20 Nov 2023 |
| chayleaf joined the room. | 18:15:07 |
28 Nov 2023 |
chayleaf | what do people here think of adding certspotter integration? I'm currently using the following certspotter config, and I thought it would be nice if something like this got added to something like security.acme.certspotter.enable = true | 01:19:45 |
chayleaf | * what do people here think of adding certspotter integration? I'm currently using the following certspotter config, and I thought it would be nice if something like security.acme.certspotter.enable = true got added | 01:20:11 |
hexa |
Certificate Transparency Log Monitor
| 14:16:18 |
hexa | I don't think we need to tie it into security.acme | 14:16:52 |
hexa | * I don't think we should add it into security.acme | 14:17:30 |
hexa | it can live in services.certspotter and you can still common names and san from security.acme | 14:19:00 |
hexa | * it can live in services.certspotter and you can still attach to common names and san from security.acme | 14:19:09 |
hexa | also allows monitoring more than one machine that way | 14:19:24 |
hexa | * also allows monitoring more than one machine's certs that way | 14:19:31 |
29 Nov 2023 |
K900 ⚡️ | The test broke for real this time :( https://hydra.nixos.org/build/242636049/nixlog/85/tail | 06:12:59 |
1 Dec 2023 |
| Moritz Hedtke set their display name to Moritz Hedtke. | 11:08:05 |
16 Dec 2023 |
raitobezarius (DECT 2128) | Hi there, I'm trying to use the ACME test server stuff | 15:21:21 |
raitobezarius (DECT 2128) | and it's exploding with error: The option nodes.acme.services.bind.zones.".".master' is used but not defined.` | 15:21:29 |
raitobezarius (DECT 2128) | * and it's exploding with
error: The option `nodes.acme.services.bind.zones.".".master' is used but not defined.\ | 15:21:35 |
raitobezarius (DECT 2128) | I didn't do any weird resolver stuff so I'm a bit confused | 15:21:46 |
raitobezarius (DECT 2128) | I actually followed the docs | 15:22:17 |
raitobezarius (DECT 2128) | # A configuration example of a full node setup using this would be this:
#
# {
# acme = import ./common/acme/server;
#
# example = { nodes, ... }: {
# networking.nameservers = [
# nodes.acme.networking.primaryIPAddress
# ];
# security.pki.certificateFiles = [
# nodes.acme.test-support.acme.caCert
# ];
# };
# }
| 15:22:19 |
raitobezarius (DECT 2128) | Also, it seems to occur during evaluation of … while evaluating the option nodes.acme.warnings':` | 15:24:43 |
raitobezarius (DECT 2128) | * Also, it seems to occur during evaluation of … while evaluating the option `nodes.acme.warnings':\ | 15:24:48 |
raitobezarius (DECT 2128) | hah it's a bug | 15:26:40 |
raitobezarius (DECT 2128) | BIND maintenance is really meh | 15:26:56 |
raitobezarius (DECT 2128) | or ACME common code maintenance is meh | 15:34:26 |
raitobezarius (DECT 2128) | It can go both way, anyway, found a bug | 15:34:30 |
raitobezarius (DECT 2128) | the parser of /etc/hosts is also more generically broken | 16:03:02 |
| * raitobezarius (DECT 2128) found another one character bug | 16:08:08 |
18 Dec 2023 |
m1cr0man | I would take acme common code maint being meh, it hasn't been touched in ages | 06:55:50 |
m1cr0man | needs a whole rewrite, too unreliable | 06:56:05 |
23 Dec 2023 |
| raitobezarius (DECT 2128) changed their display name from raitobezarius to raitobezarius (DECT 2128). | 22:22:39 |
26 Dec 2023 |
| sugi 📞8658 changed their display name from sugi to sugi 📞8658. | 00:55:57 |