Add given password for hosts/mermet/knot/autogeree.net/lebureau.conf to store.

[sourcephile-nix.git] / hosts / mermet / acme / sourcephile.fr.nix

diff --git a/hosts/mermet/acme/sourcephile.fr.nix b/hosts/mermet/acme/sourcephile.fr.nix
index e0d5f23e2ca089032a4ab50601ad1bd4da233247..b9581425f6edb597767a316d6ff272302150cd1d 100644 (file)
--- a/hosts/mermet/acme/sourcephile.fr.nix
+++ b/hosts/mermet/acme/sourcephile.fr.nix
@@ -1,4 +1,4 @@
-{ pkgs, config, ... }:
+{ pkgs, config, info, lib, ... }:
 let
   domain = "sourcephile.fr";
   inherit (config.users) groups;
@@ -8,11 +8,15 @@ in
     table inet filter {
       set output-net-lego-ipv4 {
         type ipv4_addr
-        elements = { 217.70.177.40 }
+        elements = {
+          ${lib.concatMapStringsSep ", " ({ipv4, ...}: ipv4) (lib.filter (args: args ? "ipv4") info.lebureau.dns.secondary.ns)}
+        }
       }
       set output-net-lego-ipv6 {
         type ipv6_addr
-        elements = { 2001:4b98:d:1::40 }
+        elements = {
+          ${lib.concatMapStringsSep ", " ({ipv6, ...}: ipv6) (lib.filter (args: args ? "ipv6") info.lebureau.dns.secondary.ns)}
+        }
       }
     }
   '';
@@ -27,7 +31,7 @@ in
     group = groups."acme".name;
     keyType = "rsa4096";
     dnsProvider = "rfc2136";
-    dnsPropagationCheck = false;
+    #dnsPropagationCheck = false;
     credentialsFile = pkgs.writeText "credentials" ''
       RFC2136_NAMESERVER=127.0.0.1:5353
       RFC2136_PROPAGATION_TIMEOUT=1000