colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/acme: Allow disabling bash tracing

Browse Source 
This is horrible if you want to debug failures that happened during
system switches but your 30-ish acme clients spam the log with the same
messages over and over again.
This commit is contained in:
Janne Heß 2021-11-26 13:58:40 +01:00
parent 08586ff592
commit e37aab2130
No known key found for this signature in database
GPG Key ID: 69165158F05265DF
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
nixos/modules/security/acme.nix
View File

@ -325,7 +325,8 @@ let
# Working directory will be /tmp
script = ''
set -euxo pipefail
${optionalString data.enableDebugLogs "set -x"}
set -euo pipefail
# This reimplements the expiration date check, but without querying
# the acme server first. By doing this offline, we avoid errors
@ -438,6 +439,8 @@ let
default = "_mkMergedOptionModule";
};
enableDebugLogs = mkEnableOption "debug logging for this certificate" // { default = cfg.enableDebugLogs; };
webroot = mkOption {
type = types.nullOr types.str;
default = null;
@ -616,6 +619,8 @@ in {
options = {
security.acme = {
enableDebugLogs = mkEnableOption "debug logging for all certificates by default" // { default = true; };
validMinDays = mkOption {
type = types.int;
default = 30;