From 864ee129b023a5ec94736dd92b918d8d606b7c22 Mon Sep 17 00:00:00 2001
From: nydragon <contact@ccnlc.eu>
Date: Wed, 12 Mar 2025 10:46:20 +0100
Subject: [PATCH] fix: certificate renewal

---
 hosts/shan/default.nix | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/hosts/shan/default.nix b/hosts/shan/default.nix
index e6e230b..e4ffaf4 100644
--- a/hosts/shan/default.nix
+++ b/hosts/shan/default.nix
@@ -151,8 +151,9 @@
   security.acme = {
     acceptTerms = true;
     defaults = {
-      email = "contact@ccnlc.eu";
+      email = "dns@ccnlc.eu";
       dnsProvider = "ovh";
+      dnsResolver = "9.9.9.9"; # Necessary to avoid failing due to a local dns server
       environmentFile = config.age.secrets.acme.path;
     };
 
@@ -161,6 +162,7 @@
       extraDomainNames = [ "*.ccnlc.eu" ];
     };
   };
+
   services.nginx = {
     enable = true;
     recommendedProxySettings = true;
@@ -171,6 +173,7 @@
         mkVHLocal = mkVH "http://localhost";
         mkVH = domain: port: {
           forceSSL = true;
+          useACMEHost = "ccnlc.eu";
           locations."/" = {
             proxyPass = "${domain}:${toString port}";
             extraConfig = ''
@@ -181,7 +184,6 @@
               proxy_http_version 1.1;
             '';
           };
-          useACMEHost = "ccnlc.eu";
         };
       in
       {
@@ -198,6 +200,7 @@
         "truenas.ccnlc.eu" = mkVH "https://192.168.178.21" 443;
         "calibre.ccnlc.eu" = mkVHLocal config.services.calibre-web.listen.port;
         "prometheus.ccnlc.eu" = mkVHLocal config.services.prometheus.port;
+        "adguard.ccnlc.eu" = mkVHLocal config.services.adguardhome.port;
         "grafana.ccnlc.eu" = mkVHLocal config.services.grafana.settings.server.http_port;
         ${config.services.freshrss.virtualHost} = {
           forceSSL = true;