all repos — nixfiles @ db6630b0ea195ae26ea42ab58df44f7367a24adb

System and user configuration, managed by nix and home-manager

nanopi: disable DoH server (no public IPv4 address)

Alan Pearce
commit

db6630b0ea195ae26ea42ab58df44f7367a24adb

parent

9fd6c4a4d3ec4f0e4e11b7b3faa0dfbeb6d02705

1 file changed, 1 insertion(+), 18 deletions(-)

jump to
M system/nanopi.nixsystem/nanopi.nix
@@ -768,18 +768,6 @@ enable = true;
interface = "bridge0"; }; - security.acme = { - acceptTerms = true; - defaults.email = "tls@alanpearce.eu"; - certs."dns.alanpearce.eu" = { - reloadServices = map (x: "kresd@${toString x}") (lib.range 1 config.services.kresd.instances); - dnsProvider = "pdns"; - dnsResolver = "1.1.1.1:53"; - credentialsFile = config.age.secrets.acme.path; - group = "knot-resolver"; - }; - }; - services.smartdns = { enable = false; bindPort = "5533";
@@ -808,13 +796,8 @@ enable = true;
instances = 4; listenPlain = [ "[::1]:5553" ]; # listenTLS = [ "853" ]; - listenDoH = [ "[::1]:5443" ]; + # listenDoH = [ "[::1]:5443" ]; extraConfig = '' - net.tls( - '/var/lib/acme/dns.alanpearce.eu/cert.pem', - '/var/lib/acme/dns.alanpearce.eu/key.pem' - ) - -- Load useful modules modules = { 'serve_stale < cache',