From 9864fbb0ccbc22a38ac8956d50c1c8a77613ea39 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sun, 30 May 2021 16:56:12 +0200
Subject: acme@surtr: ...

---
 hosts/surtr/dns/zones/org.rheperire.soa | 7 ++++++-
 hosts/surtr/tls.nix                     | 4 +++-
 2 files changed, 9 insertions(+), 2 deletions(-)

(limited to 'hosts/surtr')

diff --git a/hosts/surtr/dns/zones/org.rheperire.soa b/hosts/surtr/dns/zones/org.rheperire.soa
index 8d6528ca..b36b7b6d 100644
--- a/hosts/surtr/dns/zones/org.rheperire.soa
+++ b/hosts/surtr/dns/zones/org.rheperire.soa
@@ -1,7 +1,7 @@
 $ORIGIN rheperire.org.
 $TTL 3600
 @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. (
-  2021053006 ; serial
+  2021053007 ; serial
   10800      ; refresh
   3600       ; retry
   604800     ; expire
@@ -21,3 +21,8 @@ $TTL 3600
 *			IN	AAAA	2a03:4000:6:d004::
 *			IN	MX	0 ymir.yggdrasil.li.
 *			IN	TXT	"v=spf1 redirect=yggdrasil.li"
+
+_acme-challenge		IN	A	188.68.51.254
+_acme-challenge		IN	AAAA	2a03:4000:6:d004::
+_acme-challenge		IN	MX	0 ymir.yggdrasil.li.
+_acme-challenge	     60 IN	TXT	"v=spf1 redirect=yggdrasil.li"
diff --git a/hosts/surtr/tls.nix b/hosts/surtr/tls.nix
index cc868f45..9cd6bd0c 100644
--- a/hosts/surtr/tls.nix
+++ b/hosts/surtr/tls.nix
@@ -4,6 +4,8 @@ let
   
   knotDNSCredentials = zone: pkgs.writeText "lego-credentials" ''
     EXEC_PATH=${knotDNSExec zone}/bin/update-dns.sh
+    EXEC_PROPAGATION_TIMEOUT=600
+    EXEC_POLLING_INTERVAL=10
   '';
   knotDNSExec = zone: pkgs.writeScriptBin "update-dns.sh" ''
     #!${pkgs.zsh}/bin/zsh -xe
@@ -49,7 +51,7 @@ in {
           extraDomainNames = [ "*.rheperire.org" ];
           dnsProvider = "exec";
           credentialsFile = knotDNSCredentials "rheperire.org";
-          dnsPropagationCheck = false;
+          dnsResolver = "1.1.1.1:53";
         };
       };
     };
-- 
cgit v1.2.3