diff --git a/data.nix b/data.nix index a245da0..c254eb7 100644 --- a/data.nix +++ b/data.nix @@ -91,10 +91,5 @@ rec { _acme-challenge.grafana 600 CNAME _acme-endpoint.grafana _acme-endpoint.grafana 600 NS ns._acme-endpoint.grafana ns._acme-endpoint.grafana 600 A ${vno1} - - grafana1 600 A ${hosts."vno1-oh2.servers.jakst".jakstIP} - _acme-challenge.grafana1 600 CNAME _acme-endpoint.grafana1 - _acme-endpoint.grafana1 600 NS ns._acme-endpoint.grafana1 - ns._acme-endpoint.grafana1 600 A ${vno1} ''; } diff --git a/hosts/vno1-oh2/configuration.nix b/hosts/vno1-oh2/configuration.nix index 63b571b..cc5c6df 100644 --- a/hosts/vno1-oh2/configuration.nix +++ b/hosts/vno1-oh2/configuration.nix @@ -72,9 +72,9 @@ nsd-acme = { enable = true; - zones."grafana1.jakstys.lt" = { + zones."grafana.jakstys.lt" = { accountKey = config.age.secrets.letsencrypt-account-key.path; - staging = true; + staging = false; }; }; diff --git a/modules/services/nsd-acme/default.nix b/modules/services/nsd-acme/default.nix index 05f7e58..6c241e2 100644 --- a/modules/services/nsd-acme/default.nix +++ b/modules/services/nsd-acme/default.nix @@ -9,7 +9,7 @@ fullZone = "_acme-endpoint.${zone}"; in pkgs.writeShellScript "nsd-acme-hook" '' - set -xeuo pipefail + set -euo pipefail METHOD=$1 TYPE=$2 AUTH=$5 @@ -48,8 +48,8 @@ cleanup ;; failed) - echo "ACME request failed, not cleaning up" - #cleanup + echo "ACME request failed, cleaning up" + cleanup ;; esac ''; @@ -123,9 +123,9 @@ in { description = "dns-01 acme update for ${zone}"; path = [pkgs.openssh pkgs.nsd]; preStart = '' - mkdir -p "$STATE_DIRECTORY/${sanitized}/private" + mkdir -p "$STATE_DIRECTORY/private" ln -sf "$CREDENTIALS_DIRECTORY/letsencrypt-account-key" \ - "$STATE_DIRECTORY/${sanitized}/private/key.pem" + "$STATE_DIRECTORY/private/key.pem" ''; serviceConfig = { ExecStart = let