toph/dot.nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ACME dns propagation fix

Browse source
This commit is contained in:
Chris Toph 2025-04-29 15:51:35 -04:00
parent ce6c7db198
commit 2942d4bf9a
1 changed files with 14 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
hosts/common/optional/acme/default.nix
View file

@ -4,22 +4,27 @@
...
}:
let
cloudflare = pkgs.writeTextFile {
name = "cloudflare.ini";
text = ''
CF_DNS_API_TOKEN=${config.secretsSpec.api.cloudflare}
'';
};
# Create a VERY simple environment file with absolutely minimal formatting
cloudflareEnvFile = pkgs.writeText "cloudflare.env" ''
CLOUDFLARE_DNS_API_TOKEN=${config.secretsSpec.api.cloudflare}
'';
in
{
environment.systemPackages = [ pkgs.lego ];
# letsencrypt
security.acme = {
acceptTerms = true;
defaults = {
email = "chris@toph.cc";
dnsProvider = "cloudflare";
environmentFile = cloudflare;
dnsProvider = "cloudflare"; # Use Cloudflare's DNS
environmentFile = cloudflareEnvFile;
enableDebugLogs = true;
extraLegoFlags = [
"--dns.resolvers=1.1.1.1:53,8.8.8.8:53"
"--dns.propagation-wait=60s" # Wait for 60 seconds for DNS propagation
"--dns-timeout=60"
"--http-timeout=60"
];
};
certs = {
"goldenlemon.cc" = {