for self-signed certs
- Rewrite all tests

I thought of a few more cases where things may go wrong,
and added tests to cover them. In particular, the web server
reload services were depending on the target - which stays alive,
meaning that the renewal timer wouldn't be triggering a reload
and old certs would stay on the web servers.

I encountered some problems ensuring that the reload took place
without accidently triggering it as part of the test. The sync
commands I added ended up being essential and I'm not sure why,
it seems like either node.succeed ends too early or there's an
oddity of the vm's filesystem I'm not aware of.

- Fix duplicate systemd rules on reload services

Since useACMEHost is not unique to every vhost, if one cert
was reused many times it would create duplicate entries in
${server}-config-reload.service for wants, before and
ConditionPathExists
2020-09-02 19:22:43 +01:00
..
firefox
hylafax
ircd-hybrid
keepalived
nghttpx nixos/modules: remove trailing whitespace 2020-08-07 14:45:39 +01:00
ntp
ssh
strongswan-swanctl
znc
3proxy.nix small treewide: his -> theirs/its 2020-06-23 16:49:50 +02:00
amuled.nix
aria2.nix
asterisk.nix
atftpd.nix
autossh.nix
avahi-daemon.nix nixos/avahi: move nss database configuration into avahi module 2020-05-11 16:14:50 +02:00
babeld.nix
bind.nix
bird.nix
bitcoind.nix maintainers: 1000101 -> _1000101 2020-08-18 07:59:48 +10:00
bitlbee.nix
blockbook-frontend.nix maintainers: 1000101 -> _1000101 2020-08-18 07:59:48 +10:00
charybdis.nix
cjdns.nix
cntlm.nix
connman.nix
consul.nix
coredns.nix
corerad.nix nixos/corerad: use SIGHUP to restart the service 2020-08-09 16:15:49 -07:00
coturn.nix
dante.nix
ddclient.nix
dhcpcd.nix nixos/dhcpcd: always run systemctl of the currently running systemd 2020-05-21 10:30:21 +02:00
dhcpd.nix nixos/dhcpd: make authoritative mode optional 2020-07-25 16:33:04 +02:00
dnscache.nix
dnscrypt-proxy2.nix nixos/dnscrypt-proxy2: service restart on failure 2020-05-22 06:43:10 +02:00
dnscrypt-wrapper.nix nixos/dnscrypt-wrapper: make provider keys configurable 2020-05-25 09:16:23 +02:00
dnsdist.nix
dnsmasq.nix
ejabberd.nix
epmd.nix
ergo.nix nixos/ergo: init 2020-05-26 21:47:31 +02:00
eternal-terminal.nix
fakeroute.nix
ferm.nix
fireqos.nix
firewall.nix
flannel.nix
flashpolicyd.nix
freenet.nix
freeradius.nix
gale.nix
gateone.nix nixos/modules: remove trailing whitespace 2020-08-07 14:45:39 +01:00
gdomap.nix
git-daemon.nix
gnunet.nix
go-neb.nix nixos/go-neb: init 2020-06-02 15:25:05 +02:00
go-shadowsocks2.nix
gogoclient.nix
gvpe.nix
hans.nix
haproxy.nix nixos/haproxy: add reloading support, use upstream service hardening 2020-05-31 22:35:27 +02:00
helpers.nix
heyefi.nix
hostapd.nix Merge pull request #86712 from rardiol/hostapd 2020-05-05 19:51:09 +02:00
htpdate.nix
i2p.nix
i2pd.nix
iodine.nix
iperf3.nix
iwd.nix
jicofo.nix treewide: add Jitsi maintainers 2020-08-04 13:07:36 -07:00
jitsi-videobridge.nix treewide: add Jitsi maintainers 2020-08-04 13:07:36 -07:00
keybase.nix
kippo.nix
knot.nix
kresd.nix nixos/kresd: ensure /run/knot-resolver exists 2020-08-16 12:20:10 -04:00
lambdabot.nix
libreswan.nix
lldpd.nix
logmein-hamachi.nix
magic-wormhole-mailbox-server.nix
mailpile.nix
matterbridge.nix
minidlna.nix
miniupnpd.nix
miredo.nix
mjpg-streamer.nix
monero.nix Merge pull request #86236 from ThibautMarty/fix-nullOr-types 2020-08-26 18:21:29 +02:00
morty.nix
mosquitto.nix
