darkkirb/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests 2 Projects Releases Packages Wiki Activity Actions

Hotfix dns

Browse source
This commit is contained in:
Charlotte 🦝 Delenk 2022-12-14 19:50:12 +01:00
parent 5e6d10da15
commit c2516038d3
Signed by: darkkirb
GPG key ID: AB2BD8DAF2E37122
3 changed files with 20 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
config/services/named-submissive.nix
View file

@ -21,7 +21,7 @@ in {
"_acme-challenge.darkkirb.de" = mkZone "_acme-challenge.darkkirb.de";
"chir.rs" = mkZone "chir.rs";
"_acme-challenge.chir.rs" = mkZone "_acme-challenge.chir.rs";
"int.chir.rs" = mkZone ".intchir.rs";
"int.chir.rs" = mkZone "int.chir.rs";
"_acme-challenge.int.chir.rs" = mkZone "_acme-challenge.int.chir.rs";
"shitallover.me" = mkZone "shitallover.me";
"_acme-challenge.shitallover.me" = mkZone "_acme-challenge.shitallover.me";
@ -30,7 +30,6 @@ in {
statistics-channels {
${toString listenEntries}
};
include "/run/secrets/services/dns/named-keys";
'';
extraOptions = ''
allow-recursion {
@ -50,4 +49,8 @@ in {
bindURI = "http://${internalIP.listenIP}:8653/";
listenAddress = internalIP.listenIP;
};
systemd.tmpfiles.rules = [
"d /var/lib/named 4700 named named - -"
];
}

21
config/services/named.nix
View file

@ -39,8 +39,8 @@ in {
})
(signzone {
inherit dns;
ksk = "services/dns/me/shitallover/30477";
zsk = "services/dns/me/shitallover/38310";
zsk = "services/dns/me/shitallover/30477";
ksk = "services/dns/me/shitallover/38310";
zone = shitallover-me;
zonename = "shitallover.me";
})
@ -52,7 +52,7 @@ in {
"darkkirb.de" = {
master = true;
file = "/var/lib/named/darkkirb.de";
slaves = ["fd0d:a262:1fa6:e621:b4e1:8ff:e658:6f49"];
slaves = ["fd0d:a262:1fa6:e621:746d:4523:5c04:1453"];
};
"_acme-challenge.darkkirb.de" = {
master = true;
@ -62,12 +62,12 @@ in {
grant certbot. name _acme-challenge.darkkirb.de. txt;
};
'';
slaves = ["fd0d:a262:1fa6:e621:b4e1:8ff:e658:6f49"];
slaves = ["fd0d:a262:1fa6:e621:746d:4523:5c04:1453"];
};
"chir.rs" = {
master = true;
file = "/var/lib/named/chir.rs";
slaves = ["fd0d:a262:1fa6:e621:b4e1:8ff:e658:6f49"];
slaves = ["fd0d:a262:1fa6:e621:746d:4523:5c04:1453"];
};
"_acme-challenge.chir.rs" = {
master = true;
@ -77,12 +77,12 @@ in {
grant certbot. name _acme-challenge.chir.rs. txt;
};
'';
slaves = ["fd0d:a262:1fa6:e621:b4e1:8ff:e658:6f49"];
slaves = ["fd0d:a262:1fa6:e621:746d:4523:5c04:1453"];
};
"int.chir.rs" = {
master = true;
file = "/var/lib/named/int.chir.rs";
slaves = ["fd0d:a262:1fa6:e621:b4e1:8ff:e658:6f49"];
slaves = ["fd0d:a262:1fa6:e621:746d:4523:5c04:1453"];
};
"_acme-challenge.int.chir.rs" = {
master = true;
@ -92,12 +92,12 @@ in {
grant certbot. name _acme-challenge.int.chir.rs. txt;
};
'';
slaves = ["fd0d:a262:1fa6:e621:b4e1:8ff:e658:6f49"];
slaves = ["fd0d:a262:1fa6:e621:746d:4523:5c04:1453"];
};
"shitallover.me" = {
master = true;
file = "/var/lib/named/shitallover.me";
slaves = ["fd0d:a262:1fa6:e621:b4e1:8ff:e658:6f49"];
slaves = ["fd0d:a262:1fa6:e621:746d:4523:5c04:1453"];
};
"_acme-challenge.shitallover.me" = {
master = true;
@ -107,7 +107,7 @@ in {
grant certbot. name _acme-challenge.shitallover.me. txt;
};
'';
slaves = ["fd0d:a262:1fa6:e621:b4e1:8ff:e658:6f49"];
slaves = ["fd0d:a262:1fa6:e621:746d:4523:5c04:1453"];
};
#"rpz.int.chir.rs" = {
# master = true;
@ -128,6 +128,7 @@ in {
};
recursion yes;
dnssec-validation yes;
allow-transfer { fd0d:a262:1fa6:e621:746d:4523:5c04:1453; };
'';
};
networking.firewall.allowedTCPPorts = [53];

8
zones/shitallover.me.nix
View file

@ -179,14 +179,14 @@ with dns.lib.combinators; let
{
flags.zoneSigningKey = true;
flags.secureEntryPoint = true;
algorithm = "ecdsap256sha256";
publicKey = "FZklP7KowbXVjfkT5ndAE60QFvaKoghhLY2TavukRBGFA8pyGm+ce9QHekbrjE14q8sb5x0uXl4VdyDIUNZ3XQ==";
algorithm = "ed25519";
publicKey = "QThLj6F7+mnYaIhpc0A+Y0b9I0IzZzZGWe2giRqXbXg=";
ttl = zoneTTL;
}
{
flags.zoneSigningKey = true;
algorithm = "ecdsap256sha256";
publicKey = "WH9JM7Qvi2Hz3bCp7O5/WFLNdKUA/2aUkQqByfhaItfqoAm+hw6x4Qj8+umu5EDyo2A/HD/h9b/eO3zVq6pebw==";
algorithm = "ed25519";
publicKey = "vzisZDgE46SLwfzNvTLWEEVVfkiTXWWQkIyy2NCW/1w=";
}
];
subdomains = {