Terraforming NixOS hosts

I’ve made a provider to deploy Nixos hosts with Terraform.

Here is a list of features it support at this moment:

  • configuration deployment
  • secrets deployment
  • SSH bastions
  • provider, Nix, SSH settings overriding on per-host basis
  • host addresses prioritization

Using Certbot with Knot DNS (knsupdate)

This is a note about the integration of the Certbot with Let’s encrypt DNS–01 authentication mechanism. Will not use any cloud services (fuck cloud), just self-hosted DNS instances, like good old times. I’ll show how to configure Knot DNS to accept dynamic DNS updates from knsupdate and how to create a rudimentary hook for Certbot which will use knsupdate to set TXT records with _acme-challenge.