From b48a52fe79ed46e40d44661a67a070d1f98be138 Mon Sep 17 00:00:00 2001 From: Gene Liverman Date: Sat, 24 Jan 2026 23:19:34 -0500 Subject: [PATCH] Fix acme talking to Gandi --- modules/hosts/common/linux/lets-encrypt.nix | 5 ++--- modules/hosts/common/secrets.yaml | 6 +++--- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/modules/hosts/common/linux/lets-encrypt.nix b/modules/hosts/common/linux/lets-encrypt.nix index 1903df1..e885306 100644 --- a/modules/hosts/common/linux/lets-encrypt.nix +++ b/modules/hosts/common/linux/lets-encrypt.nix @@ -10,8 +10,7 @@ acceptTerms = true; defaults = { email = "lets-encrypt@technicalissues.us"; - credentialFiles = { "GANDIV5_API_KEY_FILE" = "${config.sops.secrets.gandi_api.path}"; }; - #credentialFiles = { "GANDIV5_PERSONAL_ACCESS_TOKEN_FILE" = gandi_dns_pat; }; + credentialFiles = { "GANDIV5_PERSONAL_ACCESS_TOKEN_FILE" = "${config.sops.secrets.gandi_dns_pat.path}"; }; dnsProvider = "gandiv5"; dnsResolver = "ns1.gandi.net"; # uncomment below for testing @@ -21,6 +20,6 @@ sops = { age.keyFile = "${config.users.users.${username}.home}/.config/sops/age/keys.txt"; - secrets.gandi_api.sopsFile = ../secrets.yaml; + secrets.gandi_dns_pat.sopsFile = ../secrets.yaml; }; } diff --git a/modules/hosts/common/secrets.yaml b/modules/hosts/common/secrets.yaml index 6dfce05..98375e1 100644 --- a/modules/hosts/common/secrets.yaml +++ b/modules/hosts/common/secrets.yaml @@ -1,4 +1,4 @@ -gandi_dns_pat: ENC[AES256_GCM,data:biWxwhrrE1ZOwViDtg0G0eIZz7+k804kBwN1icJWmh5TVi/Ylqbixw==,iv:pip7MXKdf5i0Ks7zdCs2O7UpxLq3HJY0KPNOwgta5+8=,tag:6X98FRXctX8cgBPY1pm+cw==,type:str] +gandi_dns_pat: ENC[AES256_GCM,data:3L1RDSbCqkmLmguSgsJsf3gdnSi/zxS8xtl+B+kwBeaOnX3X5fmM7A==,iv:SWAfEAC/3klgreTppGZWV5SACrQEEL8tsXUvYFlJXyk=,tag:IiekQLSf1vnjRQr6ZRsVMQ==,type:str] gandi_api: ENC[AES256_GCM,data:YsdDMk75miIKO4LkCZjfwJw6gxfrmsTL,iv:BOPRxB661sPJnUH1AUKEALIJfBeyAHZpkWJEDbY+7i8=,tag:TvtW7qhPbOqi9kKDcIe28w==,type:str] hetzner_api_token: ENC[AES256_GCM,data:8+bYBnI6vSQ7QIDFv0zplU2A2lW2c7JA9WArCGeAgjg=,iv:Y92uRgjKfuGDY4HMr+j6uDweMmMCx0FBydP3alGgb3M=,tag:cbmeVnP1XcqE+T0qpzJfbw==,type:str] hetzner_lego_env: ENC[AES256_GCM,data:xRADnkMC/mTq8/oRpZ+NYTStB9qX2N6V0GNIpGsXNedgO3bTvowgMukyDW4nX19V627ykk5vPC/HTRhZ8ia2KxRJfqa+9n5+Eg83iAFtrQGOe2rvEGEHDUoCTSb/G8YA8XzB3t69Xc+o8g59Grf4rXvNLEEwewn92BP7YWoxvpPaeT3yl/g7/0m4SDXKR/D3LtiN4nikiUFYT6nBG+WipMK3oEw=,iv:dL4hw4/v1FgJKwmCzIpMKvryrm+mMb7SoohPi78paPY=,tag:Lq3vBkyVbv7w5/RIHcsiUg==,type:str] @@ -108,7 +108,7 @@ sops: ODFjcWxtRjkweGJvdzdWSEphMHRCdm8Kx0amHgaZZR26c+VRVTyBEnm+w5c5nA7R txHj1U349LbfEsovTqZAL1o2WuX+gmXSj1aeXPKW+S0bIagC6dDacA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-10-30T02:44:34Z" - mac: ENC[AES256_GCM,data:CqqfSnNfUK8BI7n6/n7UbtANa0TmWkjmgb4aZwPzc1NPLXtH1xRMdysb8UtNFKwz5pDmGihT4VeVVu11vkOm6iPyS4no7FatkSA1zqGw97vo9kYKZETzKbw6a8nw1Lgbj6MRpxZQYidgir13AOiilzAEsEhzFddAOkNwr9K2NJ8=,iv:1Ns8+JKWeWdwCTIkQk1zTPDm8JtLtZ76gL5JU1A0100=,tag:j58QBexUW/SBZ5+kyoV0Zg==,type:str] + lastmodified: "2026-01-25T02:27:36Z" + mac: ENC[AES256_GCM,data:83QyyqQqy9dkW1PIjo6fFDV1oLv3GCrfV9xiq5pZJwW9uhvNTi1LvR4bX55foK7lPBRmtW9xCRIGWCm1nORTJH1ae3cdRuZ+moUictpn0AuqJY/E/4+Nlr7TMdJUj3NI9bfGkJ+BoizGvPg+43ubobnl/+PH7/3Tu0omXkhUB9A=,iv:tcBMolA2hcVKfUhPnK6P9H1Xl1n5jMH+Qo0vEe5CgkE=,tag:L9gpXtvYIYN/gRl7rBPqtA==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0