lasuite-federez/nix
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

simplify dns conf

Browse source
This commit is contained in:
asyncnomi 2025-07-27 17:09:23 +02:00
parent 0deb5787fd
commit b40660f025
1 changed files with 18 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

53
shared/dns/knot.nix
View file

@ -14,11 +14,6 @@ let
supportsIPv4 = nd: lib.hasAttr "ip4" nd;
supportsIPv6 = nd: lib.hasAttr "ip6" nd;
timestampDerivation = pkgs.runCommand "timestamp" {} ''
echo -n $(date +%s) > $out
'';
timestamp = builtins.readFile timestampDerivation;
# Domain key
domainkey = ''
v=DKIM1; k=rsa; p=${dkim.dkim_pub}'';
@ -126,12 +121,11 @@ let
firstNSDn = "${hostToDomain firstNS}.net.";
# Zone conf
zoneLasuiteFederezNetFilePath = "/var/lib/knot/zones/zone-lasuite-federez-net";
zone-lasuite-federez-net = pkgs.writeText "zone-lasuite-federez-net" ''
$ORIGIN lasuite.federez.net.
$TTL 60
@ IN SOA ${firstNSDn} monitoring.lasuite.federez.net. (
${timestamp} ; serial
2025072701 ; serial
60 ; refresh
60 ; retry
60 ; expire
@ -150,12 +144,11 @@ let
default._domainkey IN TXT "${lib.concatStringsSep "\" \"" domainkeySplitted}"
'';
zoneLfFilePath = "/var/lib/knot/zones/zone-lf";
zone-lf = pkgs.writeText "zone-lf" ''
$ORIGIN lf.
$TTL 60
@ IN SOA dns.lf. monitoring.lasuite.federez.net. (
${timestamp} ; serial
2025072701 ; serial
60 ; refresh
60 ; retry
60 ; expire
@ -174,11 +167,11 @@ in
};
};
# Ensure the directory exists and is writable
systemd.tmpfiles.rules = [
"d /var/lib/knot/zones 0755 knot knot -"
"f /var/lib/knot/zones/zone-lasuite-federez-net 0644 knot knot -"
];
# # Ensure the directory exists and is writable
# systemd.tmpfiles.rules = [
# "d /var/lib/knot/zones 0755 knot knot -"
# "f /var/lib/knot/zones/zone-lasuite-federez-net 0644 knot knot -"
# ];
# Force complete restart on zone changes
systemd.services.knot = {
@ -212,13 +205,20 @@ in
acl = acls;
mod-queryacl = modQueryACLs;
template = [{
id = "default";
zonefile-sync = -1;
journal-content = "all";
serial-policy = "increment";
}];
zone = if myName == mapping.dns.master then [
{
domain = "lasuite.federez.net";
file = zoneLasuiteFederezNetFilePath;
file = zone-lasuite-federez-net;
dnssec-signing = "on";
dnssec-policy = "default";
zonefile-load = "difference";
zonefile-load = "difference-no-serial";
notify = remotesNames;
acl = remotesACLNames ++ [
"acl_le_challenge"
@ -226,7 +226,8 @@ in
}
{
domain = "lf";
file = zoneLfFilePath;
file = zone-lf;
zonefile-load = "difference-no-serial";
notify = remotesNames;
acl = remotesACLNames;
module = "mod-queryacl/local";
@ -253,22 +254,4 @@ in
];
};
};
# Write the generated zone file to the writable path
systemd.services.writeLasuiteFederezNetZoneFile = {
before = [ "knot.service" ];
description = "Write initial zone file for lasuite.federez.net";
serviceConfig = {
ExecStart = "${pkgs.coreutils}/bin/cp '${zone-lasuite-federez-net}' ${zoneLasuiteFederezNetFilePath}";
};
wantedBy = [ "multi-user.target" ];
};
systemd.services.writeLfZoneFile = {
before = [ "knot.service" ];
description = "Write initial zone file for lasuite.federez";
serviceConfig = {
ExecStart = "${pkgs.coreutils}/bin/cp '${zone-lf}' ${zoneLfFilePath}";
};
wantedBy = [ "multi-user.target" ];
};
}