toph/dot.nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ACME dns propagation fix

Browse source
This commit is contained in:
Chris Toph 2025-04-29 15:51:35 -04:00
parent ce6c7db198
commit 2942d4bf9a
1 changed files with 14 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
hosts/common/optional/acme/default.nix
View file

@ -4,22 +4,27 @@
... ...
}: }:
let let
cloudflare = pkgs.writeTextFile { # Create a VERY simple environment file with absolutely minimal formatting
name = "cloudflare.ini"; cloudflareEnvFile = pkgs.writeText "cloudflare.env" ''
text = '' CLOUDFLARE_DNS_API_TOKEN=${config.secretsSpec.api.cloudflare}
CF_DNS_API_TOKEN=${config.secretsSpec.api.cloudflare} '';
'';
};
in in
{ {
environment.systemPackages = [ pkgs.lego ];
# letsencrypt
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
defaults = { defaults = {
email = "chris@toph.cc"; email = "chris@toph.cc";
dnsProvider = "cloudflare"; dnsProvider = "cloudflare"; # Use Cloudflare's DNS
environmentFile = cloudflare; environmentFile = cloudflareEnvFile;
enableDebugLogs = true;
extraLegoFlags = [
"--dns.resolvers=1.1.1.1:53,8.8.8.8:53"
"--dns.propagation-wait=60s" # Wait for 60 seconds for DNS propagation
"--dns-timeout=60"
"--http-timeout=60"
];
}; };
certs = { certs = {
"goldenlemon.cc" = { "goldenlemon.cc" = {