losurdo: transmission: use transmission_4

[sourcephile-nix.git] / hosts / losurdo / acme / sourcephile.fr.nix

diff --git a/hosts/losurdo/acme/sourcephile.fr.nix b/hosts/losurdo/acme/sourcephile.fr.nix
index 324a58602d6c40f8565196585711e41853a85d6b..8d077d2a9d9d1fbeebe428022126a6ea195715f3 100644 (file)
--- a/hosts/losurdo/acme/sourcephile.fr.nix
+++ b/hosts/losurdo/acme/sourcephile.fr.nix
@@ -1,4 +1,4 @@
-{ lib, config, inputs, hosts, hostName, ... }:
+{ pkgs, lib, config, inputs, hosts, hostName, info, ... }:
 let
   domain = "sourcephile.fr";
   domainID = lib.replaceStrings [ "." ] [ "_" ] domain;
@@ -12,12 +12,14 @@ in
         type ipv4_addr
         elements = {
           ${hosts.mermet._module.args.ipv4},
-          217.70.177.40
+          ${info.gandi.dns.secondary.ns.ipv4}
         }
       }
       set output-net-lego-ipv6 {
         type ipv6_addr
-        elements = { 2001:4b98:d:1::40 }
+        elements = {
+          ${info.gandi.dns.secondary.ns.ipv6}
+        }
       }
     }
   '';
@@ -32,22 +34,22 @@ in
     # ns6.gandi.net takes roughly 5min to update
     # hence lego's RFC2136_PROPAGATION_TIMEOUT=1000
     #dnsPropagationCheck = false;
-    credentialsFile = "/dev/null";
+    credentialsFile = pkgs.writeText "acme-credentials-${domain}" ''
+      RFC2136_NAMESERVER=ns.${domain}:53
+      RFC2136_TSIG_ALGORITHM=hmac-sha256.
+      RFC2136_TSIG_KEY=acme_${domainID}
+      RFC2136_PROPAGATION_TIMEOUT=1000
+      RFC2136_POLLING_INTERVAL=30
+      RFC2136_SEQUENCE_INTERVAL=30
+      RFC2136_DNS_TIMEOUT=1000
+      RFC2136_TTL=1
+    '';
   };
   systemd.services."acme-${domain}" = {
-    serviceConfig.LoadCredentialEncrypted =
-      [ "${domain}.tsig:${inputs.self}/hosts/${hostName}/acme/${domain}.tsig.cred" ];
-    environment = {
-      RFC2136_TSIG_SECRET = "%d/${domain}.tsig";
-      RFC2136_NAMESERVER = "ns.${domain}:53";
-      RFC2136_TSIG_ALGORITHM = "hmac-sha256.";
-      RFC2136_TSIG_KEY = "acme_${domainID}";
-      RFC2136_PROPAGATION_TIMEOUT = "1000";
-      RFC2136_POLLING_INTERVAL = "30";
-      RFC2136_SEQUENCE_INTERVAL = "30";
-      RFC2136_DNS_TIMEOUT = "1000";
-      RFC2136_TTL = "1";
-    };
+    serviceConfig.LoadCredentialEncrypted = [
+      "${domain}.tsig:${./. + "/${domain}.tsig.cred"}"
+    ];
+    environment.RFC2136_TSIG_SECRET_FILE = "%d/${domain}.tsig";
     after = [ "unbound.service" ];
   };
 }