From db6630b0ea195ae26ea42ab58df44f7367a24adb Mon Sep 17 00:00:00 2001
From: Alan Pearce
Date: Sun, 12 May 2024 00:33:24 +0200
Subject: nanopi: disable DoH server (no public IPv4 address)

---
 system/nanopi.nix | 19 +------------------
 1 file changed, 1 insertion(+), 18 deletions(-)

(limited to 'system/nanopi.nix')

diff --git a/system/nanopi.nix b/system/nanopi.nix
index 070d4d43..9fc41095 100755
--- a/system/nanopi.nix
+++ b/system/nanopi.nix
@@ -768,18 +768,6 @@ in
     interface = "bridge0";
   };
 
-  security.acme = {
-    acceptTerms = true;
-    defaults.email = "tls@alanpearce.eu";
-    certs."dns.alanpearce.eu" = {
-      reloadServices = map (x: "kresd@${toString x}") (lib.range 1 config.services.kresd.instances);
-      dnsProvider = "pdns";
-      dnsResolver = "1.1.1.1:53";
-      credentialsFile = config.age.secrets.acme.path;
-      group = "knot-resolver";
-    };
-  };
-
   services.smartdns = {
     enable = false;
     bindPort = "5533";
@@ -808,13 +796,8 @@ in
     instances = 4;
     listenPlain = [ "[::1]:5553" ];
     # listenTLS = [ "853" ];
-    listenDoH = [ "[::1]:5443" ];
+    # listenDoH = [ "[::1]:5443" ];
     extraConfig = ''
-      net.tls(
-        '/var/lib/acme/dns.alanpearce.eu/cert.pem',
-        '/var/lib/acme/dns.alanpearce.eu/key.pem'
-      )
-
       -- Load useful modules
       modules = {
         'serve_stale < cache',
-- 
cgit 1.4.1