summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2022-02-22 17:12:59 +0100
committerGregor Kleen <gkleen@yggdrasil.li>2022-02-22 17:12:59 +0100
commit61a809078058b09a4e39c2e941056b91323555c0 (patch)
tree3e3a02a13c0f1a03f67d464c3be9c4fd05fa8ef1
parentb18dfcc3020fb80c4680de980adc1f719bb371ac (diff)
downloadnixos-61a809078058b09a4e39c2e941056b91323555c0.tar
nixos-61a809078058b09a4e39c2e941056b91323555c0.tar.gz
nixos-61a809078058b09a4e39c2e941056b91323555c0.tar.bz2
nixos-61a809078058b09a4e39c2e941056b91323555c0.tar.xz
nixos-61a809078058b09a4e39c2e941056b91323555c0.zip
ymir: rfc2136
-rw-r--r--ymir.nix15
1 files changed, 13 insertions, 2 deletions
diff --git a/ymir.nix b/ymir.nix
index 8f01ad6b..b1ba6033 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -806,11 +806,22 @@ in rec {
806 certs = { 806 certs = {
807 "yggdrasil.li" = { 807 "yggdrasil.li" = {
808 group = "ssl"; 808 group = "ssl";
809 webroot = "/srv/www/acme";
810 email = "phikeebaogobaegh@141.li"; 809 email = "phikeebaogobaegh@141.li";
810 keyType = "rsa4096";
811 dnsProvider = "rfc2136";
812 credentialsFile = pkgs.writeText "rfc2136-credentials.env" ''
813 RFC2136_NAMESERVER=202.61.241.61:53
814 RFC2136_TSIG_ALGORITHM=hmac-sha256.
815 RFC2136_TSIG_KEY=ymir_acme_key
816 RFC2136_TSIG_SECRET_FILE=/etc/acme_tsig_secret
817 RFC2136_TTL=0
818 RFC2136_PROPAGATION_TIMEOUT=60
819 RFC2136_POLLING_INTERVAL=2
820 '';
821 dnsResolver = "127.0.0.1";
811 extraDomainNames = myDomains; 822 extraDomainNames = myDomains;
812 postRun = '' 823 postRun = ''
813 systemctl reload nginx.service dovecot2.service postfix.service ejabberd.service vsftpd.service infinoted.service 824 systemctl try-reload-or-restart nginx.service dovecot2.service postfix.service ejabberd.service vsftpd.service infinoted.service
814 ''; 825 '';
815 }; 826 };
816 }; 827 };