diff --git a/nix/pkgs/vault-acme/default.nix b/nix/pkgs/vault-acme/default.nix index f156529d79..ec7bc82da4 100644 --- a/nix/pkgs/vault-acme/default.nix +++ b/nix/pkgs/vault-acme/default.nix @@ -15,8 +15,8 @@ buildGoModule rec { src = fetchFromGitHub { owner = "lukegb"; repo = pname; - rev = "c93a5466c09e2198483928e4931e31f2a3cee753"; - sha256 = "sha256:1yik8vx4d9c8qcxrrab0j1vxzcs1qnfgpi62n6rqv2sy19k0kybz"; + rev = "d128cded9a4f96b0c6784f13c6ff6d077f6688da"; + sha256 = "sha256:0yp8nmzp0cfqxh0r6qls0mwz9myaskb3q5qwcwx6gcm2wrwidi84"; }; patches = [ ./just-add-a-sleep.patch ]; diff --git a/ops/nixos/lib/secretsmgr-acme.nix b/ops/nixos/lib/secretsmgr-acme.nix index da69d275c5..c85d2e8a3d 100644 --- a/ops/nixos/lib/secretsmgr-acme.nix +++ b/ops/nixos/lib/secretsmgr-acme.nix @@ -51,7 +51,7 @@ in role = mkOption { type = str; - default = "letsencrypt-cloudflare"; + default = "google-cloudflare"; description = "Which role to use for certificate issuance."; }; diff --git a/ops/nixos/totoro/default.nix b/ops/nixos/totoro/default.nix index 55ea6b6f21..e6d39f2ae8 100644 --- a/ops/nixos/totoro/default.nix +++ b/ops/nixos/totoro/default.nix @@ -506,7 +506,7 @@ in { ExecStart = "${depot.ops.raritan.ssl-renew}/lego.sh"; EnvironmentFile = pkgs.writeText "sslrenew-secret" '' CERTIFICATE_DOMAIN=kvm.lukegb.xyz - CERTIFICATE_ROLE=letsencrypt-cloudflare + CERTIFICATE_ROLE=google-cloudflare RARITAN_IP=192.168.1.50 RARITAN_USERNAME=${secrets.raritan.sslrenew.username} RARITAN_PASSWORD=${secrets.raritan.sslrenew.password} diff --git a/ops/vault/cfg/acme-ca.nix b/ops/vault/cfg/acme-ca.nix index 312dc1eabe..67776ac8fb 100644 --- a/ops/vault/cfg/acme-ca.nix +++ b/ops/vault/cfg/acme-ca.nix @@ -44,5 +44,7 @@ letsencrypt-gcloud-as205479.allowed_domains = gcloudDomains; letsencrypt-staging-gcloud-as205479.allowed_domains = gcloudDomains; + + google-cloudflare.allowed_domains = cloudflareDomains; }; }