nebula: sourcephile.fr: add verify

[sourcephile-nix.git] / hosts / losurdo / acme / sourcephile.fr.nix

diff --git a/hosts/losurdo/acme/sourcephile.fr.nix b/hosts/losurdo/acme/sourcephile.fr.nix
index 893d9f752dcb8dd41a1637adfd5753067260192a..8d077d2a9d9d1fbeebe428022126a6ea195715f3 100644 (file)
--- a/hosts/losurdo/acme/sourcephile.fr.nix
+++ b/hosts/losurdo/acme/sourcephile.fr.nix
@@ -1,4 +1,4 @@
-{ pkgs, lib, config, inputs, hosts, hostName, ... }:
+{ pkgs, lib, config, inputs, hosts, hostName, info, ... }:
 let
   domain = "sourcephile.fr";
   domainID = lib.replaceStrings [ "." ] [ "_" ] domain;
@@ -12,12 +12,14 @@ in
         type ipv4_addr
         elements = {
           ${hosts.mermet._module.args.ipv4},
-          217.70.177.40
+          ${info.gandi.dns.secondary.ns.ipv4}
         }
       }
       set output-net-lego-ipv6 {
         type ipv6_addr
-        elements = { 2001:4b98:d:1::40 }
+        elements = {
+          ${info.gandi.dns.secondary.ns.ipv6}
+        }
       }
     }
   '';
@@ -44,8 +46,9 @@ in
     '';
   };
   systemd.services."acme-${domain}" = {
-    serviceConfig.LoadCredentialEncrypted =
-      [ "${domain}.tsig:${inputs.self}/hosts/${hostName}/acme/${domain}.tsig.cred" ];
+    serviceConfig.LoadCredentialEncrypted = [
+      "${domain}.tsig:${./. + "/${domain}.tsig.cred"}"
+    ];
     environment.RFC2136_TSIG_SECRET_FILE = "%d/${domain}.tsig";
     after = [ "unbound.service" ];
   };