diff options
-rw-r--r-- | hosts/surtr/dns/default.nix | 2 | ||||
-rw-r--r-- | hosts/surtr/tls/default.nix | 5 |
2 files changed, 5 insertions, 2 deletions
diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix index b5be6887..5f69c350 100644 --- a/hosts/surtr/dns/default.nix +++ b/hosts/surtr/dns/default.nix | |||
@@ -6,7 +6,7 @@ let | |||
6 | acmeChallengeZonefile = domain: let | 6 | acmeChallengeZonefile = domain: let |
7 | reverseDomain = concatStringsSep "." (reverseList (["_acme-challenge"] ++ splitString "." domain)); | 7 | reverseDomain = concatStringsSep "." (reverseList (["_acme-challenge"] ++ splitString "." domain)); |
8 | in pkgs.writeText "${reverseDomain}.zone" '' | 8 | in pkgs.writeText "${reverseDomain}.zone" '' |
9 | $ORIGIN ${domain}. | 9 | $ORIGIN _acme-challenge.${domain}. |
10 | @ 3600 IN SOA _acme-challenge.${domain}. root.yggdrasil.li. 2022022102 7200 3600 86400 300 | 10 | @ 3600 IN SOA _acme-challenge.${domain}. root.yggdrasil.li. 2022022102 7200 3600 86400 300 |
11 | $TTL 300 | 11 | $TTL 300 |
12 | 12 | ||
diff --git a/hosts/surtr/tls/default.nix b/hosts/surtr/tls/default.nix index 936aa106..7e6b370c 100644 --- a/hosts/surtr/tls/default.nix +++ b/hosts/surtr/tls/default.nix | |||
@@ -94,7 +94,10 @@ in { | |||
94 | defaults = { | 94 | defaults = { |
95 | email = "phikeebaogobaegh@141.li"; | 95 | email = "phikeebaogobaegh@141.li"; |
96 | keyType = "rsa4096"; # we don't like NIST curves | 96 | keyType = "rsa4096"; # we don't like NIST curves |
97 | # extraLegoFlags = ["--preferred-chain" "ISRG Root X1"]; | 97 | extraLegoFlags = [ |
98 | "--always-deactivate-authorizations" "true" | ||
99 | # "--preferred-chain" "ISRG Root X1" | ||
100 | ]; | ||
98 | }; | 101 | }; |
99 | certs = | 102 | certs = |
100 | let | 103 | let |