acme: share accounts between certificates

There are strict rate limits on account creation for Let's Encrypt certificates. It is important to reuse credentails when possible.
2025-07-12 05:16:25 +03:00 · 2020-04-13 23:54:44 +01:00 · 2020-04-13 23:54:44 +01:00 · 827d5e6b44
commit 827d5e6b44
parent 81a6a80436
1 changed files with 2 additions and 1 deletions
--- a/nixos/modules/security/acme.nix
+++ b/nixos/modules/security/acme.nix
@ -330,13 +330,14 @@ in
                    User = data.user;
                    Group = data.group;
                    PrivateTmp = true;
-                    StateDirectory = "acme/.lego/${cert} ${lpath}";
+                    StateDirectory = "acme/.lego/${cert} acme/.lego/accounts ${lpath}";
                    StateDirectoryMode = if data.allowKeysForGroup then "750" else "700";
                    WorkingDirectory = spath;
                    # Only try loading the credentialsFile if the dns challenge is enabled
                    EnvironmentFile = if data.dnsProvider != null then data.credentialsFile else null;
                    ExecStart = pkgs.writeScript "acme-start" ''
                      #!${pkgs.runtimeShell} -e
+                      test -L ${spath}/accounts -o -d ${spath}/accounts || ln -s ../accounts ${spath}/accounts
                      ${pkgs.lego}/bin/lego ${renewOpts} || ${pkgs.lego}/bin/lego ${runOpts}
                    '';
                    ExecStartPost =