| 21 May 2025 |
|  Spaenny joined the room. | 10:57:09 |
| 23 May 2025 |
 woobilicious | Is there an easy way to disable acme for test servers/vms? I know nixos-rebuild has a profile system, would that be how you do it? | 00:15:39 |
 hexa | not an acme specific question | 00:36:18 |
| hexa | you would need to nuke security.acme.certs to an empty attreset | 00:37:25 |
| hexa | and also things like enableACME on nginx | 00:37:37 |
| hexa | #users:nixos.org | 00:37:44 |
| hexa | * #users:nixos.org is the room tbh | 00:37:49 |
 m1cr0man | woobilicious: Ditto what hexa said - however you can DIY your own "disable all ACME" option. Just add a config option of your own (config.woobilicious.enableACME for example), then predicate your security.acme.certs and enableACME on that wherever you have it declared | 18:55:38 |
| m1cr0man | I assume you're dealing with a test vm, is the root of this issue that ACME is looking for internet access to renew certs whilst testing your real system config? I personally don't know how to deal with that just for the test system, but IIRC there is some flag/marker that you are in a test vm? | 18:57:06 |
| 24 May 2025 |
| woobilicious | m1cr0man:
Yeah I'm wanting to use nixos-rebuild test-vm, I used to use it before I hooked up ACME but I knew instantly it would cause issues, so I just started testing in production lol.
My real issue is that I still need certs for some of my config to work correctly. I guess I'll have to look in to profile system and how ACME works to have it generate certs but not try sign them. | 03:49:08 |
| woobilicious | I want to add anubis to my server, so it's going to be a whole ordeal getting the proxy setup and the certs working correctly. | 03:54:13 |
 Benedikt | In reply to @woobilicious:matrix.org
m1cr0man:
Yeah I'm wanting to use nixos-rebuild test-vm, I used to use it before I hooked up ACME but I knew instantly it would cause issues, so I just started testing in production lol.
My real issue is that I still need certs for some of my config to work correctly. I guess I'll have to look in to profile system and how ACME works to have it generate certs but not try sign them. This might be overkill for your use case, but we set up an additional acme and name_server nodes that we can use to replace the real acme servers in tests | 08:13:07 |
| Benedikt | The souce is here: https://git.foss-syndicate.org/vhack.eu/nixos-server/tree/tests/common/acme | 08:13:29 |
