re LE dns challenges: we’re using a module for acme.sh internally, it would be nice to see upstream at some point, maybe you’d like to collaborate on this?
As already mentioned, I’m working more on updating static-haskell-nix with the intent of moving more or all of it into nixpkgs, and getting Hydra CI it, because otherwise it can quickly break.
be able to join a domain with sssd (and be able to log-in with gdm)
secure boot
For sssd, I played with it in the past. I think I was able to log-in with the console but not with gdm. I’m not sure I could pull it off but I might try again.
I’m pretty sure secure boot is beyond my capabilities. I wont even try.
I really think that we can extend the acme service to have enough options to support many acme clients out there such as lego or certbot itself. We have some kind of “interface” already for the http challenge (i.e. where other services expect certs to be available on disk or the preDelay script…), we “just” need to make sure we have an interface for the DNS challenge too
I’ve been fixing some bugs in the acme client the past month, which should be merged soon.
Working with it, the interface so far is pretty tightly coupled to both simp_le and nginx I think it would be better to just start a new module with the idea of multiple challenges baked in from the get-go. I would not try to make it acme-client agnostic though; that seems to add needless complexity. we keep the old acme module and create a new lego module that supports multiple challenges and what not. Changing the old acme module to support multiple challenges and acme clients, whilst remaining backwards compatibility seems too much of a hassle to me.
Another nice addition (which I don’t think I will have time for) would be version 10.1 of the CUDA toolkit. It seems that the packaging format for .run files has changed (the Perl script is gone).