services: Adjust lego timeouts/resolvers

the-maldridge · the-maldridge · commit 07fff88dc9ee · 2021-12-16T20:02:27.000-06:00
diff --git a/services/nomad/infrastructure/lego.nomad b/services/nomad/infrastructure/lego.nomad
@@ -18,13 +18,13 @@ job "lego" {
       }
 
       config {
-        image = "ghcr.io/void-linux/infra-lego:v20210923RC04"
+        image = "ghcr.io/void-linux/infra-lego:v20211216RC02"
       }
 
       env {
         VAULT_ADDR="http://active.vault.service.consul:8200"
         ACTION="renew"
-        DO_PROPAGATION_TIMEOUT="10m"
+        DO_PROPAGATION_TIMEOUT="600"
       }
 
       template {
diff --git a/services/pkg/lego/lego.sh b/services/pkg/lego/lego.sh
@@ -2,7 +2,7 @@
 
 : "${ACTION:=renew}"
 : "${SERVER:=https://acme-v02.api.letsencrypt.org/directory}"
-: "${DO_PROPAGATION_TIMEOUT=15m}"
+: "${DO_PROPAGATION_TIMEOUT=900}"
 
 export DO_PROPAGATION_TIMEOUT
 
@@ -25,14 +25,12 @@ mkdir -p secret/lego/data
 handle_path secret/lego/data
 cp -r secret/lego/data pre-run
 
-
-# Need to dynamically choose whether to run or renew here.  Plausibly
-# easier to just run it once and then change the arguments.
 lego \
     --accept-tos \
     --email maldridge@voidlinux.org \
     --path secret/lego/data \
     --dns digitalocean \
+    --dns.resolvers 8.8.8.8:53 \
     --domains '*.voidlinux.org' \
     --domains '*.s.voidlinux.org' \
     --server $SERVER \

Original file line number	Diff line number	Diff line change
`@@ -18,13 +18,13 @@ job "lego" {`
`18`	`18`	`}`
`19`	`19`
`20`	`20`	`config {`
`21`		`- image = "ghcr.io/void-linux/infra-lego:v20210923RC04"`
	`21`	`+ image = "ghcr.io/void-linux/infra-lego:v20211216RC02"`
`22`	`22`	`}`
`23`	`23`
`24`	`24`	`env {`
`25`	`25`	`VAULT_ADDR="http://active.vault.service.consul:8200"`
`26`	`26`	`ACTION="renew"`
`27`		`- DO_PROPAGATION_TIMEOUT="10m"`
	`27`	`+ DO_PROPAGATION_TIMEOUT="600"`
`28`	`28`	`}`
`29`	`29`
`30`	`30`	`template {`