summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--hosts/surtr/dns/zones/org.rheperire.soa7
-rw-r--r--hosts/surtr/tls.nix4
2 files changed, 9 insertions, 2 deletions
diff --git a/hosts/surtr/dns/zones/org.rheperire.soa b/hosts/surtr/dns/zones/org.rheperire.soa
index 8d6528ca..b36b7b6d 100644
--- a/hosts/surtr/dns/zones/org.rheperire.soa
+++ b/hosts/surtr/dns/zones/org.rheperire.soa
@@ -1,7 +1,7 @@
1$ORIGIN rheperire.org. 1$ORIGIN rheperire.org.
2$TTL 3600 2$TTL 3600
3@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( 3@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. (
4 2021053006 ; serial 4 2021053007 ; serial
5 10800 ; refresh 5 10800 ; refresh
6 3600 ; retry 6 3600 ; retry
7 604800 ; expire 7 604800 ; expire
@@ -21,3 +21,8 @@ $TTL 3600
21* IN AAAA 2a03:4000:6:d004:: 21* IN AAAA 2a03:4000:6:d004::
22* IN MX 0 ymir.yggdrasil.li. 22* IN MX 0 ymir.yggdrasil.li.
23* IN TXT "v=spf1 redirect=yggdrasil.li" 23* IN TXT "v=spf1 redirect=yggdrasil.li"
24
25_acme-challenge IN A 188.68.51.254
26_acme-challenge IN AAAA 2a03:4000:6:d004::
27_acme-challenge IN MX 0 ymir.yggdrasil.li.
28_acme-challenge 60 IN TXT "v=spf1 redirect=yggdrasil.li"
diff --git a/hosts/surtr/tls.nix b/hosts/surtr/tls.nix
index cc868f45..9cd6bd0c 100644
--- a/hosts/surtr/tls.nix
+++ b/hosts/surtr/tls.nix
@@ -4,6 +4,8 @@ let
4 4
5 knotDNSCredentials = zone: pkgs.writeText "lego-credentials" '' 5 knotDNSCredentials = zone: pkgs.writeText "lego-credentials" ''
6 EXEC_PATH=${knotDNSExec zone}/bin/update-dns.sh 6 EXEC_PATH=${knotDNSExec zone}/bin/update-dns.sh
7 EXEC_PROPAGATION_TIMEOUT=600
8 EXEC_POLLING_INTERVAL=10
7 ''; 9 '';
8 knotDNSExec = zone: pkgs.writeScriptBin "update-dns.sh" '' 10 knotDNSExec = zone: pkgs.writeScriptBin "update-dns.sh" ''
9 #!${pkgs.zsh}/bin/zsh -xe 11 #!${pkgs.zsh}/bin/zsh -xe
@@ -49,7 +51,7 @@ in {
49 extraDomainNames = [ "*.rheperire.org" ]; 51 extraDomainNames = [ "*.rheperire.org" ];
50 dnsProvider = "exec"; 52 dnsProvider = "exec";
51 credentialsFile = knotDNSCredentials "rheperire.org"; 53 credentialsFile = knotDNSCredentials "rheperire.org";
52 dnsPropagationCheck = false; 54 dnsResolver = "1.1.1.1:53";
53 }; 55 };
54 }; 56 };
55 }; 57 };