From 045ce94e55b0bc25d8352d4b243ca5c6e56d9931 Mon Sep 17 00:00:00 2001
From: Lucas Savva <lucas@m1cr0man.com>
Date: Sun, 28 Nov 2021 22:48:43 +0000
Subject: [PATCH] nixos/acme: Fix rate limiting of selfsigned services

Closes NixOS/nixpkgs#147348

I was able to reproduce this intermittently in the
test suite during the tests for HTTPd. Adding
StartLimitIntervalSec=0 to disable rate limiting
for these services works fine. I added it anywhere
there was a ConditionPathExists.

(cherry picked from commit be952aba1cff795f61f1608cb265b829c57fcb8e)
---
 nixos/modules/security/acme.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/nixos/modules/security/acme.nix b/nixos/modules/security/acme.nix
index 88c5774d187c..2815e2593b23 100644
--- a/nixos/modules/security/acme.nix
+++ b/nixos/modules/security/acme.nix
@@ -77,6 +77,7 @@ let
 
     unitConfig = {
       ConditionPathExists = "!/var/lib/acme/.minica/key.pem";
+      StartLimitIntervalSec = 0;
     };
 
     serviceConfig = commonServiceConfig // {
@@ -235,6 +236,7 @@ let
 
       unitConfig = {
         ConditionPathExists = "!/var/lib/acme/${cert}/key.pem";
+        StartLimitIntervalSec = 0;
       };
 
       serviceConfig = commonServiceConfig // {