all repos — nixfiles @ db6630b0ea195ae26ea42ab58df44f7367a24adb

System and user configuration, managed by nix and home-manager

nanopi: disable DoH server (no public IPv4 address)
Alan Pearce alan@alanpearce.eu
Sun, 12 May 2024 00:33:24 +0200
commit

db6630b0ea195ae26ea42ab58df44f7367a24adb

parent

9fd6c4a4d3ec4f0e4e11b7b3faa0dfbeb6d02705

1 files changed, 1 insertions(+), 18 deletions(-)

jump to
M system/nanopi.nixsystem/nanopi.nix
@@ -768,18 +768,6 @@ enable = true;     interface = "bridge0";
   };
 
-  security.acme = {
-    acceptTerms = true;
-    defaults.email = "tls@alanpearce.eu";
-    certs."dns.alanpearce.eu" = {
-      reloadServices = map (x: "kresd@${toString x}") (lib.range 1 config.services.kresd.instances);
-      dnsProvider = "pdns";
-      dnsResolver = "1.1.1.1:53";
-      credentialsFile = config.age.secrets.acme.path;
-      group = "knot-resolver";
-    };
-  };
-
   services.smartdns = {
     enable = false;
     bindPort = "5533";
@@ -808,13 +796,8 @@ enable = true;     instances = 4;
     listenPlain = [ "[::1]:5553" ];
     # listenTLS = [ "853" ];
-    listenDoH = [ "[::1]:5443" ];
+    # listenDoH = [ "[::1]:5443" ];
     extraConfig = ''
-      net.tls(
-        '/var/lib/acme/dns.alanpearce.eu/cert.pem',
-        '/var/lib/acme/dns.alanpearce.eu/key.pem'
-      )
-
       -- Load useful modules
       modules = {
         'serve_stale < cache',