summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--hosts/surtr/dns/default.nix2
-rw-r--r--hosts/surtr/tls/default.nix5
2 files changed, 5 insertions, 2 deletions
diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix
index b5be6887..5f69c350 100644
--- a/hosts/surtr/dns/default.nix
+++ b/hosts/surtr/dns/default.nix
@@ -6,7 +6,7 @@ let
6 acmeChallengeZonefile = domain: let 6 acmeChallengeZonefile = domain: let
7 reverseDomain = concatStringsSep "." (reverseList (["_acme-challenge"] ++ splitString "." domain)); 7 reverseDomain = concatStringsSep "." (reverseList (["_acme-challenge"] ++ splitString "." domain));
8 in pkgs.writeText "${reverseDomain}.zone" '' 8 in pkgs.writeText "${reverseDomain}.zone" ''
9 $ORIGIN ${domain}. 9 $ORIGIN _acme-challenge.${domain}.
10 @ 3600 IN SOA _acme-challenge.${domain}. root.yggdrasil.li. 2022022102 7200 3600 86400 300 10 @ 3600 IN SOA _acme-challenge.${domain}. root.yggdrasil.li. 2022022102 7200 3600 86400 300
11 $TTL 300 11 $TTL 300
12 12
diff --git a/hosts/surtr/tls/default.nix b/hosts/surtr/tls/default.nix
index 936aa106..7e6b370c 100644
--- a/hosts/surtr/tls/default.nix
+++ b/hosts/surtr/tls/default.nix
@@ -94,7 +94,10 @@ in {
94 defaults = { 94 defaults = {
95 email = "phikeebaogobaegh@141.li"; 95 email = "phikeebaogobaegh@141.li";
96 keyType = "rsa4096"; # we don't like NIST curves 96 keyType = "rsa4096"; # we don't like NIST curves
97 # extraLegoFlags = ["--preferred-chain" "ISRG Root X1"]; 97 extraLegoFlags = [
98 "--always-deactivate-authorizations" "true"
99 # "--preferred-chain" "ISRG Root X1"
100 ];
98 }; 101 };
99 certs = 102 certs =
100 let 103 let