From d1f07e63820121bde6b939be7cfafbef2ea9939d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phan=20Kochen?= Date: Mon, 3 Jun 2024 12:59:05 +0200 Subject: [PATCH] nixos/acme: allow setting security.acme.defaults.server = null to keep old accounts directory The accounts directory is based on the hash of the settings. https://github.com/NixOS/nixpkgs/pull/270221 changed the default of security.acme.defaults.server from null to the default letsencrypt URL however as an unwanted side effect this means the accounts directory changes and the ACME module will create a new a new account. This can cause issues with people using CAA records that pin the account ID or people who have datacenter-scale NixOS deployments We allow setting this option to null again for people who want to keep the old account and migrate at their own leisure. Fixes https://github.com/NixOS/nixpkgs/issues/316608 Co-authored-by: Arian van Putten --- nixos/modules/security/acme/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/security/acme/default.nix b/nixos/modules/security/acme/default.nix index 5ffafdc37fef..83581d02840e 100644 --- a/nixos/modules/security/acme/default.nix +++ b/nixos/modules/security/acme/default.nix @@ -545,7 +545,7 @@ let }; server = mkOption { - type = types.str; + type = types.nullOr types.str; inherit (defaultAndText "server" "https://acme-v02.api.letsencrypt.org/directory") default defaultText; example = "https://acme-staging-v02.api.letsencrypt.org/directory"; description = ''