From debe685242991ccab9de21ed1906cac0098c7f7e Mon Sep 17 00:00:00 2001
From: Tom Prince <tom.prince@private.storage>
Date: Mon, 13 Sep 2021 20:34:40 -0600
Subject: [PATCH] Don't wait for cerbot before starting PaymentServer.

Since !146, PaymentServer is proxied behind nginx, so there is no need to wait
for certificates or network interfaces before starting the server.
---
 nixos/modules/issuer.nix | 20 --------------------
 1 file changed, 20 deletions(-)

diff --git a/nixos/modules/issuer.nix b/nixos/modules/issuer.nix
index 605cb93b..85c39c72 100644
--- a/nixos/modules/issuer.nix
+++ b/nixos/modules/issuer.nix
@@ -122,26 +122,6 @@ in {
       description = "ZKAP Issuer";
       wantedBy = [ "multi-user.target" ];
 
-      # Make sure we have a certificate the first time, if we are running over
-      # TLS and require a certificate.
-      # ACME will issue an interim self-signed certificate, which we want to
-      # use at least in the local dev network.  But if ACME cannot get the
-      # created key signed by LE (probably because the host is not reachable
-      # from outside, or the domain is not a legit TLD) the ACME cert service
-      # will "fail". We still want to start our PaymentServer. Hence a weaker
-      # "wants" instead of a "requires" dependency.
-      # When ACME receives a fully signed cert from LE, it will reload NGINX.
-      wants = lib.optional cfg.tls "${certServiceName}.service";
-
-      after = [
-        # Make sure there is a network so we can bind to all of the
-        # interfaces.
-        "network.target"
-      ] ++
-        # Make sure we run after the certificate is issued, if we are running
-        # over TLS and require a certificate.
-        lib.optional cfg.tls "${certServiceName}.service";
-
       # It really shouldn't ever exit on its own!  If it does, it's a bug
       # we'll have to fix.  Restart it and hope it doesn't happen too much
       # before we can fix whatever the issue is.
-- 
GitLab