From 51ac6aed599548c77bd247ce848264700613e80e Mon Sep 17 00:00:00 2001
From: Ahwx <ahwx@ahwx.org>
Date: Thu, 23 Oct 2025 00:13:33 +0200
Subject: [PATCH] fix: let `acme` wait so that it does not constantly fail. for
 some reason this is required. maybe desec changed their ttl?

---
 modules/services/nginx.nix | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/modules/services/nginx.nix b/modules/services/nginx.nix
index cda6d24..aa4315e 100644
--- a/modules/services/nginx.nix
+++ b/modules/services/nginx.nix
@@ -9,6 +9,12 @@
   security.acme = {
     acceptTerms = true;
     defaults.email = lib.mkDefault "ahwx@ahwx.org";
+    defaults = {
+      # server = "https://acme-staging-v02.api.letsencrypt.org/directory";
+      # dnsPropagationCheck = false;
+      extraLegoFlags = [ "--dns.propagation-wait=300s" ];
+      dnsProvider = "ns1.desec.io:53";
+    };
     certs = {
       "liv.town" = {
         domain = "*.liv.town";