From 2942d4bf9a763826152cd4dbd3306ba2307bff76 Mon Sep 17 00:00:00 2001
From: Chris Toph <toph@ryot.foo>
Date: Tue, 29 Apr 2025 15:51:35 -0400
Subject: [PATCH] ACME dns propagation fix

---
 hosts/common/optional/acme/default.nix | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/hosts/common/optional/acme/default.nix b/hosts/common/optional/acme/default.nix
index 43a4d10..11c5a03 100644
--- a/hosts/common/optional/acme/default.nix
+++ b/hosts/common/optional/acme/default.nix
@@ -4,22 +4,27 @@
   ...
 }:
 let
-  cloudflare = pkgs.writeTextFile {
-    name = "cloudflare.ini";
-    text = ''
-      CF_DNS_API_TOKEN=${config.secretsSpec.api.cloudflare}
-    '';
-  };
+  # Create a VERY simple environment file with absolutely minimal formatting
+  cloudflareEnvFile = pkgs.writeText "cloudflare.env" ''
+    CLOUDFLARE_DNS_API_TOKEN=${config.secretsSpec.api.cloudflare}
+  '';
 in
 {
+  environment.systemPackages = [ pkgs.lego ];
 
-  # letsencrypt
   security.acme = {
     acceptTerms = true;
     defaults = {
       email = "chris@toph.cc";
-      dnsProvider = "cloudflare";
-      environmentFile = cloudflare;
+      dnsProvider = "cloudflare"; # Use Cloudflare's DNS
+      environmentFile = cloudflareEnvFile;
+      enableDebugLogs = true;
+      extraLegoFlags = [
+        "--dns.resolvers=1.1.1.1:53,8.8.8.8:53"
+        "--dns.propagation-wait=60s" # Wait for 60 seconds for DNS propagation
+        "--dns-timeout=60"
+        "--http-timeout=60"
+      ];
     };
     certs = {
       "goldenlemon.cc" = {