commit f51a2e53c2fdfc531163a7cca8a9a77a098a2d2b
parent a6660e737de55c0dcdbb91e8f50cdb1d6a828c90
Author: Katja (ctucx) <git@ctu.cx>
Date: Sat, 15 Mar 2025 11:24:34 +0100
parent a6660e737de55c0dcdbb91e8f50cdb1d6a828c90
Author: Katja (ctucx) <git@ctu.cx>
Date: Sat, 15 Mar 2025 11:24:34 +0100
configurations/nixos/services/dns-server: add `ddns.ctu.cx` zone
2 files changed, 80 insertions(+), 39 deletions(-)
M
|
78
+++++++++++++++++++++++++++++++++++++++++-------------------------------------
diff --git a/configurations/nixos/services/dns-server.nix b/configurations/nixos/services/dns-server.nix @@ -72,6 +72,23 @@ in { })) ); }; + + "${config.dns.dataDir}/extraZones/ddns.ctu.cx.zone"."f~" = { + group = "knot"; + user = "knot"; + mode = "770"; + age = "-"; + argument = ctucxLib.toBase64 ( + dnsNix.types.zoneToString "ddns.ctu.cx" (dnsNix.evalZone "ddns.ctu.cx" (with dnsNix.combinators; { + NS = [ "ns1.ctu.cx." "ns2.ctu.cx." ]; + SOA = { + nameServer = "ns1.ctu.cx."; + adminEmail = "dns@ctu.cx"; # Email address with a real `@`! + serial = 0; + }; + })) + ); + }; }; dns = { @@ -93,9 +110,20 @@ in { |> lib.mapAttrsToList (hostName: _: "acme-nix-${hostName}") ); }; + "ddns.ctu.cx" = { + storage = "${config.dns.dataDir}/extraZones"; + file = "ddns.ctu.cx.zone"; + + zonefile-sync = 0; + zonefile-load = "difference-no-serial"; + + journal-content = "all"; + + acl = [ "ddns-seifenkiste" ]; + }; }; - extraACL = lib.mkIf config.dns.primary ( + extraACL = lib.mkIf config.dns.primary (( nodesWithACMERecords |> lib.mapAttrs' (hostName: _: { name = "acme-nix-${hostName}"; @@ -107,7 +135,15 @@ in { update-owner-name = getACMERecordsPerNode hostName; }; }) - ); + ) // { + ddns-seifenkiste = { + key = [ "ddns-seifenkiste" ]; + action = "update"; + update-owner = "name"; + update-owner-match = "equal"; + update-owner-name = [ "seifenkiste.ddns.ctu.cx." ]; + }; + }); allZones = with dnsNix.combinators; let CAA = [ { issuerCritical = false; tag = "issue"; value = "letsencrypt.org"; } ]; @@ -133,6 +169,7 @@ in { ); "acme".NS = [ "ns1" "ns2" ]; + "ddns".NS = [ "ns1" "ns2" ]; _atproto.TXT = [ "did=did:plc:zaeuok3fmh2pcp4cjiicku4i" ]; } // (generateACMERecordsPerZone "ctu.cx");
