diff options
-rw-r--r-- | secrets/acme.age | bin | 708 -> 0 bytes | |||
-rw-r--r-- | secrets/secrets.nix | 2 | ||||
-rw-r--r-- | system/linde.nix | 33 | ||||
-rwxr-xr-x | system/nanopi.nix | 1 |
4 files changed, 3 insertions, 33 deletions
diff --git a/secrets/acme.age b/secrets/acme.age deleted file mode 100644 index efd8bf3a..00000000 --- a/secrets/acme.age +++ /dev/null Binary files differdiff --git a/secrets/secrets.nix b/secrets/secrets.nix index 75c174d1..1d2ea414 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -11,8 +11,6 @@ let }; secrets = with machines; { - acme = [ linde nanopi ]; - binarycache = [ linde ]; paperless = [ linde ]; powerdns = [ linde ]; diff --git a/system/linde.nix b/system/linde.nix index e5880491..8e6635b6 100644 --- a/system/linde.nix +++ b/system/linde.nix @@ -39,7 +39,6 @@ in mode = "400"; symlink = false; }; - acme.file = ../secrets/acme.age; binarycache.file = ../secrets/binarycache.age; dex.file = ../secrets/dex.age; powerdns.file = ../secrets/powerdns.age; @@ -610,38 +609,12 @@ in }; }; - services.acme-dns = { - enable = true; - settings = - let - me = "acme.${domain}"; - in - { - general = { - listen = "[${net-acmeip}]:53"; - protocol = "both6"; - domain = me; - nsname = me; - nsadmin = builtins.replaceStrings [ "@" ] [ "." ] config.security.acme.defaults.email; - records = [ - "${me}. AAAA ${net-acmeip}" - "${me}. NS ${me}." - ]; - }; - api = { - ip = "[${net-acmeip}]"; - tls = "letsencrypt"; - port = 443; - notification-email = config.security.acme.defaults.email; - }; - }; - }; - security.acme = { defaults = { email = "alan@alanpearce.eu"; - dnsProvider = "acme-dns"; - credentialsFile = config.age.secrets.acme.path; + dnsProvider = "pdns"; + dnsResolver = "1.1.1.1:53"; + credentialsFile = config.age.secrets.powerdns.path; reloadServices = [ "caddy" ]; validMinDays = 32; }; diff --git a/system/nanopi.nix b/system/nanopi.nix index 3a95ebfc..c3f36134 100755 --- a/system/nanopi.nix +++ b/system/nanopi.nix @@ -18,7 +18,6 @@ in age.secrets = { dyndns.file = ../secrets/dyndns.age; - acme.file = ../secrets/acme.age; syncthing.file = ../secrets/syncthing.age; }; |