| 13 Jun 2023 |
 emily | but that's another matter | 21:50:30 |
| 15 Jun 2023 |
 K900 (deprecated) | https://hydra.nixos.org/build/224218205 | 13:16:42 |
| K900 (deprecated) | Test failed again | 13:16:44 |
| K900 (deprecated) | Not restarting cause there's multiple evals queued after that already | 13:17:03 |
 hexa |
Test "Can request certificate with Lego's built in web server" failed with error: "unit "acme-finished-http.example.test.target" is inactive and there are no pending jobs"
| 13:26:26 |
| hexa | In reply to @hexa:lossy.network
Test "Can request certificate with Lego's built in web server" failed with error: "unit "acme-finished-http.example.test.target" is inactive and there are no pending jobs"
same as here 🥳 | 13:26:38 |
| hexa | saved to https://gist.github.com/mweinelt/0bf207904ea0a32e30f0aadd3e0b1bba | 13:27:07 |
|  ribosomerocker joined the room. | 16:40:24 |
| 19 Jun 2023 |
 Arian | https://github.com/systemd/systemd/issues/28075 | 10:43:36 |
| emily | heh, convenient | 10:56:36 |
 raitobezarius | systemd folks seemed more interested to implement this via implementing service limits on a slice | 13:02:23 |
| emily | on the issue or through your own communication with systemd people? | 13:10:33 |
| emily | I think on the issue we were just pushing back on "more bespoke complexity in the service scripts" by all means necessary :p | 13:10:49 |
| raitobezarius | on the systemd dev chat | 13:12:04 |
| raitobezarius | s/systemd folks/poettering | 13:12:24 |
| emily | right | 13:22:29 |
| emily | In reply to @m1cr0man:m1cr0man.com
okay yeah, so these are pretty lenient for most people. I think I was only concerned about the concurrent one that the ticket opener mentioned:
the “new-nonce”, “new-account”, “new-order”, and “revoke-cert” endpoints on the API have an Overall Requests limit of 20 per second.
Right now this one is very easy to do
tbh given ^ and the other limits we discussed at that time, some kind of time-based limits might be what we'd really want | 13:23:05 |
| emily | "N instances of this service per X period of time" | 13:23:17 |
| emily | i'm guessing systemd probably wouldn't go for that though | 13:23:22 |
| 28 Jun 2023 |
|  @lehmanator:gnulinux.club joined the room. | 19:28:06 |
| 30 Jun 2023 |
 m1cr0man | I have this really old PR to add useACMEHosts to opensmtpd. Anyone care to review? https://github.com/NixOS/nixpkgs/pull/123261 | 21:36:29 |
| 8 Jul 2023 |
| K900 (deprecated) | Found a new test failure mode: https://gist.github.com/K900/991b5c2b7b0637bf31237becf3066620 | 12:32:03 |
| 10 Jul 2023 |
| hexa | Shortening the Let's Encrypt Chain of Trust - https://letsencrypt.org/2023/07/10/cross-sign-expiration.html | 22:49:11 |
| hexa | No more cross signing in 2024 | 22:49:32 |
| emily | yay | 22:54:29 |
| emily | I see Firefox continues to be the world leader in fixing TLS problems on old operating systems :) | 22:55:07 |
| 21 Jul 2023 |
| m1cr0man | https://github.com/NixOS/nixpkgs/pull/244477 I don't think I'm missing anything here... environmentFile already does solve the motives for this PR | 08:01:19 |
| m1cr0man | Aw jeez he's taking me around in circles. EnvironmentFile negates the need for any credentials* support in the module, and I definitely don't want to introduce two solutions for the same problem. | 11:28:04 |
| m1cr0man | Replied again, hopefully helping him solve the root problem this time with the existing options | 11:39:54 |
| m1cr0man | Never mind I understand now what he was trying and it's a legit use case for LoadCredential | 13:04:36 |
