freshlybakedca.ke / patisserie
Your one-stop-cake-shop for everything Freshly Baked has to offer
fork atom

fix(pm/acme): resolve DNS using cloudflare

We run Tailscale, which sometimes has internal routes to things. These
override all DNS address entries for specified domains, which breaks
verifying ACME TXT records, which prevents us fetching certificates.

Resolving ACME using Cloudflare avoids the issue...

a.starrysky.fyi d048a496 46bdbe02

options
unified split
Changed files
+8
packetmix
systems
teal
acme.nix
umber
acme.nix
+4
packetmix/systems/teal/acme.nix
··· 9 email = "acme@freshlybakedca.ke"; 10 dnsProvider = "cloudflare"; 11 environmentFile = "/secrets/acme/environmentFile"; 12 }; 13 }; 14
··· 9 email = "acme@freshlybakedca.ke"; 10 dnsProvider = "cloudflare"; 11 environmentFile = "/secrets/acme/environmentFile"; 12 + extraLegoFlags = [ 13 + "--dns.resolvers" 14 + "1.1.1.1" 15 + ]; 16 }; 17 }; 18
+4
packetmix/systems/umber/acme.nix
··· 9 email = "acme@starrysky.fyi"; 10 dnsProvider = "cloudflare"; 11 environmentFile = "/secrets/acme/environmentFile"; 12 }; 13 }; 14
··· 9 email = "acme@starrysky.fyi"; 10 dnsProvider = "cloudflare"; 11 environmentFile = "/secrets/acme/environmentFile"; 12 + extraLegoFlags = [ 13 + "--dns.resolvers" 14 + "1.1.1.1" 15 + ]; 16 }; 17 }; 18