| woobilicious | oh interesting, yeah might be a bit overkill, but maybe it'll be some good insperation. | 08:15:33 |
| woobilicious | I could probably just disable the acme renewal service. | 08:17:33 |
| 25 May 2025 |
| m1cr0man | In reply to @soispha:vhack.eu
This might be overkill for your use case, but we set up an additional acme and name_server nodes that we can use to replace the real acme servers in tests That's nice. Seems to be based on the acme tests in nixpkgs? | 11:36:45 |
| Benedikt | In reply to @m1cr0man:m1cr0man.com
That's nice. Seems to be based on the acme tests in nixpkgs? Yes, initially I used the acme files directly, but had to vendor and significantly alter them to work as a drop in server (i.e. I did not understand how nixpkgs test acme stuff sets the CA root from pebble and they seemed to lack the dns server support) | 14:58:10 |
| m1cr0man | I never considered this use case. I might look into making the test suite stuff reusable and having some form of support for nixos-ebuild build-vm | 19:19:31 |
| 27 May 2025 |
|  @irenes:matrix.org left the room. | 08:58:16 |
|  @deeok:matrix.org joined the room. | 23:45:05 |
| 7 Jun 2025 |
| @deeok:matrix.org changed their display name from deeok to matrixrooms.info mod bot (does NOT read/send messages and/or invites; used for checking reported rooms). | 22:46:32 |
| @deeok:matrix.org left the room. | 23:49:05 |
| 9 Jun 2025 |
|  SigmaSquadron joined the room. | 13:15:35 |
| Spaenny changed their display name from Spaenny to Philipp. | 20:46:49 |
| 12 Jun 2025 |
|  tokudan changed their profile picture. | 11:48:58 |
| 27 Jun 2025 |
|  R̴̨͕͇͍̞̮̐̅͆̌̀̉̐͋̈́̃̀͒́̎̅̚̚̚͠͝Ĕ̵̡̛͖͖̟̙̫̱͈̘̞̭͍͍͑̌̄͑̓̋̓̀̈̏̈́͊̇͊͆̉͂̏̀̃̚͘͝͝ͅͅD̶̡̢͔̱̖̮͙͉̘̺͓͍̩̮͈͍͗̃̀̏͌͘͜ͅŚ̸̬̭̯̬͙͇͓̬̩̳̤͚͓̤̩̺͉͖̉͛̓̿̎͊̿̆́̐͂̇͌̄̇̓͘ͅͅT̴̞̫̘̝͇͔̟̪̪̦͂̔̎̀̎ͅŎ̷̡̬̹̪͈̭̣͈̭̭͉̦̖̝̘̪͖͔̥̦̘̻̳Ṋ̶̛̫͈̳̘͚̜̔̋͆̅̈́͊̑͊̉̌̈́̾͑̈́̚ͅË̸̡̨̨̛͇̜̖͔͖̻̟̗̠̙͓̘̗̥͉͇̜͑͆͊͑͑̀̓͒͜͝͝ changed their display name from Redstone to R̴̨͕͇͍̞̮̐̅͆̌̀̉̐͋̈́̃̀͒́̎̅̚̚̚͠͝Ĕ̵̡̛͖͖̟̙̫̱͈̘̞̭͍͍͑̌̄͑̓̋̓̀̈̏̈́͊̇͊͆̉͂̏̀̃̚͘͝͝ͅͅD̶̡̢͔̱̖̮͙͉̘̺͓͍̩̮͈͍͗̃̀̏͌͘͜ͅŚ̸̬̭̯̬͙͇͓̬̩̳̤͚͓̤̩̺͉͖̉͛̓̿̎͊̿̆́̐͂̇͌̄̇̓͘ͅͅT̴̞̫̘̝͇͔̟̪̪̦͂̔̎̀̎ͅŎ̷̡̬̹̪͈̭̣͈̭̭͉̦̖̝̘̪͖͔̥̦̘̻̳Ṋ̶̛̫͈̳̘͚̜̔̋͆̅̈́͊̑͊̉̌̈́̾͑̈́̚ͅË̸̡̨̨̛͇̜̖͔͖̻̟̗̠̙͓̘̗̥͉͇̜͑͆͊͑͑̀̓͒͜͝͝. | 00:55:22 |
| R̴̨͕͇͍̞̮̐̅͆̌̀̉̐͋̈́̃̀͒́̎̅̚̚̚͠͝Ĕ̵̡̛͖͖̟̙̫̱͈̘̞̭͍͍͑̌̄͑̓̋̓̀̈̏̈́͊̇͊͆̉͂̏̀̃̚͘͝͝ͅͅD̶̡̢͔̱̖̮͙͉̘̺͓͍̩̮͈͍͗̃̀̏͌͘͜ͅŚ̸̬̭̯̬͙͇͓̬̩̳̤͚͓̤̩̺͉͖̉͛̓̿̎͊̿̆́̐͂̇͌̄̇̓͘ͅͅT̴̞̫̘̝͇͔̟̪̪̦͂̔̎̀̎ͅŎ̷̡̬̹̪͈̭̣͈̭̭͉̦̖̝̘̪͖͔̥̦̘̻̳Ṋ̶̛̫͈̳̘͚̜̔̋͆̅̈́͊̑͊̉̌̈́̾͑̈́̚ͅË̸̡̨̨̛͇̜̖͔͖̻̟̗̠̙͓̘̗̥͉͇̜͑͆͊͑͑̀̓͒͜͝͝ changed their profile picture. | 00:56:28 |
