| 5 Mar 2022 |
 m1cr0man | nope go ahead! | 19:59:57 |
 Winter (she/her) | wording could be refined, but i hope i got my point across. | 20:00:54 |
| m1cr0man | It reads just fine to me! :) I'm gonna echo my earlier points in there for visibility | 20:04:53 |
| m1cr0man | Winter have you ever seen this issue? https://github.com/NixOS/nixpkgs/issues/84633 this one is where a lot of the design decisions were made wrt the current module | 20:12:54 |
| m1cr0man | What's funny is that Emily actually proposed in 2020 that we use just the acme group, and flokli suggested a really interesting solution for multi-group access using setfacl https://github.com/NixOS/nixpkgs/issues/84633#issuecomment-611413664 | 20:29:42 |
| m1cr0man | Okay, I have finished my essay of a comment 😅 I made some new points there | 20:35:33 |
| m1cr0man | I hope it doesn't come across as me shutting down the idea btw, I'm really happy that someone is taking the time to be critical about the implementation in its current state.
I just had an idea though. What do you think of using users.users.${serviceUser}.extraGroups instead of SupplementaryGroups? That way it's easier for users to understand/see how their services can access the certs, and it avoids adding another layer to the cake of ACME permissions management. This is also what most users are going to do/doing to fix permission issues today.
| 20:44:27 |
| Winter (she/her) | I have no issues with that at all! | 20:50:11 |
| Winter (she/her) | I mainly brought up systemd because that's what Caddy did | 20:50:25 |
| Winter (she/her) | Maybe we could switch Caddy over to that, then. | 20:50:34 |
| Winter (she/her) | (Did you already propose that in the issue?) | 20:50:42 |
| m1cr0man | No I will now though :) | 20:50:49 |
| m1cr0man | There we go | 20:51:28 |
| 8 Mar 2022 |
|  finn joined the room. | 16:06:50 |
| 30 Mar 2022 |
|  Zach joined the room. | 01:30:17 |
| Zach changed their display name from zach to Zach. | 01:54:07 |
| Zach set a profile picture. | 01:54:10 |
| 12 Apr 2022 |
 hexa | well, here I am and I can acknowledge that I dug myself into a hole by having a single certificate per host, where I crammed all required names into extraDomains like a moron | 00:29:38 |
| hexa | because I was too lazy to repeat the dns provider config | 00:30:04 |
| hexa | and of course now there is security.acme.defaults, the bad boy that is helping me out big time | 00:30:27 |
| hexa | kudos! | 00:30:29 |
| hexa | biggest cert has 11 SAN entries | 00:31:00 |
| hexa | very flaky to renew, because validation sometimes goes wrong | 00:31:12 |
| hexa | and trying 11 validations in one, boy. | 00:31:20 |
| 19 Apr 2022 |
|  anthr76 joined the room. | 18:20:01 |
| 20 Apr 2022 |
|  ahmed joined the room. | 18:59:58 |
| 21 Apr 2022 |
|  An exploring bot joined the room. | 00:50:01 |
| An exploring bot left the room. | 00:50:02 |
| 23 Apr 2022 |
| m1cr0man | In reply to @hexa:lossy.network
and of course now there is security.acme.defaults, the bad boy that is helping me out big time :D This has really been a great value add feature. It's nice to see it getting a lot of use. | 16:46:02 |
| 27 Apr 2022 |
| anthr76 changed their profile picture. | 22:13:45 |
