| 30 Aug 2022 |
|  aru joined the room. | 14:41:20 |
| aru left the room. | 14:52:54 |
| 12 Sep 2022 |
 hexa | https://github.com/NixOS/nixpkgs/pull/190826 | 19:08:17 |
| hexa | * https://github.com/NixOS/nixpkgs/pull/190826 👀 | 19:08:28 |
| 13 Sep 2022 |
| hexa | (who tells him?) | 02:17:56 |
 Dandellion | 👀 I told him | 02:58:05 |
| Dandellion | * 👀 (I told him) | 02:58:19 |
| 15 Sep 2022 |
|  m_algery joined the room. | 12:30:30 |
| m_algery left the room. | 12:30:33 |
| 18 Sep 2022 |
 Winter (she/her) | Thanks for reviewing that doc change m1cr0man, was waiting on you since you wrote the section :)
(didn't want to merge a bad/wrong change) | 22:49:20 |
 m1cr0man | Sorry for the delay! I'm actually not happy with that section of docs at all and I am tempted to rewrite the whole no web server guide entirely, but the guy is right - I'd rather not see it bitrot either :) | 23:00:07 |
| m1cr0man | I've hit critical mass on open issues too so I'm doing a round of fixes and features. On my list are:
https://github.com/NixOS/nixpkgs/issues/191794 (port 80 bind permission denied, already fixed locally)
https://github.com/NixOS/nixpkgs/issues/190493 (email change not detected? I think this is a user issue but confirming anyway)
https://github.com/NixOS/nixpkgs/issues/180980 (nginx default server problems. Will do my best but this might cause some big issues) | 23:01:36 |
| m1cr0man | Fwiw Winter I don't think it is tested, he said he did the edits on GH web. Truthfully I never fully tested that config when I first wrote it 😅 it was cannibalised from a config I had. Hence why I wanna refactor it | 23:07:46 |
| m1cr0man | https://github.com/go-acme/lego/pull/1657 lol just ran into this running tests. I'm gonna add -no-random-sleep in the test suite | 23:14:55 |
| 19 Sep 2022 |
| m1cr0man | WIP PR: https://github.com/NixOS/nixpkgs/pull/191861/files#diff-352faa44c3da86e70bd6b5a55ff13f0a900b0f2fac44229f352ed1fd5b93a262R486
Can you believe we didn't have a basic test for cert renewal? :P | 00:16:14 |
| m1cr0man | https://github.com/NixOS/nixpkgs/issues/180980 I really don't understand this ticket after an hour of reading | 19:46:08 |
| m1cr0man | From what I gather he's setting an explicit default server, but not all domains designated for HTTP-01 solving are set up with appropriate vhosts? He's relying on default_server behaviour to provide .well-known/acme-challenge to them. The nginx module doesn't set up a default_server by default and I can't see how I would introduce one without breaking existing configurations in some way, so is his own solution in the second last comment solving the whole ticket? | 19:48:42 |
| 4 Oct 2022 |
| m1cr0man | Hey folks. Anyone been able to look at https://github.com/NixOS/nixpkgs/pull/191861 ? There's a thread there about adding no-random-sleep to the default options. I think it makes sense due to how it will cause the renew service to run longer than necessary (and thus delay startup of dependent services), but this will update certHash and thus invalidate all existing certificates on all servers. I'd want to do that with the next release cycle which is coming up really soon. What do yous think of adding that option? | 21:03:13 |
| m1cr0man | I could add it here: https://github.com/m1cr0man/nixpkgs/blob/100dd8157d0843429081c31e76108897a27e7c06/nixos/modules/security/acme/default.nix#L192 which would not induce such a change. Infact, yeah I'll do that. This random delay does more harm than good, and hard coding it into the module will help rather than hinder. | 21:05:44 |
| hexa | could you report the state of the acme module in https://github.com/NixOS/nixpkgs/issues/194208? | 21:24:43 |
| hexa | like open issues you plan to tackle before the release | 21:24:54 |
| m1cr0man | yeah that's why im looking over this :) will do | 21:25:41 |
| hexa | thanks! 😄 | 21:27:05 |
| m1cr0man | Alright done :) | 21:53:56 |
| 9 Oct 2022 |
|  shapr joined the room. | 17:09:20 |
| shapr | Hello, I'm having problems with acme. Here's my entire configuration.nix .
The error I get is:
Oct 08 23:32:51 surtr nginx[88563]: 2022/10/08 23:32:51 [error] 88563#88563: *3038 open() "/var/lib/acme/acme-challenge/.well-known/acme-challenge/QRZ9CmjhedoazA3YKZaevRybxjy415mk-1OPiYmP9IY" failed (2: No such file or directory), client: 23.178.112.208, server: scannedinavian.com, request: "GET /.well-known/acme-challenge/QRZ9CmjhedoazA3YKZaevRybxjy415mk-1OPiYmP9IY HTTP/1.1", host: "scannedinavian.com"
Any idea why it's trying to serve from /var/lib/acme when I've set the webroot to /var/www | 17:11:55 |
| shapr | I found the problem! This line was setting the location incorrectly! | 20:44:55 |
| 15 Oct 2022 |
|  underpantsgnome changed their display name from underpantsgnome to underpantsgnome!. | 00:30:21 |
| 17 Oct 2022 |
| Winter (she/her) | Is it normal for (a) the renewal timers to fire on each reboot, and (b) for it to not be daily, as specified in the timer file? | 03:02:39 |
| Winter (she/her) | Here's what I mean:
```
Until: Sun 2022-10-16 22:57:57 EDT; 26s ago
Trigger: Mon 2022-10-17 05:09:17 EDT; 6h left
``` | 03:02:54 |
