ymir: rfc2136

author: Gregor Kleen <gkleen@yggdrasil.li> 2022-02-22 17:12:59 +0100
committer: Gregor Kleen <gkleen@yggdrasil.li> 2022-02-22 17:12:59 +0100
commit: 61a809078058b09a4e39c2e941056b91323555c0 (patch)
tree: 3e3a02a13c0f1a03f67d464c3be9c4fd05fa8ef1
parent: b18dfcc3020fb80c4680de980adc1f719bb371ac (diff)
download: nixos-61a809078058b09a4e39c2e941056b91323555c0.tar
nixos-61a809078058b09a4e39c2e941056b91323555c0.tar.gz
nixos-61a809078058b09a4e39c2e941056b91323555c0.tar.bz2
nixos-61a809078058b09a4e39c2e941056b91323555c0.tar.xz
nixos-61a809078058b09a4e39c2e941056b91323555c0.zip
1 files changed, 13 insertions, 2 deletions
diff --git a/ymir.nix b/ymir.nix
index 8f01ad6b..b1ba6033 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -806,11 +806,22 @@ in rec {
    certs = {
      "yggdrasil.li" = {
        group = "ssl";
-        webroot = "/srv/www/acme";
        email = "phikeebaogobaegh@141.li";
+        keyType = "rsa4096";
+        dnsProvider = "rfc2136";
+        credentialsFile = pkgs.writeText "rfc2136-credentials.env" ''
+          RFC2136_NAMESERVER=202.61.241.61:53
+          RFC2136_TSIG_ALGORITHM=hmac-sha256.
+          RFC2136_TSIG_KEY=ymir_acme_key
+          RFC2136_TSIG_SECRET_FILE=/etc/acme_tsig_secret
+          RFC2136_TTL=0
+          RFC2136_PROPAGATION_TIMEOUT=60
+          RFC2136_POLLING_INTERVAL=2
+        '';
+        dnsResolver = "127.0.0.1";
        extraDomainNames = myDomains;
        postRun = ''
-          systemctl reload nginx.service dovecot2.service postfix.service ejabberd.service vsftpd.service infinoted.service
+          systemctl try-reload-or-restart nginx.service dovecot2.service postfix.service ejabberd.service vsftpd.service infinoted.service
        '';
      };
    };
author	Gregor Kleen <gkleen@yggdrasil.li>	2022-02-22 17:12:59 +0100
committer	Gregor Kleen <gkleen@yggdrasil.li>	2022-02-22 17:12:59 +0100
commit	61a809078058b09a4e39c2e941056b91323555c0 (patch)
tree	3e3a02a13c0f1a03f67d464c3be9c4fd05fa8ef1
parent	b18dfcc3020fb80c4680de980adc1f719bb371ac (diff)
download	nixos-61a809078058b09a4e39c2e941056b91323555c0.tar nixos-61a809078058b09a4e39c2e941056b91323555c0.tar.gz nixos-61a809078058b09a4e39c2e941056b91323555c0.tar.bz2 nixos-61a809078058b09a4e39c2e941056b91323555c0.tar.xz nixos-61a809078058b09a4e39c2e941056b91323555c0.zip

diff --git a/ymir.nix b/ymir.nix index 8f01ad6b..b1ba6033 100644 --- a/ymir.nix +++ b/ymir.nix
@@ -806,11 +806,22 @@ in rec {
806	certs = {	806	certs = {
807	"yggdrasil.li" = {	807	"yggdrasil.li" = {
808	group = "ssl";	808	group = "ssl";
809	webroot = "/srv/www/acme";
810	email = "phikeebaogobaegh@141.li";	809	email = "phikeebaogobaegh@141.li";
		810	keyType = "rsa4096";
		811	dnsProvider = "rfc2136";
		812	credentialsFile = pkgs.writeText "rfc2136-credentials.env" ''
		813	RFC2136_NAMESERVER=202.61.241.61:53
		814	RFC2136_TSIG_ALGORITHM=hmac-sha256.
		815	RFC2136_TSIG_KEY=ymir_acme_key
		816	RFC2136_TSIG_SECRET_FILE=/etc/acme_tsig_secret
		817	RFC2136_TTL=0
		818	RFC2136_PROPAGATION_TIMEOUT=60
		819	RFC2136_POLLING_INTERVAL=2
		820	'';
		821	dnsResolver = "127.0.0.1";
811	extraDomainNames = myDomains;	822	extraDomainNames = myDomains;
812	postRun = ''	823	postRun = ''
813	systemctl reload nginx.service dovecot2.service postfix.service ejabberd.service vsftpd.service infinoted.service	824	systemctl try-reload-or-restart nginx.service dovecot2.service postfix.service ejabberd.service vsftpd.service infinoted.service
814	'';	825	'';
815	};	826	};
816	};	827	};