From ec9b96580fa810c8e0bb8e610fc1e16cbdddaebf Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sun, 30 May 2021 16:47:47 +0200
Subject: acme@surtr: ...

---
 hosts/surtr/dns/zones/org.rheperire.soa | 4 ++--
 hosts/surtr/tls.nix                     | 1 +
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/hosts/surtr/dns/zones/org.rheperire.soa b/hosts/surtr/dns/zones/org.rheperire.soa
index 173bb815..52bf9ad7 100644
--- a/hosts/surtr/dns/zones/org.rheperire.soa
+++ b/hosts/surtr/dns/zones/org.rheperire.soa
@@ -1,7 +1,7 @@
 $ORIGIN rheperire.org.
 $TTL 3600
 @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. (
-  2021053001 ; serial
+  2021053003 ; serial
   10800      ; refresh
   3600       ; retry
   604800     ; expire
@@ -22,4 +22,4 @@ $TTL 3600
 *			IN	MX	0 ymir.yggdrasil.li.
 *			IN	TXT	"v=spf1 redirect=yggdrasil.li"
 
-_acme-challenge   300   IN      TXT     ""
+_acme-challenge      60 IN      TXT     "v=spf1 redirect=yggdrasil.li"
diff --git a/hosts/surtr/tls.nix b/hosts/surtr/tls.nix
index 099d1ee9..73aaba07 100644
--- a/hosts/surtr/tls.nix
+++ b/hosts/surtr/tls.nix
@@ -4,6 +4,7 @@ let
   
   knotDNSCredentials = zone: pkgs.writeText "lego-credentials" ''
     EXEC_PATH=${knotDNSExec zone}/bin/update-dns.sh
+    EXEC_PROPAGATION_TIMEOUT=600
   '';
   knotDNSExec = zone: pkgs.writeScriptBin "update-dns.sh" ''
     #!${pkgs.zsh}/bin/zsh -xe
-- 
cgit v1.2.3