add vps again

author: Mike Vink <mike@pionative.com> 2024-05-25 10:20:12 +0200
committer: Mike Vink <mike@pionative.com> 2024-05-25 10:20:33 +0200
commit: eb8e0fa7ccdc2b8b28b344b18ef2f081553f91e9 (patch)
tree: ac221430329c9ccfddb420770bc4afee6072b0a7 /profiles/homeserver
parent: d91e0da1605e150190b3e452b53cdf10087dba77 (diff)
2 files changed, 8 insertions, 1 deletions
diff --git a/profiles/homeserver/acme.nix b/profiles/homeserver/acme.nix
index 5092d63..1880db2 100644
--- a/profiles/homeserver/acme.nix
+++ b/profiles/homeserver/acme.nix
@@ -2,6 +2,7 @@
   security.acme = {
     acceptTerms = true;
     defaults = {
+      extraLegoFlags = [ "--dns.disable-cp" ];
       extraLegoRunFlags = ["--preferred-chain" "ISRG Root X1"];
       email = ivi.email;
       dnsProvider = "porkbun";
diff --git a/profiles/homeserver/dns.nix b/profiles/homeserver/dns.nix
index a93425d..917c8bb 100644
--- a/profiles/homeserver/dns.nix
+++ b/profiles/homeserver/dns.nix
@@ -23,7 +23,13 @@
         name = ivi.domain;
         stub-addr = "127.0.0.1@10053";
       } ];
-      forward-zone = [ {
+      forward-zone = [
+      {
+        name = "_acme-challenge.${ivi.domain}";
+        forward-addr = config.services.resolved.fallbackDns;
+        forward-tls-upstream = true;
+      }
+      {
         name = ".";
         forward-addr = config.services.resolved.fallbackDns;
         forward-tls-upstream = true;
author	Mike Vink <mike@pionative.com>	2024-05-25 10:20:12 +0200
committer	Mike Vink <mike@pionative.com>	2024-05-25 10:20:33 +0200
commit	eb8e0fa7ccdc2b8b28b344b18ef2f081553f91e9 (patch)
tree	ac221430329c9ccfddb420770bc4afee6072b0a7 /profiles/homeserver
parent	d91e0da1605e150190b3e452b53cdf10087dba77 (diff)