Remove acme-dns
Alan Pearce alan@alanpearce.eu
Wed, 27 Nov 2024 11:28:13 +0100
4 files changed, 3 insertions(+), 33 deletions(-)
M secrets/secrets.nix → secrets/secrets.nix
@@ -11,8 +11,6 @@ nanopi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG/KOwhb4pyuw4U8hnkPAbRNk6o41Fmvsa67cY6MHA9k"; }; secrets = with machines; { - acme = [ linde nanopi ]; - binarycache = [ linde ]; paperless = [ linde ]; powerdns = [ linde ];
M system/linde.nix → system/linde.nix
@@ -39,7 +39,6 @@ owner = cfg.user; mode = "400"; symlink = false; }; - acme.file = ../secrets/acme.age; binarycache.file = ../secrets/binarycache.age; dex.file = ../secrets/dex.age; powerdns.file = ../secrets/powerdns.age; @@ -610,38 +609,12 @@ WorkingDirectory = config.services.paperless.dataDir; }; }; - services.acme-dns = { - enable = true; - settings = - let - me = "acme.${domain}"; - in - { - general = { - listen = "[${net-acmeip}]:53"; - protocol = "both6"; - domain = me; - nsname = me; - nsadmin = builtins.replaceStrings [ "@" ] [ "." ] config.security.acme.defaults.email; - records = [ - "${me}. AAAA ${net-acmeip}" - "${me}. NS ${me}." - ]; - }; - api = { - ip = "[${net-acmeip}]"; - tls = "letsencrypt"; - port = 443; - notification-email = config.security.acme.defaults.email; - }; - }; - }; - security.acme = { defaults = { email = "alan@alanpearce.eu"; - dnsProvider = "acme-dns"; - credentialsFile = config.age.secrets.acme.path; + dnsProvider = "pdns"; + dnsResolver = "1.1.1.1:53"; + credentialsFile = config.age.secrets.powerdns.path; reloadServices = [ "caddy" ]; validMinDays = 32; };
M system/nanopi.nix → system/nanopi.nix
@@ -18,7 +18,6 @@ ]; age.secrets = { dyndns.file = ../secrets/dyndns.age; - acme.file = ../secrets/acme.age; syncthing.file = ../secrets/syncthing.age; };