diff --git a/cluster/services/certificates/internal-wildcard.nix b/cluster/services/certificates/internal-wildcard.nix index 596bfff..8e1c3ca 100644 --- a/cluster/services/certificates/internal-wildcard.nix +++ b/cluster/services/certificates/internal-wildcard.nix @@ -11,7 +11,7 @@ in security.acme.certs."internal.${domain}" = { domain = "*.internal.${domain}"; extraDomainNames = [ "*.internal.${domain}" ]; - dnsProvider = "pdns"; + dnsProvider = "exec"; group = "nginx"; postRun = '' ${pkgs.acl}/bin/setfacl -Rb out/ diff --git a/cluster/services/dns/coredns.nix b/cluster/services/dns/coredns.nix index 85b3c21..e4bbf35 100644 --- a/cluster/services/dns/coredns.nix +++ b/cluster/services/dns/coredns.nix @@ -42,7 +42,7 @@ in }; security.acme.certs."securedns.${domain}" = { - dnsProvider = "pdns"; + dnsProvider = "exec"; # using a different ACME provider because Android Private DNS is fucky server = "https://api.buypass.com/acme/directory"; reloadServices = [ diff --git a/cluster/services/idm/server.nix b/cluster/services/idm/server.nix index 9630e0a..af9b91a 100644 --- a/cluster/services/idm/server.nix +++ b/cluster/services/idm/server.nix @@ -18,7 +18,7 @@ in security.acme.certs = { "internal.${domain}".reloadServices = [ "kanidm.service" ]; "idm.${domain}" = { - dnsProvider = "pdns"; + dnsProvider = "exec"; webroot = lib.mkForce null; }; }; diff --git a/cluster/services/ipfs/cluster.nix b/cluster/services/ipfs/cluster.nix index 7ed288d..14d90b6 100644 --- a/cluster/services/ipfs/cluster.nix +++ b/cluster/services/ipfs/cluster.nix @@ -81,7 +81,7 @@ in { services.nginx.virtualHosts."pin.${domain}" = vhosts.proxy "http://unix:${pinSvcSocket}"; users.users.nginx.extraGroups = [ cfg.group ]; security.acme.certs."pin.${domain}" = { - dnsProvider = "pdns"; + dnsProvider = "exec"; webroot = lib.mkForce null; }; } diff --git a/cluster/services/ipfs/gateway.nix b/cluster/services/ipfs/gateway.nix index ef0e97f..b5bbe4d 100644 --- a/cluster/services/ipfs/gateway.nix +++ b/cluster/services/ipfs/gateway.nix @@ -48,12 +48,12 @@ in security.acme.certs."ipfs.${domain}" = { domain = "*.ipfs.${domain}"; extraDomainNames = [ "*.ipns.${domain}" ]; - dnsProvider = "pdns"; + dnsProvider = "exec"; group = "nginx"; }; security.acme.certs."p2p.${domain}" = { - dnsProvider = "pdns"; + dnsProvider = "exec"; webroot = lib.mkForce null; }; diff --git a/cluster/services/irc/irc-host.nix b/cluster/services/irc/irc-host.nix index 42e1c47..211043e 100644 --- a/cluster/services/irc/irc-host.nix +++ b/cluster/services/irc/irc-host.nix @@ -82,7 +82,7 @@ in { params.ngircd.bits = 2048; }; security.acme.certs."${serverName}" = { - dnsProvider = "pdns"; + dnsProvider = "exec"; group = "ngircd"; reloadServices = [ "ngircd" ]; extraDomainNames = [ linkGlobalSecure.ipv4 ]; diff --git a/cluster/services/monitoring/grafana-ha.nix b/cluster/services/monitoring/grafana-ha.nix index af10b4e..b36d5bb 100644 --- a/cluster/services/monitoring/grafana-ha.nix +++ b/cluster/services/monitoring/grafana-ha.nix @@ -103,7 +103,7 @@ in }; security.acme.certs."monitoring.${domain}" = { - dnsProvider = "pdns"; + dnsProvider = "exec"; webroot = lib.mkForce null; }; diff --git a/cluster/services/storage/garage-gateway.nix b/cluster/services/storage/garage-gateway.nix index 5ba70b9..3a83738 100644 --- a/cluster/services/storage/garage-gateway.nix +++ b/cluster/services/storage/garage-gateway.nix @@ -20,7 +20,7 @@ in }; }; security.acme.certs.${link.hostname} = { - dnsProvider = "pdns"; + dnsProvider = "exec"; webroot = lib.mkForce null; }; diff --git a/cluster/services/websites/default.nix b/cluster/services/websites/default.nix index 999151b..501ec9c 100644 --- a/cluster/services/websites/default.nix +++ b/cluster/services/websites/default.nix @@ -6,7 +6,7 @@ let acmeUseDNS = name: conf: { name = conf.useACMEHost or conf.serverName or name; value = { - dnsProvider = "pdns"; + dnsProvider = "exec"; webroot = null; }; };