From c61bf151883d569c4d0cf36cc8dece44045d8f4c Mon Sep 17 00:00:00 2001 From: Gabriel Arazas Date: Thu, 10 Oct 2024 12:35:37 +0800 Subject: [PATCH] hosts/plover: update DNS setup Which is no setup for now. It's a bit frustrating to deal with especially with the email stuff. On a future note, the DNS server should be on a separate machine. --- configs/nixos/plover/default.nix | 8 ++++---- configs/nixos/plover/secrets/secrets.yaml | 6 +++--- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/configs/nixos/plover/default.nix b/configs/nixos/plover/default.nix index 7b9cb813..4974bfe6 100644 --- a/configs/nixos/plover/default.nix +++ b/configs/nixos/plover/default.nix @@ -26,7 +26,6 @@ backup.enable = true; database.enable = true; firewall.enable = true; - dns-server.enable = true; idm.enable = true; monitoring.enable = true; reverse-proxy.enable = true; @@ -118,9 +117,10 @@ # self-hosted DNS server. security.acme.defaults = { email = "admin+acme@foodogsquared.one"; - dnsProvider = "rfc2136"; - dnsResolver = "1.1.1.1"; - credentialsFile = config.sops.secrets."lego/env".path or "/var/lib/secrets/acme.env"; + server = "https://acme-staging-v02.api.letsencrypt.org/directory"; + dnsProvider = "hetzner"; + environmentFile = config.sops.secrets."lego/env".path or "/var/lib/secrets/acme.env"; + enableDebugLogs = true; }; # Enable generating new DH params. diff --git a/configs/nixos/plover/secrets/secrets.yaml b/configs/nixos/plover/secrets/secrets.yaml index 207e2673..f2e0bfaf 100644 --- a/configs/nixos/plover/secrets/secrets.yaml +++ b/configs/nixos/plover/secrets/secrets.yaml @@ -20,7 +20,7 @@ gitea: smtp_password: ENC[AES256_GCM,data:PjpY7EZd13LK+3LaUle0BwrgXlBV9rFKHY2KYwarfm0=,iv:xgYgYE0grZUdwuX0pgfqfwx13TgVNrJGYIujqnIqbsk=,tag:VTvTzPsz+pu0knYGzgmhRg==,type:str] db_password: ENC[AES256_GCM,data:4wpMoLEXGlWy4NV4+Kx1qnNnsLa+IT4coJylqSzq9/0=,iv:vF/p8tvr5AXBQslj8eTyTAuXfxIYzqO/PeeffTSSzl8=,tag:s7sHzhWG9LMpDB7Kvwp7gA==,type:str] lego: - env: ENC[AES256_GCM,data:Vvv4UT41taMx//Ypa2mK5ol0UiRMdtLBNNL7VQqbL5pMO6VmSyOJaDQ2Vh9AKyTuTcWtCx2VZhwicnIFKhnZBn2ifrikpqGI6q9+1vtlK3Ys7/I6CTDhJFyWXvKda0CvJ9ygPW1Qw62ewmV0teXNPsU5dQnaH6x8z/yZUdwAjQD/6scwU1NUyAjY7PrqB1S2kQDhFDBFD0Oxl6tT+xN72obrgWrh+l7dxWRjhPbq6kce+UCPpvnxt9H5JlraZKnsMTRLoi7X+mXBS5XNmeyuQg==,iv:9GZ4BMkG7QI1mR5FgQD7obz6x9jP4DHuZXVgKHOHaR0=,tag:VxCaUOchmMAJvrb8kgIn8Q==,type:str] + env: ENC[AES256_GCM,data:+c+18e/KLtUILE0jE07VghXPRXh945Bk6cz8Fjjp2h3BiskPrrvNuCQ2LUFxLyx4Nw==,iv:iLSeExlsmJaNnJ5AgF0415uUTm4zl7dR5Fji22jUSpk=,tag:MU+1SKyjPiulAgOJuJEJqw==,type:str] ssh-key: ENC[AES256_GCM,data:1YT7wI4ykEi1dis8+MlkLStri2vuHJs9tHefMNEdc1hA7/1KeS5KE7QHyn5xOSvBd9kO/mUjVptxfGiooqRy6dMN4U0JG+Akr+Ybsr5F1+ZltDPKwOYcnBpK47S5wm70OM4f9oiki8hJ4i0LrtuQq1L2x0pCCLuH2kNxbMgOomaRl8zW9vgR2B1lisRMv4pugCrNRkhqT9K2WTO3wOCZu9wj/C0IQwg07G0fW7Vuvt/p0/+rktRKDtm5F0aR4h8A+fbU6BxCfaQjHvu+A5aVCb2nvPTPtX80pOTerrcSTZe6bG5biN0n1Rq6xm9TtHLXvqFDTc1ES6dlAs0P4IgipGOeaCEvhkp+zCBF7iBg9Xj0kIJlXU1v36W8Xu7az+8fgYZXmizwgkw2eVJYpAnPx6oRmXQYpvHgzZJuVdvH/33E7Lg7j067bKC73fbQwtV97vBHfF+rrtr7w6IYwmxpRavyuB5Ze7xx48oVvMCInIk09KV2W3+ad+dZxrtOyVJHXzvh+H1UJeuAHIbsoH1b2C1sqOuhgu2BtmKIrfW8hX8Tjfc=,iv:XZtcySi+/XwPstuNyGa/nubABg+SE1r6iIfM/4n1+8Q=,tag:19W88F4xAxujD7VYtuVjBg==,type:str] sops: kms: [] @@ -37,8 +37,8 @@ sops: UDZXbzZzTUJKWHFBNGxjcy9UdGxMSzAKtMdXLsuvsmpjoDAK1GZSDHBWTLAl5iJY NRGL2GSkh72m1tQ5AXma34DR7WBNgwSkedLP6p/TR/J1ABpMJa551Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-10-03T14:53:19Z" - mac: ENC[AES256_GCM,data:Nmh4zUDAbUOVJmQYA786anrLxQuDr1p1jn9M1VgcYpHC/SoVD7Hr/DQoShvHNRaEIelbd1xkno3c+tyr0bbclrrrQNQ29Hjx6P5MSjUSLdDn8oxyhD5Lh0oCmryDjdxmV8YtoE5wdCpHmKwEN2hjW1vicrQSUoL2vef0kr71tCc=,iv:I+ecWQewKHh7cYDL7+MEIdEDTyCebZPxXWCyQeL4PzE=,tag:VEUKJKbBNqTMiNxk17Fqmg==,type:str] + lastmodified: "2024-10-09T07:48:16Z" + mac: ENC[AES256_GCM,data:vzauIxAfAb0tFmo9fqhZKf45RBWSIzvbSbG2AfyuLTWQb7pDOHKp39u8Y8010SfMSwXOBmjXJEk767tFdScjtFG9FrKEI5lykkJxMvFB9XjWxBi7g9QcteasSgedDOXsMcxqu02JOp2yXvgkA/1pxK/mT2j/PPnsoLlkq4xlMco=,iv:ySRfJJk/WSRYOef+MEz1XCFFYx7WNCWRbgRUuduDTAo=,tag:kXqbuwSUXsFL3jjVjxIU2A==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0