1 { pkgs, config, info, ... }:
3 domain = "autogeree.net";
4 inherit (config.users) groups;
7 networking.nftables.ruleset = ''
9 set output-net-lego-ipv4 {
12 ${info.gandi.dns.secondary.ns.ipv4}
15 set output-net-lego-ipv6 {
18 ${info.gandi.dns.secondary.ns.ipv6}
23 systemd.services."acme-${domain}".after = [
26 security.acme.certs.${domain} = {
27 email = "root+letsencrypt@${domain}";
31 group = groups."acme".name;
33 dnsProvider = "rfc2136";
34 #dnsPropagationCheck = false;
35 credentialsFile = pkgs.writeText "credentials" ''
36 RFC2136_NAMESERVER=127.0.0.1:5353
37 RFC2136_PROPAGATION_TIMEOUT=1000
38 RFC2136_POLLING_INTERVAL=30
39 RFC2136_SEQUENCE_INTERVAL=30
40 RFC2136_DNS_TIMEOUT=1000