22 Aug 2023 |
raitobezarius | And used in NixOS | 19:32:29 |
raitobezarius | Rather than solved in NixOS | 19:32:32 |
raitobezarius | As you said it, we have too much complexity in our NixOS module | 19:32:54 |
raitobezarius | Because we don't have enough good primitives for this | 19:32:59 |
raitobezarius | systemd is in the good position to create the right primitive | 19:33:05 |
raitobezarius | Meanwhile, an official patch can be blessed | 19:33:12 |
raitobezarius | And can be applied to nixpkgs | 19:33:17 |
raitobezarius | https://github.com/systemd/systemd/issues/28075 | 19:33:38 |
raitobezarius | As the OP is interacting here, I'd just encourage to push through | 19:33:49 |
raitobezarius | And coordinate with NixOS systemd folks if help is needed | 19:33:56 |
raitobezarius | It's not like anyway we don't need that feature for something else than ACME | 19:35:56 |
raitobezarius | So I wish we don't see hacks to generalize this behavior everywhere | 19:36:03 |
m1cr0man | I do agree this should be solved upsream. I don't know if you clicked in but the "competing" PR (my one) is a pure systemd + nix implementation with arguably less overheads. | 20:26:48 |
m1cr0man | It's annoying to add more complexity but personally I am trying to keep the diff and unique code low where possible. Both lego and systemd could do with upstreamed features to help us out. For example, if lego had an "offline ok" flag for checking renewal that would remove all the openssl shenanigans. I did plan to upstream that at one point but just never had the time | 20:29:25 |
30 Aug 2023 |
| ajs124 joined the room. | 17:38:15 |