fix: certificate renewal

hosts/shan/default.nix

@@ -151,8 +151,9 @@
   security.acme = {
     acceptTerms = true;
     defaults = {
-      email = "contact@ccnlc.eu";
+      email = "dns@ccnlc.eu";
       dnsProvider = "ovh";
+      dnsResolver = "9.9.9.9"; # Necessary to avoid failing due to a local dns server
       environmentFile = config.age.secrets.acme.path;
     };
 
@@ -161,6 +162,7 @@
       extraDomainNames = [ "*.ccnlc.eu" ];
     };
   };
+
   services.nginx = {
     enable = true;
     recommendedProxySettings = true;
@@ -171,6 +173,7 @@
         mkVHLocal = mkVH "http://localhost";
         mkVH = domain: port: {
           forceSSL = true;
+          useACMEHost = "ccnlc.eu";
           locations."/" = {
             proxyPass = "${domain}:${toString port}";
             extraConfig = ''
@@ -181,7 +184,6 @@
               proxy_http_version 1.1;
             '';
           };
-          useACMEHost = "ccnlc.eu";
         };
       in
       {
@@ -198,6 +200,7 @@
         "truenas.ccnlc.eu" = mkVH "https://192.168.178.21" 443;
         "calibre.ccnlc.eu" = mkVHLocal config.services.calibre-web.listen.port;
         "prometheus.ccnlc.eu" = mkVHLocal config.services.prometheus.port;
+        "adguard.ccnlc.eu" = mkVHLocal config.services.adguardhome.port;
         "grafana.ccnlc.eu" = mkVHLocal config.services.grafana.settings.server.http_port;
         ${config.services.freshrss.virtualHost} = {
           forceSSL = true;