nixos/acme: add random delay to timer

This way we behave like good citizens and won't overload Let's Encrypt
with lots of cert renewal requests at the same time.

1 files changed, 2 insertions, 0 deletions

diff --git a/nixos/modules/security/acme.nix b/nixos/modules/security/acme.nix
index 726e54711410..4e7c966a463a 100644
--- a/nixos/modules/security/acme.nix
+++ b/nixos/modules/security/acme.nix
@@ -284,6 +284,8 @@ in
             OnCalendar = cfg.renewInterval;
             Unit = "acme-${cert}.service";
             Persistent = "yes";
+            AccuracySec = "5m";
+            RandomizedDelaySec = "1h";
           };
         })
       );