aboutsummaryrefslogtreecommitdiff
path: root/nixpkgs/nixos/modules/security/acme.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixpkgs/nixos/modules/security/acme.nix')
-rw-r--r--nixpkgs/nixos/modules/security/acme.nix7
1 files changed, 5 insertions, 2 deletions
diff --git a/nixpkgs/nixos/modules/security/acme.nix b/nixpkgs/nixos/modules/security/acme.nix
index 9563029f030..890c421b0ea 100644
--- a/nixpkgs/nixos/modules/security/acme.nix
+++ b/nixpkgs/nixos/modules/security/acme.nix
@@ -127,6 +127,9 @@ in
"https://acme-staging-v02.api.letsencrypt.org/directory".
''
)
+ (mkRemovedOptionModule [ "security" "acme" "directory"] "ACME Directory is now hardcoded to /var/lib/acme and its permisisons are managed by systemd. See https://github.com/NixOS/nixpkgs/issues/53852 for more info.")
+ (mkRemovedOptionModule [ "security" "acme" "preDelay"] "This option has been removed. If you want to make sure that something executes before certificates are provisioned, add a RequiredBy=acme-\${cert}.service to the service you want to execute before the cert renewal")
+ (mkRemovedOptionModule [ "security" "acme" "activationDelay"] "This option has been removed. If you want to make sure that something executes before certificates are provisioned, add a RequiredBy=acme-\${cert}.service to the service you want to execute before the cert renewal")
];
options = {
security.acme = {
@@ -238,9 +241,9 @@ in
StateDirectoryMode = rights;
WorkingDirectory = "/var/lib/${lpath}";
ExecStart = "${pkgs.simp_le}/bin/simp_le ${escapeShellArgs cmdline}";
- ExecStopPost =
+ ExecStartPost =
let
- script = pkgs.writeScript "acme-post-stop" ''
+ script = pkgs.writeScript "acme-post-start" ''
#!${pkgs.runtimeShell} -e
${data.postRun}
'';
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-28 23:51:52 +0000