diff --git a/secrets/hector/knotKeys.age b/secrets/hector/knotKeys.age @@ -1,39 +1,43 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnRWNUY3AxaThsbXI5VCto -bENnaGhXRkhIbVBPOXZJbkxJUUdpMjBsbVVnCmUyWVNhby9CLy8yclBhb0UzRmFn -VEtiL05lSGFhUkJub2Z2eC9Hc0ZlQ1kKLT4gc3NoLWVkMjU1MTkgeWFMSFNRIHZI -WXc0Zm5aSGhJRWJGSGd1WGRmaGFhMlpPVTZwNGpwZUlpdUZic29VQncKRkIwUGVj -OW5lMlFpRE1sbXI0cnExMVY3UFNZYVluUWdvaHE4dWRNM2NNWQotPiBBR09XNi1n -cmVhc2UKcGxiLzhpOEc0MmwwOUJ2aUllUzY5OVZYRlZHUFFpRXNkdGtyUFA1QzN0 -M2JIK0UKLS0tIFZVU1BEeTFXWVlPb1pSSGJ0OVptMzZwMUVDSm9Ed2JpSW5uOXRT -SDhxZGMKsp/ngseET20lP83j5KMO6bYZiQiHxdrPq3rCZnVNI0vXSykMLlJCqfBG -pAo/q+g903ywCzugu9oQnyz+PlH5naYs/lrNjU6DAqNDtWhcLbxOemTxsYnEo7z4 -ft0A0jqWBmqiJdDoe2Z2Tu/g3DNQKD/x6aIX9m0c9o4hgZYSuEhDMEsahEbcPPjl -OignpceSIgb9VYlhqo0uRIoSuXL+dYiFWZ5387Y2b+wqInDy3h+ya0H1tNw5tr2S -f7C70pywe4JysNLm+Z5hvElZoOfdH6kanzJTQDTkcSw0i5Xi3YPs3DtIICtihg30 -/X+ejava4eaZsWviExPHD2ulL+J7zkL8wc21HcN9yNsE/gGMma5N++15FcM6eGTW -1k99ts0T/ZtuJAy9Q3MlFowFOO8LwJaf0GgGIYQa7ygYb5iQV1PY5QRtcg/rfE0p -i+bCUh69Buq6HtQ1XU1+HT1j8/AZRD6pba2BEJSUboQ0nf7maA6/45DAF7HyfO5I -r8vo0p2+DVW5NOw4A29NcORpps1ZdcwQffaArNKTSZ8o+Qknxu0lAokncL8M0+qD -9kLZkCQ5hGt7Mln/Q4cw2NYkPmB1zQulGV90lI4DP3GTjlVqeNnEtiGdcAZ8fgjY -TJhc7f6XWNy3I2UPbSzE5H/fIbI8o2uztOQunkzLPYT6Au0U++qPrVnzTCjqJE8W -ZxDT8r9ONg1hIhBU/LL09jRutY+zbRwNQznWR0ZA4zxBFhrdcg85e4hjevRD6iRM -zaB5N66rAykSWm0HhekrD7vOj7cMG5P5ApmgH4379Z1+w+V4h1DY+0kDvAlMqaGm -KXptf0fzOO6xinjEUfLqpBKGjHmmUUgfvBlqxoX5KaLA8agiYXR9n+coANxV4XCj -+u64TF5q1jnxkiAeQzdM136nB+CA889MCcHwiXkPt6bwrLDOdX1njOxItljPoM1Q -dBgxLaxGF4uAMzgPATNpE29CdQQbhuM7NnuTf2qBpyIPcSLFr/c6rFCnokEzp3xt -TZk+DSZtkXEuEt5r2Ly5dR+OnDmk5oVXrZXU19dw/bA3AhHkaginFKx6Sd3LGjx9 -xpd/mqxNZoiLmx5bKrWXGjTqPkzCUziYp/3zdBG7s6pVHOxvg3IlzmEkJCh/KP7d -/RAVc/a4BJLNsJjy34bRBhnFMcJoWRA2MDeEKzuG7QbMPD9mMNwcEdOl6SETNhfB -tZOHDYJJ0mRikyMjpfrIjeg1MJ1nOGvwq0zGa1v/YgCfu/0cGAAV6UMB3enJ9PxY -NDx0FyPTSl8aNtx44Sus0vkpWoKcsb/iMKFv8AMgZSr0bdRXMhbRmjad61dJXEv+ -A8Z4CAWP6eUMEt9f/fAJAOK33NUuQWfcJDdrut0m/UISd9sg26skbGkF3CUJ8ajb -E7Bx9dNnMkcMtOc8hQ7d1rWjEfPsHyfyzVDyOpFC1WmtmKNaeQpTKyJudU0Z4j9r -gn15eBuG1Dpxvaxe2jNUz8+BfxNXwh79ALqzS6E08wVeueR9Dn6j2nhKZRCqBpsS -vD4cDSXtgQC06ecM3JA6uBboSxEUyDrdghZCj8vpH+sPL7RA1YO5fdnvsM81anUz -Lyxv0TIACf2MoYv1jFhCQixyLu3EOxLQQn9/GNip3J1KeXL39Epjofqi+2/y22G/ -lylbpMIGXhwxT5ER89WkvbEwuxv6D/wrjuWleFsNXXyYyajLcODrL4mktioVKKge -GUbEm3U6T8Fv6M425Je1Yl9bjmEnr1v2bPbWtAZrnk39xwSOFFNhoV/FNaB9lYlu -wnbY7gR71uB+K0VwBqxPbFJXBmtQCZ6uw+AZw9P4fuF2xSRVPm4im6Q8gLZqye3Z -5YHUyBVdErPdZW+hvAxy+YHP2S3unDnJJkJpF77BqKq81yoCrGwE2RWlAbFDQg== +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOanJ3c2Uwb1Z3VlNqaTBm +enAxdldiMitqdEJiQUVXcHBlTldFb3Jwb0VFCnEwRkFJM2JrUHpXZzN5eWVNZnk0 +VlJXZUlEbm1wVy9Wdy9FcUgvNmxRVncKLT4gc3NoLWVkMjU1MTkgeWFMSFNRIFE2 +bzl6REk4UDJhOFV5eE9tNzUxS0ZuSmhlY2RZMGtUYkhJa2s5c3R0UXMKU1JRS3h1 +cVRWRlNZb050Z2tVME9NQ1dHL1lYNTRrQ1RZVTRhTHh1YkhXRQotPiB4P20tZ3Jl +YXNlCjMwRjlVcDlyeGcKLS0tIGZYT3dIWHJCcjMydC9YU2d3K2c4NXlNQmd2QUdN +UDhKUUZ0NnZic3FCbGMK+mkg5/8GENvBn+CaH+cIFSWB65n+wG1Hak3B3YNTVci8 +hHO62/km/7FHyEbApN3RVXf0KhuYCiv+9KqovZmEbqWr7hdOMdML4zlwC8qCW5WV +eJdDNFwYVWlw+/n4CKwaClQtio/Ypj5aPgD3ql/vzc0D4H+JYu/ZJVedSvgT+UMY +B76y8KMXLJzF3E4cKKneGYhgOM+8BtNjt+DQalakOc7rLHwc8PoLCyABqpKvHymM +kwDa3s1HjHxStK/PY9U78XTt5bTsilVLagTXNBtt8Yoe0Dw6mSVPr1991Y72uYRH +HlVAHbgrSFbkl1rIXhbPsmtZ9gfcu66OG4R6XMoj7VtWh0XXI2CGM7REJfS7y7yR +F99nLr8NS4y6iegV8Ppmv8iddfyoYmU4J4SigpyKEvTl+mKXqaKcSn0hfhLhCKSi +wlPnA6l+cWJ0ogYn1QUmuchv7kj4S9YdV7NezYlOzEbxIwc9JBE/Iunx2jIt9EaC +wZcyu8Ohd5dAiCCS3IHHwbBuZvWYqa0gRzJvt7uoNLzK4b0InP0gA/frangFnxpk +asYb1yrNd+OvIx6W3sLWtDJuFMjgB/jJpBJWEvHR3LuEkxuv7q8J8Yz5VLpI2rhz +8Q/lJYXlRnpA2dOH66JXxiTnktg42I0vBsylKLAba8anQBbNUi1qtyQj+ldIaSea +V7aFvZDP/kyb7bXm1GukYj9T+wPlND7EFhQK/pRyM2iCDIFIBC3NzeRPFaLuO6Fj +25ME9izI6VGLf/w887T9V4iA3wdN8yOoWeZTuT6E/M/ldFXkGpLAln5de4Qnuckm ++w5HqK2vOZoSHAqC54IVIpbtcLaTj8AVC+m6VzvLjuz29K29RG2snvzTsYsLZpKv +N5SR9E83tedZs1V2l/p51keEJxiBsKScXIHwzOLBlsK+aG/Cox6podckFZdexpO2 +eUXHTaqlNoa1OC54Zuu9/+gUPSxrs+vinmYY8tAhHZncvEyZjxeBWXs9p/HYXzc+ +SXV/H9kA7K7421PZEVSZqYFVP7+TgQJg8TMmMIJW8XVk9pRQ49YufRAJ3EVyqdLe +WJsuQXXKsaFwc/SAmakKOAlVhh0kDYeXdjIF7r1sD2pVsPVe8/haTJyugQCOTGv6 +4cDaIgJyGFmLtRtevY55xJMIMPeMNBa22VuRMP4yCFw6BKMOflxjPkC+9W5p7Yid +ig24BcpkWvhbuAcF3qfIcHM48YEimKm4Y1FkFptQDT13iDi9jyStC6x5BWlDq4h/ +Sd8OSf1L9B5iUw/pAz/5GTP81IptZ4qOOgXT0ZvBhaJTiFWMZP6jixCA0+mwDmEr ++sp8DtAlQ9SRGgq2+r1YBhZi5IQ1khE70uXqZwybRCGARSJnnh0KkxIMvJ7kEkdW +HxB7x4Lym0o2Llo4Y2qvTD2oVaXEGX8T9eAZkTPv987D/k+IYf6RFua9RXkAf9YH +1FRqI8fnOqfzXA099X7fHtPPkP0ON2sJrilgnMNJOw+eYCpbT5TXjw12PjshXnS2 +0Nbyvn5u1l3joNhzL/x8A3iSQ9PbC31K1LsfonWXCpaPjY8VRRvrMTYS+LfYs/WT +AIv+rcfztU5UyUz7CZrdJ0sMoNKwJ9nBXSBfAxxv3hLvH9H5034Er9rWgDNDMbPV +o+DnMM9UWv2y8IW+2cyobOkHMfNTrNUiWEGkCh8vThthTDR0JnLnAyekTkvT68SW +rFoxWfMYswnVI1yH6eEZ9RpGNbHsu8s67v7r4UhcmYWawj5a4XSp50r2s2frdQlp +0yZ8MoKquhsNlpy93qvoEi6sGakr/aoRzJgLwcW6JfknXSU9EVbkHVAQqIyWwyoo +dKc0Wmba5Gbm7qhgiG6hsXPmjelquH1Z1194JprxZndx1dal53ncat118RlQ3k0b +Hk+7nO5n9thcHxJxKCXJpWSMCFSPR4qk9DkrGfpEyAgLULwk5WzNySZR9333bJxL +DW9bvgvOraJWl/ueDB6ksbwOQKc3kcBxeNRT19pBFpi92DMfSSvvTZoFKdWFr+Gj +DUjYbkoHwyBddFYURvrdKWqWprz9SyZw1yuzT1ME+QDAso8hSCZD502F8NtEsOzt +LvGSnAjCX43X0+zx2g7EBrMd/1ZDGtGkSgItkszwS8T0SXDpUai80rDQvTRoFG+u +lr5br1O2a7PGdBT3Ck/4SjjnbOubVjhQhu/I4k6gNVC+w7bMrTG0QpHiwA== -----END AGE ENCRYPTED FILE-----