From d048a4962d21a3f255f5ef28dcfdcfbd91d5b9d1 Mon Sep 17 00:00:00 2001
From: Skyler Grey <minion@freshlybakedca.ke>
Date: Fri, 26 Dec 2025 11:25:11 +0000
Subject: [PATCH] fix(pm/acme): resolve DNS using cloudflare
Change-Id: yzqotlkuqkpsxmxkvooknslwktxmumok

We run Tailscale, which sometimes has internal routes to things. These
override all DNS address entries for specified domains, which breaks
verifying ACME TXT records, which prevents us fetching certificates.

Resolving ACME using Cloudflare avoids the issue...
---
 packetmix/systems/teal/acme.nix  | 4 ++++
 packetmix/systems/umber/acme.nix | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/packetmix/systems/teal/acme.nix b/packetmix/systems/teal/acme.nix
index 7785793e..89d76279 100644
--- a/packetmix/systems/teal/acme.nix
+++ b/packetmix/systems/teal/acme.nix
@@ -9,6 +9,10 @@
       email = "acme@freshlybakedca.ke";
       dnsProvider = "cloudflare";
       environmentFile = "/secrets/acme/environmentFile";
+      extraLegoFlags = [
+        "--dns.resolvers"
+        "1.1.1.1"
+      ];
     };
   };
 
diff --git a/packetmix/systems/umber/acme.nix b/packetmix/systems/umber/acme.nix
index d5e1c378..b2c2d2c0 100644
--- a/packetmix/systems/umber/acme.nix
+++ b/packetmix/systems/umber/acme.nix
@@ -9,6 +9,10 @@
       email = "acme@starrysky.fyi";
       dnsProvider = "cloudflare";
       environmentFile = "/secrets/acme/environmentFile";
+      extraLegoFlags = [
+        "--dns.resolvers"
+        "1.1.1.1"
+      ];
     };
   };
 
-- 
2.43.0