nixos/acme: Fix rate limiting of selfsigned services

Closes NixOS/nixpkgs#147348 I was able to reproduce this intermittently in the test suite during the tests for HTTPd. Adding StartLimitIntervalSec=0 to disable rate limiting for these services works fine. I added it anywhere there was a ConditionPathExists. (cherry picked from commit be952aba1cff795f61f1608cb265b829c57fcb8e)
author: Lucas Savva <lucas@m1cr0man.com> 2021-11-28 22:48:43 +0000
committer: github-actions[bot] <github-actions[bot]@users.noreply.github.com> 2021-11-29 11:02:56 +0000
commit: 045ce94e55b0bc25d8352d4b243ca5c6e56d9931 (patch)
tree: 3e1baa97dad3de7201b010459c6058580041ed52
parent: obelisk: 0.5.2 → 0.6.0 (diff)
download: nixpkgs-045ce94e55b0bc25d8352d4b243ca5c6e56d9931.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/nixos/modules/security/acme.nix b/nixos/modules/security/acme.nix
index 88c5774d187c..2815e2593b23 100644
--- a/nixos/modules/security/acme.nix
+++ b/nixos/modules/security/acme.nix
@@ -77,6 +77,7 @@ let
 
     unitConfig = {
       ConditionPathExists = "!/var/lib/acme/.minica/key.pem";
+      StartLimitIntervalSec = 0;
     };
 
     serviceConfig = commonServiceConfig // {
@@ -235,6 +236,7 @@ let
 
       unitConfig = {
         ConditionPathExists = "!/var/lib/acme/${cert}/key.pem";
+        StartLimitIntervalSec = 0;
       };
 
       serviceConfig = commonServiceConfig // {
author	Lucas Savva <lucas@m1cr0man.com>	2021-11-28 22:48:43 +0000
committer	github-actions[bot] <github-actions[bot]@users.noreply.github.com>	2021-11-29 11:02:56 +0000
commit	045ce94e55b0bc25d8352d4b243ca5c6e56d9931 (patch)
tree	3e1baa97dad3de7201b010459c6058580041ed52
parent	obelisk: 0.5.2 → 0.6.0 (diff)
download	nixpkgs-045ce94e55b0bc25d8352d4b243ca5c6e56d9931.tar.gz