nebula: sourcephile.fr: add verify

[sourcephile-nix.git] / hosts / mermet / acme / sourcephile.fr.nix

diff --git a/hosts/mermet/acme/sourcephile.fr.nix b/hosts/mermet/acme/sourcephile.fr.nix
index 70010556df877c465c2a6da68b4770c066b55d1b..a738430de0694aa7204f8e206d6527fd6ce3e1c7 100644 (file)
--- a/hosts/mermet/acme/sourcephile.fr.nix
+++ b/hosts/mermet/acme/sourcephile.fr.nix
@@ -1,4 +1,4 @@
-{ pkgs, config, ... }:
+{ pkgs, config, info, lib, ... }:
 let
   domain = "sourcephile.fr";
   inherit (config.users) groups;
@@ -8,11 +8,15 @@ in
     table inet filter {
       set output-net-lego-ipv4 {
         type ipv4_addr
-        elements = { 217.70.177.40 }
+        elements = {
+          ${lib.concatStringsSep ", " info.lebureau.dns.secondary.ns.ipv4}
+        }
       }
       set output-net-lego-ipv6 {
         type ipv6_addr
-        elements = { 2001:4b98:d:1::40 }
+        elements = {
+          ${lib.concatStringsSep ", " info.lebureau.dns.secondary.ns.ipv6}
+        }
       }
     }
   '';
@@ -23,12 +27,11 @@ in
     email = "root@${domain}";
     extraDomainNames = [
       "*.${domain}"
-      "*.hut.${domain}"
-      "*.code.${domain}"
     ];
     group = groups."acme".name;
     keyType = "rsa4096";
     dnsProvider = "rfc2136";
+    #dnsPropagationCheck = false;
     credentialsFile = pkgs.writeText "credentials" ''
       RFC2136_NAMESERVER=127.0.0.1:5353
       RFC2136_PROPAGATION_TIMEOUT=1000