cluster: switch to exec dns01 provider

2023-12-04 19:31:03 +01:00 · 2023-12-04 19:31:03 +01:00 · 0943c410c3
commit 0943c410c3
parent bfd7a4214c
9 changed files with 10 additions and 10 deletions
--- a/cluster/services/certificates/internal-wildcard.nix
+++ b/cluster/services/certificates/internal-wildcard.nix
@ -11,7 +11,7 @@ in
  security.acme.certs."internal.${domain}" = {
    domain = "*.internal.${domain}";
    extraDomainNames = [ "*.internal.${domain}" ];
-    dnsProvider = "pdns";
+    dnsProvider = "exec";
    group = "nginx";
    postRun = ''
      ${pkgs.acl}/bin/setfacl -Rb out/
--- a/cluster/services/dns/coredns.nix
+++ b/cluster/services/dns/coredns.nix
@ -42,7 +42,7 @@ in
  };
  security.acme.certs."securedns.${domain}" = {
-    dnsProvider = "pdns";
+    dnsProvider = "exec";
    # using a different ACME provider because Android Private DNS is fucky
    server = "https://api.buypass.com/acme/directory";
    reloadServices = [
--- a/cluster/services/idm/server.nix
+++ b/cluster/services/idm/server.nix
@ -18,7 +18,7 @@ in
  security.acme.certs = {
    "internal.${domain}".reloadServices = [ "kanidm.service" ];
    "idm.${domain}" = {
-      dnsProvider = "pdns";
+      dnsProvider = "exec";
      webroot = lib.mkForce null;
    };
  };
--- a/cluster/services/ipfs/cluster.nix
+++ b/cluster/services/ipfs/cluster.nix
@ -81,7 +81,7 @@ in {
  services.nginx.virtualHosts."pin.${domain}" = vhosts.proxy "http://unix:${pinSvcSocket}";
  users.users.nginx.extraGroups = [ cfg.group ];
  security.acme.certs."pin.${domain}" = {
-    dnsProvider = "pdns";
+    dnsProvider = "exec";
    webroot = lib.mkForce null;
  };
 }
--- a/cluster/services/ipfs/gateway.nix
+++ b/cluster/services/ipfs/gateway.nix
@ -48,12 +48,12 @@ in
  security.acme.certs."ipfs.${domain}" = {
    domain = "*.ipfs.${domain}";
    extraDomainNames = [ "*.ipns.${domain}" ];
-    dnsProvider = "pdns";
+    dnsProvider = "exec";
    group = "nginx";
  };
  security.acme.certs."p2p.${domain}" = {
-    dnsProvider = "pdns";
+    dnsProvider = "exec";
    webroot = lib.mkForce null;
  };
--- a/cluster/services/irc/irc-host.nix
+++ b/cluster/services/irc/irc-host.nix
@ -82,7 +82,7 @@ in {
    params.ngircd.bits = 2048;
  };
  security.acme.certs."${serverName}" = {
-    dnsProvider = "pdns";
+    dnsProvider = "exec";
    group = "ngircd";
    reloadServices = [ "ngircd" ];
    extraDomainNames = [ linkGlobalSecure.ipv4 ];
--- a/cluster/services/monitoring/grafana-ha.nix
+++ b/cluster/services/monitoring/grafana-ha.nix
@ -103,7 +103,7 @@ in
  };
  security.acme.certs."monitoring.${domain}" = {
-    dnsProvider = "pdns";
+    dnsProvider = "exec";
    webroot = lib.mkForce null;
  };
--- a/cluster/services/storage/garage-gateway.nix
+++ b/cluster/services/storage/garage-gateway.nix
@ -20,7 +20,7 @@ in
    };
  };
  security.acme.certs.${link.hostname} = {
-    dnsProvider = "pdns";
+    dnsProvider = "exec";
    webroot = lib.mkForce null;
  };
--- a/cluster/services/websites/default.nix
+++ b/cluster/services/websites/default.nix
@ -6,7 +6,7 @@ let
  acmeUseDNS = name: conf: {
    name = conf.useACMEHost or conf.serverName or name;
    value = {
-      dnsProvider = "pdns";
+      dnsProvider = "exec";
      webroot = null;
    };
  };