error on `nixops4 deploy test`: You must define `security.acme.`... #417

New issue

Closed

opened 2025-06-27 16:55:56 +02:00 by kiara · 2 comments

kiara commented

2025-06-27 16:55:56 +02:00

Owner

repro:

by cli (from #432):
1. enable any service in deployment/configuration.sample.json
2. nixops4 apply test
thru panel:
1. nix-shell panel --command 'manage runserver'
2. press deploy button at /configuration/
3. find error:
- You must define security.acme.certs.<name>.email or security.acme.defaults.email to register with the CA. Note that using many different addresses for certs may trigger account rate limits.
- You must accept the CA's terms of service before using the ACME module by setting security.acme.acceptTerms to true. For Let's Encrypt's ToS see https://letsencrypt.org/repository/

repro: - by cli (from #432): 1. enable any service in `deployment/configuration.sample.json` 1. `nixops4 apply test` - thru panel: 1. `nix-shell panel --command 'manage runserver'` 1. press deploy button at `/configuration/` 1. find error: > - You must define `security.acme.certs.<name>.email` or `security.acme.defaults.email` to register with the CA. Note that using many different addresses for certs may trigger account rate limits. > - You must accept the CA's terms of service before using the ACME module by setting `security.acme.acceptTerms` to `true`. For Let's Encrypt's ToS see https://letsencrypt.org/repository/

kiara added the

bug

label 2025-06-27 16:55:56 +02:00

kiara commented

2025-06-27 17:02:14 +02:00

Author

Owner

nixos module security.acme, used in services.ngninx, seems to throw this depending on its assertion resolving to config.security.acme.defaults.email != null || lib.all (certOpts: certOpts.email != null) (lib.attrValues config.security.acme.certs).

nixos module `security.acme`, used in `services.ngninx`, seems to [throw this](https://github.com/NixOS/nixpkgs/blob/c860cf0b3a0829f0f6cf344ca8de83a2bbfab428/nixos/modules/security/acme/default.nix#L1063-L1073) depending on its assertion resolving to `config.security.acme.defaults.email != null || lib.all (certOpts: certOpts.email != null) (lib.attrValues config.security.acme.certs)`.

~~kiara referenced this issue 2025-07-03 17:49:58 +02:00~~

WIP: add attic cache #397

kiara added a new dependency 2025-07-03 17:50:49 +02:00

#397 WIP: add attic cache

kiara changed title from ~~error on button: You must define security.acme....~~ to error on nixops4 deploy test: You must define security.acme....

2025-07-03 20:11:39 +02:00

kiara removed a dependency 2025-07-04 13:05:17 +02:00

#397 WIP: add attic cache

kiara commented

2025-07-04 15:43:27 +02:00

Author

Owner

bisect points to ee5c2b90b7, which moved security.acme configuration from services/fediversity/default.nix to services/vm/garage-vm.nix (as per the commit message: adding support for ACME certificates negotiation inside the NixOS test), whereas all services seemed to independently need it.

bisect points to ee5c2b90b7c2519e6970077bfcc95b71ecc8e9e3, which moved `security.acme` configuration from `services/fediversity/default.nix` to `services/vm/garage-vm.nix` (as per the commit message: adding support for ACME certificates negotiation inside the NixOS test), whereas all services seemed to independently need it.

kiara referenced this issue from a pull request that will close it,

2025-07-04 15:46:38 +02:00

reinstate acme settings needed by applications #434

kiara closed this issue

2025-07-08 10:02:15 +02:00

kiara referenced this issue from a commit

2025-07-08 10:02:16 +02:00

reinstate acme settings needed by applications (#434)