| 31 Oct 2023 |
 K900 | The "unit "acme-finished-http.example.test.target" is inactive and there are no pending jobs" flake is back | 07:59:43 |
| 15 Nov 2023 |
|  @grahamc:nixos.orgchanged room power levels. | 16:15:02 |
| @grahamc:nixos.org left the room. | 16:15:02 |
|  mjolnirchanged room power levels. | 18:12:01 |
| 19 Nov 2023 |
|  @pederbs:pvv.ntnu.no changed their display name from pbsds to pbsds (federation borken, may not see reply). | 03:35:17 |
|  ZXGU joined the room. | 11:02:31 |
| @pederbs:pvv.ntnu.no changed their display name from pbsds (federation borken, may not see reply) to pbsds. | 20:38:37 |
| 20 Nov 2023 |
|  chayleaf joined the room. | 18:15:07 |
| 28 Nov 2023 |
| chayleaf | what do people here think of adding certspotter integration? I'm currently using the following certspotter config, and I thought it would be nice if something like this got added to something like security.acme.certspotter.enable = true | 01:19:45 |
| chayleaf | * what do people here think of adding certspotter integration? I'm currently using the following certspotter config, and I thought it would be nice if something like security.acme.certspotter.enable = true got added | 01:20:11 |
 hexa |
Certificate Transparency Log Monitor
| 14:16:18 |
| hexa | I don't think we need to tie it into security.acme | 14:16:52 |
| hexa | * I don't think we should add it into security.acme | 14:17:30 |
| hexa | it can live in services.certspotter and you can still common names and san from security.acme | 14:19:00 |
| hexa | * it can live in services.certspotter and you can still attach to common names and san from security.acme | 14:19:09 |
| hexa | also allows monitoring more than one machine that way | 14:19:24 |
| hexa | * also allows monitoring more than one machine's certs that way | 14:19:31 |
| 29 Nov 2023 |
| K900 | The test broke for real this time :( https://hydra.nixos.org/build/242636049/nixlog/85/tail | 06:12:59 |
| 1 Dec 2023 |
|  Moritz Hedtke set their display name to Moritz Hedtke. | 11:08:05 |
| 16 Dec 2023 |
 raitobezarius | Hi there, I'm trying to use the ACME test server stuff | 15:21:21 |
| raitobezarius | and it's exploding with error: The option nodes.acme.services.bind.zones.".".master' is used but not defined.` | 15:21:29 |
| raitobezarius | * and it's exploding with
error: The option `nodes.acme.services.bind.zones.".".master' is used but not defined.\ | 15:21:35 |
| raitobezarius | I didn't do any weird resolver stuff so I'm a bit confused | 15:21:46 |
| raitobezarius | I actually followed the docs | 15:22:17 |
| raitobezarius | # A configuration example of a full node setup using this would be this:
#
# {
# acme = import ./common/acme/server;
#
# example = { nodes, ... }: {
# networking.nameservers = [
# nodes.acme.networking.primaryIPAddress
# ];
# security.pki.certificateFiles = [
# nodes.acme.test-support.acme.caCert
# ];
# };
# }
| 15:22:19 |
| raitobezarius | Also, it seems to occur during evaluation of … while evaluating the option nodes.acme.warnings':` | 15:24:43 |
| raitobezarius | * Also, it seems to occur during evaluation of … while evaluating the option `nodes.acme.warnings':\ | 15:24:48 |
| raitobezarius | hah it's a bug | 15:26:40 |
| raitobezarius | BIND maintenance is really meh | 15:26:56 |
| raitobezarius | or ACME common code maintenance is meh | 15:34:26 |
