commit dda82d9eefd629836bdfdcde501aeac1588e77fb · pyrox.dev/nixpkgs

+6 -4
nixos/modules/security/acme/default.nix
···

       1017
       1017
        
               # systemd clean --what=state is used to delete the account, so long as the user

     

       1018
       1018
        
               # then runs one of the cert services, there won't be any issues.

     

       1019
       1019
        
               accountTargets = lib.mapAttrs' (hash: confs: let

     

       1020
       1020
       -
                 leader = "acme-${(builtins.head confs).cert}.service";

     

       1021
       1021
       -
                 dependantServices = map (conf: "acme-${conf.cert}.service") (builtins.tail confs);

     

       1020
       1020
       +
                 dnsConfs = builtins.filter (conf: cfg.certs.${conf.cert}.dnsProvider != null) confs;

     

       1021
       1021
       +
                 leaderConf = if dnsConfs != [ ] then builtins.head dnsConfs else builtins.head confs;

     

       1022
       1022
       +
                 leader = "acme-${leaderConf.cert}.service";

     

       1023
       1023
       +
                 followers = map (conf: "acme-${conf.cert}.service") (builtins.filter (conf: conf != leaderConf) confs);

     

       1022
       1024
        
               in lib.nameValuePair "acme-account-${hash}" {

     

       1023
       1023
       -
                 requiredBy = dependantServices;

     

       1024
       1024
       -
                 before = dependantServices;

     

       1025
       1025
       +
                 requiredBy = followers;

     

       1026
       1026
       +
                 before = followers;

     

       1025
       1027
        
                 requires = [ leader ];

     

       1026
       1028
        
                 after = [ leader ];

     

       1027
       1029
        
               }) (lib.groupBy (conf: conf.accountHash) (lib.attrValues certConfigs));