| 1 Jun 2021 |
 m1cr0man | https://github.com/NixOS/nixpkgs/pull/125256 This looks fine to me, I had to dig through acme module and check that there were no other dependencies on webroot and sure enough there isnt. My only thought is that you would have to go into the lego docs to find the default port that's gonna run on. Should we add a Nix option for the legoHttpPort? | 18:39:20 |
| 2 Jun 2021 |
 hexa | --http.webroot value Set the webroot folder to use for HTTP based challenges to write directly in a file in .well-known/acme-challenge. This disables the built-in server and expects the given directory to be publicly served with access to .well-known/acme-challenge
| 00:33:03 |
| hexa | not defaulting to http.webroot sgtm, same as reuseKey, hard to remove | 00:33:26 |
| hexa | --http.port value Set the port and interface to use for HTTP based challenges to listen on.Supported: interface:port or :port. (default: ":80")
| 00:33:59 |
| hexa | allowing to set http.port instead sgtm, and in fact CAP_BIND_NET_SERVICE could be conditional on the port being < 1024 | 00:34:30 |
| hexa | though doesn't letsencrypt check on 80/tcp? is that even an option? | 00:35:15 |
| 3 Jun 2021 |
| hexa | would love some feedback or a merge on https://github.com/NixOS/nixpkgs/pull/123258 | 03:25:49 |
| hexa | PSA: update-owner-name in knot 3.0 is "case-sensitive", so a.example.com will not match a.example.com. | 17:25:11 |
| hexa | This will break our DNS01 based ACME setup, if you haven't used fully qualified names before. | 17:25:37 |
| hexa | https://www.knot-dns.cz/docs/3.0/html/migration.html#acl | 17:27:17 |
| 4 Jun 2021 |
| m1cr0man | well assuming you're using knot? | 15:36:20 |
| hexa | of course, that's why I linked the migration docs | 15:42:20 |
| hexa | it broken for me and I only noticed because I set up a new machine and it wouldn't work | 15:42:33 |
| hexa | so the older machines that were not yet up for renewal would've broken some time in the future | 15:42:51 |
| 5 Jun 2021 |
|  nyanotech joined the room. | 14:21:42 |
| 10 Jun 2021 |
|  Ekleog joined the room. | 16:55:37 |
| 13 Jun 2021 |
|  aaronchall joined the room. | 04:43:51 |
 aaron | m1cr0man: i noticed that the httpd-config-reload service runs after every rebuild, which causes apache to be reloaded after every rebuild - is this intentional? | 13:44:47 |
| m1cr0man | yes | 17:07:08 |
| m1cr0man | Erm, actually... maybe not | 17:07:47 |
| aaron | m1cr0man: ok. so... maybe, but maybe not. 🤔 | 21:37:22 |
| aaron | hahaha let me know if you come up with a solid answer
i want to write a PR which hacks up the service which is causing the reloads, but I'll need to make sure what the intended behavior is first | 21:38:20 |
| 14 Jun 2021 |
|  Dandellion changed their profile picture. | 14:48:38 |
| 15 Jun 2021 |
|  @grahamc:nixos.org invited  NixOS Moderation Bot. | 16:23:55 |
| NixOS Moderation Bot joined the room. | 16:23:56 |
| 16 Jun 2021 |
|  Rosario Pulella joined the room. | 18:52:17 |
| hexa | https://github.com/NixOS/nixpkgs/pull/125770 | 22:51:56 |
| hexa | was merged recently and is now being backported to fix failing acme tests when backporting an updated apacheHttpd version | 22:52:17 |
| 19 Jun 2021 |
| m1cr0man | wrt the above did we forget to trigger "ofborg test acme" on this PR? https://github.com/NixOS/nixpkgs/pull/124950 di | 14:26:13 |
| m1cr0man | * wrt the above did we forget to trigger "ofborg test acme" on this PR? https://github.com/NixOS/nixpkgs/pull/124950 | 14:26:15 |
