summary refs log tree commit diff stats
diff options
context:
space:
mode:
-rw-r--r--secrets/acme.agebin708 -> 0 bytes
-rw-r--r--secrets/secrets.nix2
-rw-r--r--system/linde.nix33
-rwxr-xr-xsystem/nanopi.nix1
4 files changed, 3 insertions, 33 deletions
diff --git a/secrets/acme.age b/secrets/acme.age
deleted file mode 100644
index efd8bf3a..00000000
--- a/secrets/acme.age
+++ /dev/null
Binary files differdiff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 75c174d1..1d2ea414 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -11,8 +11,6 @@ let
   };
 
   secrets = with machines; {
-    acme = [ linde nanopi ];
-
     binarycache = [ linde ];
     paperless = [ linde ];
     powerdns = [ linde ];
diff --git a/system/linde.nix b/system/linde.nix
index e5880491..8e6635b6 100644
--- a/system/linde.nix
+++ b/system/linde.nix
@@ -39,7 +39,6 @@ in
         mode = "400";
         symlink = false;
       };
-    acme.file = ../secrets/acme.age;
     binarycache.file = ../secrets/binarycache.age;
     dex.file = ../secrets/dex.age;
     powerdns.file = ../secrets/powerdns.age;
@@ -610,38 +609,12 @@ in
     };
   };
 
-  services.acme-dns = {
-    enable = true;
-    settings =
-      let
-        me = "acme.${domain}";
-      in
-      {
-        general = {
-          listen = "[${net-acmeip}]:53";
-          protocol = "both6";
-          domain = me;
-          nsname = me;
-          nsadmin = builtins.replaceStrings [ "@" ] [ "." ] config.security.acme.defaults.email;
-          records = [
-            "${me}. AAAA ${net-acmeip}"
-            "${me}. NS ${me}."
-          ];
-        };
-        api = {
-          ip = "[${net-acmeip}]";
-          tls = "letsencrypt";
-          port = 443;
-          notification-email = config.security.acme.defaults.email;
-        };
-      };
-  };
-
   security.acme = {
     defaults = {
       email = "alan@alanpearce.eu";
-      dnsProvider = "acme-dns";
-      credentialsFile = config.age.secrets.acme.path;
+      dnsProvider = "pdns";
+      dnsResolver = "1.1.1.1:53";
+      credentialsFile = config.age.secrets.powerdns.path;
       reloadServices = [ "caddy" ];
       validMinDays = 32;
     };
diff --git a/system/nanopi.nix b/system/nanopi.nix
index 3a95ebfc..c3f36134 100755
--- a/system/nanopi.nix
+++ b/system/nanopi.nix
@@ -18,7 +18,6 @@ in
 
   age.secrets = {
     dyndns.file = ../secrets/dyndns.age;
-    acme.file = ../secrets/acme.age;
     syncthing.file = ../secrets/syncthing.age;
   };