all repos — nixfiles @ 73f3ca04c8609e76867ea7a0118b211d19ae69a6

System and user configuration, managed by nix and home-manager

Remove acme-dns
Alan Pearce alan@alanpearce.eu
Wed, 27 Nov 2024 11:28:13 +0100
commit

73f3ca04c8609e76867ea7a0118b211d19ae69a6

parent

cbdcaf87398abde5c094952d6caaaaf185251ced

4 files changed, 3 insertions(+), 33 deletions(-)

jump to
D secrets/acme.age

Not showing binary file.

M secrets/secrets.nixsecrets/secrets.nix
@@ -11,8 +11,6 @@ nanopi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG/KOwhb4pyuw4U8hnkPAbRNk6o41Fmvsa67cY6MHA9k";   };
 
   secrets = with machines; {
-    acme = [ linde nanopi ];
-
     binarycache = [ linde ];
     paperless = [ linde ];
     powerdns = [ linde ];
M system/linde.nixsystem/linde.nix
@@ -39,7 +39,6 @@ owner = cfg.user;         mode = "400";
         symlink = false;
       };
-    acme.file = ../secrets/acme.age;
     binarycache.file = ../secrets/binarycache.age;
     dex.file = ../secrets/dex.age;
     powerdns.file = ../secrets/powerdns.age;
@@ -610,38 +609,12 @@ WorkingDirectory = config.services.paperless.dataDir;     };
   };
 
-  services.acme-dns = {
-    enable = true;
-    settings =
-      let
-        me = "acme.${domain}";
-      in
-      {
-        general = {
-          listen = "[${net-acmeip}]:53";
-          protocol = "both6";
-          domain = me;
-          nsname = me;
-          nsadmin = builtins.replaceStrings [ "@" ] [ "." ] config.security.acme.defaults.email;
-          records = [
-            "${me}. AAAA ${net-acmeip}"
-            "${me}. NS ${me}."
-          ];
-        };
-        api = {
-          ip = "[${net-acmeip}]";
-          tls = "letsencrypt";
-          port = 443;
-          notification-email = config.security.acme.defaults.email;
-        };
-      };
-  };
-
   security.acme = {
     defaults = {
       email = "alan@alanpearce.eu";
-      dnsProvider = "acme-dns";
-      credentialsFile = config.age.secrets.acme.path;
+      dnsProvider = "pdns";
+      dnsResolver = "1.1.1.1:53";
+      credentialsFile = config.age.secrets.powerdns.path;
       reloadServices = [ "caddy" ];
       validMinDays = 32;
     };
M system/nanopi.nixsystem/nanopi.nix
@@ -18,7 +18,6 @@ ]; 
   age.secrets = {
     dyndns.file = ../secrets/dyndns.age;
-    acme.file = ../secrets/acme.age;
     syncthing.file = ../secrets/syncthing.age;
   };