| 26 Dec 2021 |
 Winter (she/her) | * In reply to @m1cr0man:m1cr0man.com
It did up until recently, but then some other maintainer removed its fixed UID. I was not against it - for the reason hexa says but also you're not transporting certs between systems anyway and the UID will never change once randomly picked.
the UID will never change once randomly picked.
unless youβre wiping your rootdir on every boot (hi), which regenerates /etc/passwd, so then youβre at the mercy of JSON ordering | 21:07:23 |
 m1cr0man | you can always set your own UID :) | 21:07:36 |
| m1cr0man | just set user.users.acme.uid = 123; | 21:07:48 |
 hexa | yeah, I'm reluctant to spend fixed uids on something if we don't have to π | 21:08:06 |
| m1cr0man | We also can't solve for every case, which is a lesson I've learned the hard way with this module | 21:08:29 |
| hexa | bingo | 21:08:47 |
| Winter (she/her) | In reply to @m1cr0man:m1cr0man.com
you can always set your own UID :) yeah of course | 21:10:14 |
| m1cr0man | My logic at this point is if it can be done easily, we don't need to reimplement it. This is a case like that. If someone was trying to override the user itself, that would be more complex (and why I added useRoot in the PR, lol) | 21:12:15 |
| m1cr0man | speaking of the PR | 21:12:17 |
| m1cr0man | finally rebased :D | 21:13:17 |
| hexa | waiting for aanderse to take a look π | 21:49:11 |
| m1cr0man | ok | 21:49:38 |
 aanderse | which one? | 21:49:44 |
| m1cr0man | this one https://github.com/NixOS/nixpkgs/pull/147784 | 21:53:39 |
| m1cr0man | I found an issue with caddy, at least I'm 80% sure I did | 21:53:49 |
| aanderse | thanks! I'll look tonight | 21:54:41 |
| aanderse | hmmm ok
my cert takes 30 minutes to renew (no, I'm not being sarcastic at all ... between 20 and 30 minutes) so i actually haven't tested that it worked - i cannot properly | 21:56:28 |
| Winter (she/her) | tf lol | 21:59:24 |
| Winter (she/her) | is that on the server side? | 21:59:42 |
| m1cr0man | In reply to @aanderse:nixos.dev
hmmm ok
my cert takes 30 minutes to renew (no, I'm not being sarcastic at all ... between 20 and 30 minutes) so i actually haven't tested that it worked - i cannot properly You can nix-build the test suite now if you need a quick testing solution. Just comment out all the other subtests ;) | 22:14:59 |
| aanderse | Winter: yes
i like my dns provider because they have an awesome feature set and are a good price
i do not like how it takes 30 minutes for my wildcard to renew π | 22:16:24 |
| aanderse | but since it's a wildcard i only need to do the one cert | 22:16:52 |
| aanderse | that happens on a timer so it's not a practical issue | 22:17:24 |
| m1cr0man | If your config is based on master/your own PR, you should be able to tell if renew has worked based on the age of the cert your caddy server is giving out right? | 22:20:36 |
| aanderse | that sounds right | 22:37:08 |
| hexa | I use rfc2316 with my own authoritative server and by default lego waits a minute between each SAN | 22:42:48 |
| hexa | if I reduce that time to ~10s it fails sometimes | 22:43:06 |
| hexa | which is worrying | 22:43:13 |
| hexa | like β¦ why wouldn't 10 seconds work for a dynamic dns update π | 22:43:22 |
| Winter (she/her) | In reply to @aanderse:nixos.dev
Winter: yes
i like my dns provider because they have an awesome feature set and are a good price
i do not like how it takes 30 minutes for my wildcard to renew π what DNS provider if I may ask? | 22:55:50 |
