acme: add missing setrlimit call for lego

[Mic92]

$ sudo journalctl _AUDIT_TYPE_NAME=SECCOMP -f
Oct 25 09:25:07 ***** audit[619521]: SECCOMP auid=4294967295 uid=996 gid=60 ses=4294967295 subj=kernel pid=619521 comm="lego" exe="/nix/store/pbpkp3yqj5raw05624xscsl5ix1xl73p-lego-4.9.0/bin/lego" sig=31 arch=c000003e syscall=160 compat=0 ip=0x4043ee code=0x80000000

Otherwise it crashes at startup.

Description of changes

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 22.11 Release Notes (or backporting 22.05 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
  • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
• Fits CONTRIBUTING.md.

[m1cr0man]

This might be a duplicate of #197513 , which was fixed in #197544 yesterday. Could you try with that patch please? It looks like the same error.

I jumped the gun, sorry. How did you reproduce this error? It's evidently not covered by the test suite

[Mic92]

You are right. I think f2831a9
should also fixes it. I did not had this commit on the machine, where I saw the error.