From 3bf73b3decf777b74370d5d59b73b9061a5722e8 Mon Sep 17 00:00:00 2001
From: jasmine <its.jassy@pm.me>
Date: Mon, 3 Jun 2024 21:18:56 +0800
Subject: [PATCH] Migrate from cloudflare to porkbun

---
 nixos/viridian/services/traefik/default.nix   |  22 ++----------------
 .../viridian/services/traefik/environment.age | Bin 390 -> 409 bytes
 2 files changed, 2 insertions(+), 20 deletions(-)

diff --git a/nixos/viridian/services/traefik/default.nix b/nixos/viridian/services/traefik/default.nix
index 80f61e9..124e613 100644
--- a/nixos/viridian/services/traefik/default.nix
+++ b/nixos/viridian/services/traefik/default.nix
@@ -11,7 +11,7 @@
   ];
 
   age.secrets.traefik = {
-    # Environment variables for cloudflare dns challenge
+    # Environment variables for porkbun dns challenge
     rekeyFile = ./environment.age;
     owner = "traefik";
     group = "traefik";
@@ -73,24 +73,6 @@
         # Hypertext Transfer Protocol Secure
         websecure = {
           address = ":443";
-          # Trust cloudflares forwarded header information
-          forwardedHeaders.trustedIPs = [
-            "173.245.48.0/20"
-            "103.21.244.0/22"
-            "103.22.200.0/22"
-            "103.31.4.0/22"
-            "141.101.64.0/18"
-            "108.162.192.0/18"
-            "190.93.240.0/20"
-            "188.114.96.0/20"
-            "197.234.240.0/22"
-            "198.41.128.0/17"
-            "162.158.0.0/15"
-            "172.64.0.0/13"
-            "131.0.72.0/22"
-            "104.16.0.0/13"
-            "104.24.0.0/14"
-          ];
           # Requests wildcard SSL certs for our services
           http.tls = {
             certResolver = "lets-encrypt";
@@ -121,7 +103,7 @@
           caServer = "https://acme-v02.api.letsencrypt.org/directory";
           # Use a DNS-01 ACME challenge
           dnsChallenge = {
-            provider = "cloudflare";
+            provider = "porkbun";
             resolvers = [
               "1.1.1.1:53"
               "8.8.8.8:53"
diff --git a/nixos/viridian/services/traefik/environment.age b/nixos/viridian/services/traefik/environment.age
index 4a023fbb27f1658ace1c8464efa1037ca14acf48..32e5ca43b7d38d05cc0dc11808b03d40f27f90a4 100644
GIT binary patch
delta 376
zcmV-;0f+vE1DOMmDt~7+T4-=)MQut{Q)YBESTa^<X+~v9H(F3-F;rDIIcPLUG(t#C
zb8u34atdfoQZsRPZbnx@YH@mDVtF??dPO*AM>IuhLRnZ<FK%r%S!`i8XE;r3X9_Jo
zAR{eja%Ew2Wgu8ZD?dvu3P({2EiEk|Y<f{MPBU$JbxU$IGJj1%aAQMRa#J{LR&^^f
zVNo<!X*NzaV>Cusa#m3=3P)5z{k#;x1dak+Yw8@xfKwi*9T|UOFIgGRY}sXYMi&?n
zPs(fYS$D$zw#`>ydzx1Ouha*tPq&wcHd%Gv+j0Gga5D@mm|Dxnu+>oeBS#JINTe|0
zDG_IICR&?l8ga2*<D;}xIMgOSM!r;FN1>3jb{X6wz^;K4KK;qe<CowH;^VS1ig91Z
z-!V)S>xvq`zcZ28Ox(%e1TIC1mf+uK3BU=YuSb|7vW%3%ITAhmpptmC!T1*t_g!Wn
WRH}S=UBP7)jG)$_v0m+1Nk-O`e3|(G

delta 357
zcmV-r0h<1q1BL^TDt~x1V>D7RRe42DH+VR4GgDD%L{lqkS#L~BL1l7UNGobGYk5*H
zV?udBHwtufQ&eU$a8Ot{S8y|UY(Z#vS7B{OHcNSWWJN<%aWqkJT2V+rb4X`rZwf6w
zAW1x4ZFx>WEoX9NVRK~)RbxqSG&4~*Mre6ZVnJ_5K`=o>XMZqJX?QhpRaizfG&E&&
zXlHV5MQc`VS5SCPL|1N8OL9?BFK0<%WJ`8dLkdPiS}$Q$R%kG7cq>&aMM+h63N0-y
zAT%pOV@o$jICO7IS6DVpNI7RUF*R3BcW6p%Ye#TyXjnOEcX~=<c5GEJ3RQGN0pwF=
zR8(zoA~v*8^Io*ujEf5k859`w3j_f-)8HxAupETZtYNNYH?OmX(OQQ_M?Y(md7}j>
zk5}U0aaQYGd^JCBC9X5bjYLg&j7QI>5;JL3tW#Xw0rUj$mNmdB-d}{4#oa8V(2VwA
DY?gvH