nixos/acme: allow setting security.acme.defaults.server = null to keep old accounts directory

The accounts directory is based on the hash of the settings.

https://github.com/NixOS/nixpkgs/pull/270221 changed the  default of
security.acme.defaults.server from null to the default letsencrypt URL
however as an unwanted side effect this means the accounts directory
changes and the ACME module will create a new a new account.

This can cause issues with people using CAA records that pin the
account ID or people who have datacenter-scale NixOS deployments

We allow setting this option to null again for people who want
to keep the old account and migrate at their own leisure.

Fixes https://github.com/NixOS/nixpkgs/issues/316608

Co-authored-by: Arian van Putten <arian.vanputten@gmail.com>

1 files changed, 1 insertions, 1 deletions

diff --git a/nixos/modules/security/acme/default.nix b/nixos/modules/security/acme/default.nix
index 5ffafdc37fefb..83581d02840ed 100644
--- a/nixos/modules/security/acme/default.nix
+++ b/nixos/modules/security/acme/default.nix
@@ -545,7 +545,7 @@ let
       };
 
       server = mkOption {
-        type = types.str;
+        type = types.nullOr types.str;
         inherit (defaultAndText "server" "https://acme-v02.api.letsencrypt.org/directory") default defaultText;
         example = "https://acme-staging-v02.api.letsencrypt.org/directory";
         description = ''