grafana is now prod

data.nix

@@ -91,10 +91,5 @@ rec {
     _acme-challenge.grafana   600 CNAME     _acme-endpoint.grafana
     _acme-endpoint.grafana    600    NS     ns._acme-endpoint.grafana
     ns._acme-endpoint.grafana 600     A     ${vno1}
-
-    grafana1                   600     A     ${hosts."vno1-oh2.servers.jakst".jakstIP}
-    _acme-challenge.grafana1   600 CNAME     _acme-endpoint.grafana1
-    _acme-endpoint.grafana1    600    NS     ns._acme-endpoint.grafana1
-    ns._acme-endpoint.grafana1 600     A     ${vno1}
   '';
 }

hosts/vno1-oh2/configuration.nix

@@ -72,9 +72,9 @@
 
       nsd-acme = {
         enable = true;
-        zones."grafana1.jakstys.lt" = {
+        zones."grafana.jakstys.lt" = {
           accountKey = config.age.secrets.letsencrypt-account-key.path;
-          staging = true;
+          staging = false;
         };
       };
 

modules/services/nsd-acme/default.nix

@@ -9,7 +9,7 @@
     fullZone = "_acme-endpoint.${zone}";
   in
     pkgs.writeShellScript "nsd-acme-hook" ''
-      set -xeuo pipefail
+      set -euo pipefail
       METHOD=$1
       TYPE=$2
       AUTH=$5
@@ -48,8 +48,8 @@
               cleanup
               ;;
           failed)
-              echo "ACME request failed, not cleaning up"
-              #cleanup
+              echo "ACME request failed, cleaning up"
+              cleanup
               ;;
       esac
     '';
@@ -123,9 +123,9 @@ in {
             description = "dns-01 acme update for ${zone}";
             path = [pkgs.openssh pkgs.nsd];
             preStart = ''
-              mkdir -p "$STATE_DIRECTORY/${sanitized}/private"
+              mkdir -p "$STATE_DIRECTORY/private"
               ln -sf "$CREDENTIALS_DIRECTORY/letsencrypt-account-key" \
-                "$STATE_DIRECTORY/${sanitized}/private/key.pem"
+                "$STATE_DIRECTORY/private/key.pem"
             '';
             serviceConfig = {
               ExecStart = let