| 26 Dec 2021 |
 m1cr0man | it's in scope, we maintain it :) | 16:30:15 |
 Winter (she/her) | https://github.com/NixOS/nixpkgs/blob/b0f154fd440bdf43a483b8ca46020d7d6cec5fbf/nixos/modules/services/web-servers/nginx/default.nix#L952
Why is mkDefault used here, in what scenario would this value need to be changed from the Nginx group? | 17:03:56 |
| m1cr0man | good question! It's very simple. we want security.acme.defaults.group or security.acme.certs.<cert>.group to take precedence | 17:08:11 |
| m1cr0man | actually, defaults.group won't override it I don't think, but the <cert>.group definitely will | 17:09:16 |
| m1cr0man | It gets even wilder in the next PR ;) https://github.com/NixOS/nixpkgs/pull/147784/files#diff-9b5561c4bb76ed61cd945467b6ccacb8343bb8ed8d2ad8a1e43505db34352722R943-R949 | 17:10:21 |
| Winter (she/her) | oh no. | 17:10:47 |
| Winter (she/her) | lol | 17:10:49 |
| Winter (she/her) | where is security.acme.defaults even defined? can’t find that anywhere >.< | 17:11:10 |
| m1cr0man | it's in that PR | 17:11:14 |
| m1cr0man | it's not in master yet | 17:11:19 |
| Winter (she/her) | ahh | 17:11:30 |
| m1cr0man | it's also fully doc'd in that PR, in case you were looking for docs too lol | 17:11:38 |
| m1cr0man | I specifically document how to make use of the nginx vhost stuff for DNS-01 validation, which includes making use of that webroot logic | 17:12:27 |
| m1cr0man | Wrote a test for caddy to cover https://github.com/NixOS/nixpkgs/pull/147973 . Once it passes I'll push + we'll be good for merge | 17:24:13 |
| Winter (she/her) | Is there any reason the acme user doesn’t have a preset UID/GID like other modules’ users do? | 20:01:48 |
 hexa | because it doesn't really matter? It is always referenced by name. | 20:11:20 |
| Winter (she/her) | that’s fair | 20:20:50 |
| m1cr0man | It did up until recently, but then some other maintainer removed its fixed UID. I was not against it - for the reason hexa says but also you're not transporting certs between systems anyway and the UID will never change when randomly picked. | 20:34:44 |
| m1cr0man | * It did up until recently, but then some other maintainer removed its fixed UID. I was not against it - for the reason hexa says but also you're not transporting certs between systems anyway and the UID will never change once randomly picked. | 20:34:50 |
| m1cr0man | so it turns out my tests found a bug in caddy ;D | 20:35:11 |
