Merge pull request #91121 from m1cr0man/master

Restructure acme module
NixOS · Sep 6, 2020 · d704694 · d704694
2 parents 2dd4157 + 34b5c5c
commit d704694
Show file tree

Hide file tree

Showing 16 changed files with 901 additions and 737 deletions.
diff --git a/nixos/doc/manual/release-notes/rl-2009.xml b/nixos/doc/manual/release-notes/rl-2009.xml
@@ -394,6 +394,20 @@ php.override {
 
      </para>
    </listitem>
+   <listitem>
+    <para>
+     The ACME module has been overhauled for simplicity and maintainability.
+     Cert generation now implicitly uses the <literal>acme</literal>
+     user, and the <literal>security.acme.certs._name_.user</literal> option
+     has been removed. Instead, certificate access from other services is now
+     managed through group permissions. The module no longer runs lego
+     twice under certain conditions, and will correctly renew certificates if
+     their configuration is changed. Services which reload nginx and httpd after
+     certificate renewal are now properly configured too so you no longer have
+     to do this manually if you are using HTTPS enabled virtual hosts. A mechanism
+     for regenerating certs on demand has also been added and documented.
+    </para>
+   </listitem>
    <listitem>
      <para>
       Gollum received a major update to version 5.x and you may have to change