3 Jun 2024 |
Sandro π§ | Going back to null is also not that great because then we rely on the lego defaults which could change in the future | 09:56:08 |
Sandro π§ | If you have a change I could test, throw it over the fence | 10:00:00 |
Arian | yeh I think the only solution is to do some state mangling.
Or just put in the release notes that the hash changed and call it a day
| 10:00:10 |
Sandro π§ | I really thought we already had that in the release notes... | 10:00:36 |
Arian | We used to have bugs where we would recreate the same account multiple times: https://github.com/NixOS/nixpkgs/pull/106857 and the account creation rate limiting is very aggressive (5 per day?) But I think we dont run into that issue anymore | 10:00:39 |
Arian | So the rate-limit issue is probably less of a problem; unless you have A lot of domains | 10:01:25 |
Sandro π§ | As said, I've updated 25 VMs or so with that and the only problem I've ran into was that the one DNS challenge could not create records for all aliases | 10:01:42 |
Sandro π§ | All other http challenges worked like a charm and I probably updated a VM every 5 to 10 minutes | 10:02:08 |
Sandro π§ | In reply to @arianvp:matrix.org So the rate-limit issue is probably less of a problem; unless you have A lot of domains If the domains are similar, I always use the DNS challenge to avoid sich scenarios in case of data loss but probably not everyone is doing that | 10:03:00 |
Arian | Redacted or Malformed Event | 10:05:25 |
Arian | We also have https://github.com/NixOS/nixpkgs/pull/244511 which limits concurrent domain creation. I didn't realise that landed | 10:05:55 |
Arian | So... the rate limit concern is probably not so big. This is just a problem with people with CAA records. I think I'm okay with just double checking this is in the release notes and if not add it | 10:06:21 |
Arian | If ya'll agree lets go with a prominent entry in the release notes. If someone has energy to do a state convergence PR that's a nice to have but probably not as urgent as I initially thought | 10:09:21 |
Sandro π§ | In reply to @arianvp:matrix.org We also have https://github.com/NixOS/nixpkgs/pull/244511 which limits concurrent domain creation. I didn't realise that landed I think that is mainly there to prevent going immediately into the rate limit of something fails | 10:12:21 |
Sandro π§ | I mean we should probably do a release notes entry either way | 10:12:40 |
Sandro π§ | And testing state changes like that should probably not be done to quick to not create the next bugs π
| 10:12:56 |
Sandro π§ | Also merge that test please π
π | 10:13:04 |
Sandro π§ | Can't you mitigate this by setting the URL back to null? | 10:15:21 |
Sandro π§ | I think no one mentioned that yet | 10:15:27 |
Arian | no because we removed the nullOr from the type | 10:16:02 |
Arian | but we could add that!! | 10:16:04 |
Arian | good idea. | 10:16:09 |
Arian | Good thinking | 10:16:28 |
StΓ©phan | I like that too. Something like this? https://github.com/NixOS/nixpkgs/compare/master...stephank:nixpkgs:fix-acme2 | 11:00:06 |
Sandro π§ | Maybe we should couple that with a warning that people should set the URL explicit | 11:23:12 |
Sandro π§ | but then, is that worth it? I dono | 11:23:20 |
CPU | In reply to @arianvp:matrix.org If there are any volunteers to join the team just yell ;) :wave: I would be interested. Is commented on #316854 the best way to get looped in? | 14:45:48 |
CPU | In reply to @arianvp:matrix.org If there are any volunteers to join the team just yell ;) * :wave: I would be interested. Is commenting on #316854 the best way to get looped in? | 14:45:54 |
Arian | StΓ©phan: yeh that looks perfect. Wanna open a PR for that? | 18:42:18 |
4 Jun 2024 |
| raitobezarius changed their display name from raitobezarius (DECT: 7248) to raitobezarius. | 11:14:33 |