18 Aug 2023 |
| thomaslepoix joined the room. | 07:23:23 |
| Xandor Schiefer joined the room. | 09:17:13 |
m1cr0man | that one I'm aware off - I need to wrap that curl in some retries | 18:52:40 |
19 Aug 2023 |
K900 | In reply to@k900:0upti.me New flake: https://hydra.nixos.org/build/231859621/nixlog/56/tail -small hit this again | 07:27:04 |
K900 | I kicked it but you know | 07:27:08 |
m1cr0man | God damn acme tests | 18:46:57 |
m1cr0man | I'm gonna fix that add-a right now | 18:47:02 |
| @cel:pussy.accountants left the room. | 18:56:00 |
m1cr0man | here we go https://github.com/NixOS/nixpkgs/pull/250260 | 21:43:25 |
22 Aug 2023 |
m1cr0man | Any comments from people on the locking PRs? Discussion here. Would appreciate an arbiter/voting on the preferred solution. | 18:21:42 |
raitobezarius | Personally, I'd prefer to see this solved in systemd | 19:32:27 |
raitobezarius | And used in NixOS | 19:32:29 |
raitobezarius | Rather than solved in NixOS | 19:32:32 |
raitobezarius | As you said it, we have too much complexity in our NixOS module | 19:32:54 |
raitobezarius | Because we don't have enough good primitives for this | 19:32:59 |
raitobezarius | systemd is in the good position to create the right primitive | 19:33:05 |
raitobezarius | Meanwhile, an official patch can be blessed | 19:33:12 |
raitobezarius | And can be applied to nixpkgs | 19:33:17 |
raitobezarius | https://github.com/systemd/systemd/issues/28075 | 19:33:38 |
raitobezarius | As the OP is interacting here, I'd just encourage to push through | 19:33:49 |
raitobezarius | And coordinate with NixOS systemd folks if help is needed | 19:33:56 |
raitobezarius | It's not like anyway we don't need that feature for something else than ACME | 19:35:56 |
raitobezarius | So I wish we don't see hacks to generalize this behavior everywhere | 19:36:03 |
m1cr0man | I do agree this should be solved upsream. I don't know if you clicked in but the "competing" PR (my one) is a pure systemd + nix implementation with arguably less overheads. | 20:26:48 |
m1cr0man | It's annoying to add more complexity but personally I am trying to keep the diff and unique code low where possible. Both lego and systemd could do with upstreamed features to help us out. For example, if lego had an "offline ok" flag for checking renewal that would remove all the openssl shenanigans. I did plan to upstream that at one point but just never had the time | 20:29:25 |
30 Aug 2023 |
| ajs124 joined the room. | 17:38:15 |
| @andreas.schraegle:helsinki-systems.de left the room. | 17:57:46 |
| osnyx (he/him) joined the room. | 23:06:39 |
31 Aug 2023 |
| Moritz Hedtke removed their display name moritz.hedtke. | 16:13:38 |
4 Sep 2023 |
osnyx (he/him) | Finally noticing there's a NixOS ACME room, I'd like to kindly invite you to give your opinion on https://github.com/NixOS/nixpkgs/issues/232505#issuecomment-1669434562 and how we can move this forward. It'd be really great to get this into 23.11 as a fix that does change some default behaviour.
I'll also be present at NixCon later this week for further discussions there, but feel free to spread the discussion on this over Matrix and the GitHub issue/PRs as well. | 12:12:12 |