summaryrefslogtreecommitdiff
path: root/hosts/surtr
diff options
context:
space:
mode:
Diffstat (limited to 'hosts/surtr')
-rw-r--r--hosts/surtr/tls.nix7
1 files changed, 5 insertions, 2 deletions
diff --git a/hosts/surtr/tls.nix b/hosts/surtr/tls.nix
index 17de1319..b5694c9b 100644
--- a/hosts/surtr/tls.nix
+++ b/hosts/surtr/tls.nix
@@ -87,7 +87,11 @@ in {
87 security.acme = { 87 security.acme = {
88 acceptTerms = true; 88 acceptTerms = true;
89 preliminarySelfsigned = true; # DNS challenge is slow 89 preliminarySelfsigned = true; # DNS challenge is slow
90 defaults.email = "phikeebaogobaegh@141.li"; 90 defaults = {
91 email = "phikeebaogobaegh@141.li";
92 keyType = "rsa4096"; # we don't like NIST curves
93 extraLegoFlags = ["--preferred-chain" "ISRG Root X1"];
94 };
91 certs = 95 certs =
92 let 96 let
93 domainAttrset = domain: { 97 domainAttrset = domain: {
@@ -96,7 +100,6 @@ in {
96 dnsProvider = "exec"; 100 dnsProvider = "exec";
97 credentialsFile = knotDNSCredentials domain; 101 credentialsFile = knotDNSCredentials domain;
98 dnsResolver = "1.1.1.1:53"; 102 dnsResolver = "1.1.1.1:53";
99 keyType = "rsa4096"; # we don't like NIST curves
100 } // cfg.domains.${domain}.certCfg; 103 } // cfg.domains.${domain}.certCfg;
101 in genAttrs (attrNames cfg.domains) domainAttrset; 104 in genAttrs (attrNames cfg.domains) domainAttrset;
102 }; 105 };