mstpd.nix nixos/modules: remove trailing whitespace 2020-08-07 14:45:39 +01:00
mtprotoproxy.nix
mullvad-vpn.nix
murmur.nix
mxisd.nix
namecoind.nix Merge pull request #86236 from ThibautMarty/fix-nullOr-types 2020-08-26 18:21:29 +02:00
nat.nix
ncdns.nix nixos/ncdns: init module 2020-06-14 01:09:33 +02:00
ndppd.nix
networkmanager.nix Merge pull request #85328 from langston-barrett/lb/restart-dispatcher 2020-08-29 16:24:28 +02:00
nextdns.nix nixos/nextdns: init 2020-06-24 18:33:05 -07:00
nftables.nix
ngircd.nix
nix-serve.nix
nix-store-gcs-proxy.nix
nixops-dns.nix
nntp-proxy.nix
nsd.nix nixos/nsd: symlink conf file to /etc/nsd 2020-06-26 20:18:33 +02:00
ntopng.nix
nullidentdmod.nix
nylon.nix
ocserv.nix
ofono.nix
oidentd.nix
onedrive.nix nixos/modules: remove trailing whitespace 2020-08-07 14:45:39 +01:00
onedrive.xml nixos/onedrive: init 2020-06-29 19:56:41 +05:30
openfire.nix
openvpn.nix
ostinato.nix
owamp.nix
pdns-recursor.nix
pdnsd.nix
pixiecore.nix nixos/pixiecore: fix escaping of cmdline 2020-05-12 15:14:49 +02:00
polipo.nix
powerdns.nix
pppd.nix
pptpd.nix
prayer.nix
privoxy.nix
prosody.nix nixos/modules: remove trailing whitespace 2020-08-07 14:45:39 +01:00
prosody.xml nixos/acme: Restructure module 2020-09-02 19:22:43 +01:00
quagga.nix
quassel.nix
quicktun.nix
quorum.nix
racoon.nix
radicale.nix nixos/radicale: use radicale3 2020-06-23 12:02:27 +02:00
radvd.nix
rdnssd.nix
redsocks.nix
resilio.nix nixos/resilio: fix directoryRoot configuration 2020-07-20 11:24:33 +02:00
rpcbind.nix
rxe.nix
sabnzbd.nix
searx.nix
seeks.nix
shadowsocks.nix nixos/shadowsocks: support plugins 2020-08-26 14:01:41 +12:00
shairport-sync.nix
shorewall.nix
shorewall6.nix
shout.nix
skydns.nix treewide: fix typo on word environment 2020-07-28 08:00:38 +02:00
smartdns.nix
smokeping.nix
sniproxy.nix
softether.nix
spacecookie.nix
spiped.nix
squid.nix
sslh.nix nixos/sslh: make it possible (and the default) to listen on ipv6 2020-06-20 12:54:36 +02:00
strongswan.nix
stubby.nix
stunnel.nix
supplicant.nix nixos/modules: remove trailing whitespace 2020-08-07 14:45:39 +01:00
supybot.nix
syncplay.nix
syncthing-relay.nix
syncthing.nix
tailscale.nix
tcpcrypt.nix
teamspeak3.nix
tedicross.nix
tftpd.nix
thelounge.nix
tinc.nix nixos/tinc: allow configuration of RSA key file 2020-07-20 21:39:22 +02:00
tinydns.nix
tox-bootstrapd.nix
tox-node.nix
toxvpn.nix
trickster.nix maintainers: 1000101 -> _1000101 2020-08-18 07:59:48 +10:00
tvheadend.nix
unbound.nix
unifi.nix nixos/unifi: restart service on package update 2020-07-03 22:34:29 +02:00
v2ray.nix
vsftpd.nix vsftpd: listen on both address families 2020-05-25 20:14:20 +02:00
wakeonlan.nix
wasabibackend.nix nixos/wasabibackend: fixing description 2020-06-19 20:07:55 +02:00
websockify.nix nixos/modules: remove trailing whitespace 2020-08-07 14:45:39 +01:00
wg-quick.nix nixos/wireguard: Fix mismatched XML tag 2020-07-20 00:14:44 +02:00
wicd.nix
wireguard.nix nixos/wireguard: fix typos and unify formatting 2020-07-19 14:57:39 +02:00
wpa_supplicant.nix nixos: wpa_supplicant: warn on unused config 2020-08-25 12:29:58 +02:00
xandikos.nix maintainers: 0x4A6F -> _0x4A6F 2020-08-18 07:59:44 +10:00
xinetd.nix
xl2tpd.nix
xrdp.nix
yggdrasil.nix nixos/yggdrasil: add manual section 2020-07-25 16:34:20 +02:00
yggdrasil.xml fixup! nixos/yggdrasil: add manual section 2020-07-25 16:34:20 +02:00
zerobin.nix
zeronet.nix
zerotierone.nix