diff options
Diffstat (limited to 'hosts/surtr/tls/default.nix')
| -rw-r--r-- | hosts/surtr/tls/default.nix | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/hosts/surtr/tls/default.nix b/hosts/surtr/tls/default.nix index 2c346baa..edec60b1 100644 --- a/hosts/surtr/tls/default.nix +++ b/hosts/surtr/tls/default.nix | |||
| @@ -58,16 +58,18 @@ in { | |||
| 58 | extraDomainNames = optional domainCfg.wildcard "*.${domain}"; | 58 | extraDomainNames = optional domainCfg.wildcard "*.${domain}"; |
| 59 | dnsResolver = "127.0.0.1:53"; | 59 | dnsResolver = "127.0.0.1:53"; |
| 60 | dnsProvider = "rfc2136"; | 60 | dnsProvider = "rfc2136"; |
| 61 | credentialsFile = pkgs.writeText "${domain}_credentials.env" '' | 61 | environmentFile = pkgs.writeText "${domain}_credentials.env" '' |
| 62 | RFC2136_NAMESERVER=127.0.0.1:53 | 62 | RFC2136_NAMESERVER=127.0.0.1:53 |
| 63 | RFC2136_TSIG_ALGORITHM=hmac-sha256. | 63 | RFC2136_TSIG_ALGORITHM=hmac-sha256. |
| 64 | RFC2136_TSIG_KEY=${domain}_acme_key | 64 | RFC2136_TSIG_KEY=${domain}_acme_key |
| 65 | RFC2136_TSIG_SECRET_FILE=/run/credentials/acme-order-renew-${domain}.service/${tsigSecretName domain} | ||
| 66 | RFC2136_TTL=0 | 65 | RFC2136_TTL=0 |
| 67 | RFC2136_PROPAGATION_TIMEOUT=60 | 66 | RFC2136_PROPAGATION_TIMEOUT=60 |
| 68 | RFC2136_POLLING_INTERVAL=2 | 67 | RFC2136_POLLING_INTERVAL=2 |
| 69 | RFC2136_SEQUENCE_INTERVAL=1 | 68 | RFC2136_SEQUENCE_INTERVAL=1 |
| 70 | ''; | 69 | ''; |
| 70 | credentialFiles = { | ||
| 71 | RFC2136_TSIG_SECRET_FILE = "/run/credentials/acme-order-renew-${domain}.service/${tsigSecretName domain}"; | ||
| 72 | }; | ||
| 71 | dnsPropagationCheck = false; | 73 | dnsPropagationCheck = false; |
| 72 | postRun = mkIf (domainCfg.restartUnits != []) '' | 74 | postRun = mkIf (domainCfg.restartUnits != []) '' |
| 73 | systemctl --no-block try-restart ${escapeShellArgs domainCfg.restartUnits} | 75 | systemctl --no-block try-restart ${escapeShellArgs domainCfg.restartUnits} |