mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-24 07:53:19 +00:00
Revert "nixos/acme: Fix allowKeysForGroup not applying immediately"
This reverts commit 5532065d06
.
As far as I can tell setting RemainAfterExit=true here completely breaks
certificate renewal, which is really bad!
the sytemd timer will activate the service unit every OnCalendar=,
however with RemainAfterExit=true the service is already active! So the
timer doesn't rerun the service!
The commit also broke the actual tests, (As it broke activation too)
but this was fixed later in https://github.com/NixOS/nixpkgs/pull/76052
I wrongly assumed that PR fixed renewal too, which it didn't!
testing renewals is hard, as we need to sleep in tests.
This commit is contained in:
parent
86d71ddbed
commit
5c1c642939
@ -321,12 +321,6 @@ in
|
||||
wantedBy = mkIf (!config.boot.isContainer) [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
# With RemainAfterExit the service is considered active even
|
||||
# after the main process having exited, which means when it
|
||||
# gets changed, the activation phase restarts it, meaning
|
||||
# the permissions of the StateDirectory get adjusted
|
||||
# according to the specified group
|
||||
RemainAfterExit = true;
|
||||
User = data.user;
|
||||
Group = data.group;
|
||||
PrivateTmp = true;
|
||||
|
Loading…
Reference in New Issue
Block a user