elrond fix acme cert stuff

2024-03-29 19:24:52 +01:00 · 2024-03-29 19:24:52 +01:00 · a976c3a1e1
parent 0c34bf52aa
commit a976c3a1e1
3 changed files with 18 additions and 10 deletions
--- a/machines/elrond/configuration.nix
+++ b/machines/elrond/configuration.nix
@ -22,7 +22,6 @@
  networking.useDHCP = false;                   
  networking.interfaces.ens3.useDHCP = true; # lmao interface is not constant. I really only want to use dhcp att all so could remove this in favor of the old way.
  networking.hostName = "elrond"; # Define your hostname.
-  networking.domain = "addictedmaker.eu"; # Define your domain.
  
  boot.kernel.sysctl = {
 	"net.ipv4.conf.all.forwarding" = true;
--- a/profiles/webhost.nix
+++ b/profiles/webhost.nix
@ -6,7 +6,7 @@ imports =
      ./sops.nix
      ../services/nginx.nix
      #../services/authelia.nix
-      ../services/fail2ban.nix
+      #../services/fail2ban.nix
    ];

 }
--- a/services/nginx.nix
+++ b/services/nginx.nix
@ -6,26 +6,35 @@
    restartUnits = [ "nginx.service" ];
    owner = "nginx";
  };
-  networking.domain = "addictedmaker.eu";
+
+
+  networking.enableIPv6 = false; # lol for some reason acme works without ipv6
+
+  networking.domain = "lauterer.it";
  #acme and certs helpful blog https://carjorvaz.com/posts/
  security.acme = {
    acceptTerms = true;
    defaults.email = "adrian+acme@lauterer.it";
-    
    certs."${config.networking.domain}" = {
-      domain = "${config.networking.domain}";
+      domain = "*.${config.networking.domain}";
      extraDomainNames = [ 
-        "*.${config.networking.domain}"
+        "${config.networking.domain}"
        #"${config.networking.domain}"
        #"lauterer.it"
-        "*.lauterer.it"
-        "*.256.no"
+        #"*.lauterer.it"
+        #"*.256.no"
      ];
+      
+      #server = "https://acme-staging-v02.api.letsencrypt.org/directory"; #for testing.
+      enableDebugLogs = true;
+
+
+
+      dnsResolver = "ns1.hyp.net:53";
      dnsProvider = "domeneshop";   # from here according to provider https://go-acme.github.io/lego/dns/ 
      dnsPropagationCheck = true;
      #need to manually create this file according to dnsprovider secrets, and format of key according to lego in privider and add to secrets.yaml
-      #credentialsFile =  config.sops.secrets."acme/certs".path; 
-      credentialsFile =  "/run/secrets/acme/certs"; 
+      credentialsFile =  config.sops.secrets."acme/certs".path; 
    };
  };