| 6 Oct 2021 |
|  Rosario Pulella changed their display name from Rosuavio to Rosario Pulella. | 10:44:57 |
 m1cr0man | Hey folks 👋 been a while since I've been on Matrix 😅 How are things? Seeing the news about the acme root cert stuff last week, it was nice to know that our module was not going to result in any issues 💪 😉 | 20:21:14 |
 hexa | yeah, the module is really awesome, and we are iterating in small steps on it to make it even better! | 20:47:23 |
| hexa | two things on the 21.11 agenda | 20:47:33 |
| hexa | https://github.com/NixOS/nixpkgs/pull/139311 (hardening fix)
https://github.com/NixOS/nixpkgs/pull/140743 (design)
https://github.com/NixOS/nixpkgs/pull/125256 (stale)
https://github.com/NixOS/nixpkgs/pull/140479 (merged) | 20:48:43 |
| 12 Oct 2021 |
 @grahamc:nixos.org | I don't suppose our module supports DNS01 challenges? | 15:01:20 |
| @grahamc:nixos.org | security.acme.certs.<name>.dnsProvider hmm it seems to... time to read the module | 15:02:12 |
| @grahamc:nixos.org | hot dog https://github.com/NixOS/nixpkgs/blob/nixos-21.05/nixos/modules/security/acme.nix#L125-L131 | 15:02:35 |
| @grahamc:nixos.org | this is so much easier than it used to be | 15:03:22 |
| hexa | since 20.09 😁 | 15:06:09 |
 Arian | You're welcome! | 15:11:05 |
| 16 Oct 2021 |
| hexa | m1cr0man: need feedback here https://github.com/NixOS/nixpkgs/pull/139311 | 15:59:03 |
| 25 Oct 2021 |
| m1cr0man | Hehe my own certs were broke :P I think some part of the certhash logic failed.. might need to investigate that. I'm not quick to blame the service though because I (naturally) mess around with it so much | 18:54:27 |
| m1cr0man | Sorry I was AWOL I've been very busy | 18:54:40 |
|  haugh changed their profile picture. | 23:04:28 |
| 26 Oct 2021 |
| @grahamc:nixos.orgchanged room power levels. | 01:18:33 |
|  NixOS Moderation Bot changed their display name from mjolnir to NixOS Moderation Bot. | 02:00:18 |
| NixOS Moderation Bot set a profile picture. | 02:00:35 |
| NixOS Moderation Bot changed their profile picture. | 02:23:50 |
| NixOS Moderation Bot changed their profile picture. | 02:33:19 |
| 6 Nov 2021 |
|  Tseb joined the room. | 09:19:26 |
| Tseb left the room. | 09:25:07 |
| 9 Nov 2021 |
| haugh left the room. | 20:10:47 |
| 11 Nov 2021 |
|  EdLin joined the room. | 07:46:23 |
| EdLin left the room. | 08:03:18 |
| 16 Nov 2021 |
|  moritz.hedtke joined the room. | 10:48:54 |
| 20 Nov 2021 |
|  nykw joined the room. | 11:10:15 |
| 23 Nov 2021 |
|  Server Stats Discoverer (traveler bot) left the room. | 02:35:48 |
| 24 Nov 2021 |
| m1cr0man | Just looking through github for acme-related work. I found this old PR: https://github.com/NixOS/nixpkgs/pull/46379 about letting useAcmeHost=true vhosts add their aliases to the acme cert automatically. I'm actually against this idea - the main use case nowadays for useAcmeHost is specifying a wildcard cert to use with a bunch of stuff, and that would generally be a better idea than having a cert with lots of subject alternate names. Fwiw, if you just enableACME on a vhost we already do build a cert that includes serverAliases in extraDomains (see https://github.com/NixOS/nixpkgs/blob/c18638dc95216b1b2930d16e1334613d82d05e8e/nixos/modules/services/web-servers/nginx/default.nix#L935) | 21:37:23 |
| hexa | m1cr0man: can i pm you to look at an acme issue? | 22:04:31 |
