diff --git a/shared/dns/knot.nix b/shared/dns/knot.nix index 048f36f..0bef88c 100644 --- a/shared/dns/knot.nix +++ b/shared/dns/knot.nix @@ -14,11 +14,6 @@ let supportsIPv4 = nd: lib.hasAttr "ip4" nd; supportsIPv6 = nd: lib.hasAttr "ip6" nd; - timestampDerivation = pkgs.runCommand "timestamp" {} '' - echo -n $(date +%s) > $out - ''; - timestamp = builtins.readFile timestampDerivation; - # Domain key domainkey = '' v=DKIM1; k=rsa; p=${dkim.dkim_pub}''; @@ -126,12 +121,11 @@ let firstNSDn = "${hostToDomain firstNS}.net."; # Zone conf - zoneLasuiteFederezNetFilePath = "/var/lib/knot/zones/zone-lasuite-federez-net"; zone-lasuite-federez-net = pkgs.writeText "zone-lasuite-federez-net" '' $ORIGIN lasuite.federez.net. $TTL 60 @ IN SOA ${firstNSDn} monitoring.lasuite.federez.net. ( - ${timestamp} ; serial + 2025072701 ; serial 60 ; refresh 60 ; retry 60 ; expire @@ -150,12 +144,11 @@ let default._domainkey IN TXT "${lib.concatStringsSep "\" \"" domainkeySplitted}" ''; - zoneLfFilePath = "/var/lib/knot/zones/zone-lf"; zone-lf = pkgs.writeText "zone-lf" '' $ORIGIN lf. $TTL 60 @ IN SOA dns.lf. monitoring.lasuite.federez.net. ( - ${timestamp} ; serial + 2025072701 ; serial 60 ; refresh 60 ; retry 60 ; expire @@ -174,11 +167,11 @@ in }; }; - # Ensure the directory exists and is writable - systemd.tmpfiles.rules = [ - "d /var/lib/knot/zones 0755 knot knot -" - "f /var/lib/knot/zones/zone-lasuite-federez-net 0644 knot knot -" - ]; + # # Ensure the directory exists and is writable + # systemd.tmpfiles.rules = [ + # "d /var/lib/knot/zones 0755 knot knot -" + # "f /var/lib/knot/zones/zone-lasuite-federez-net 0644 knot knot -" + # ]; # Force complete restart on zone changes systemd.services.knot = { @@ -212,13 +205,20 @@ in acl = acls; mod-queryacl = modQueryACLs; + template = [{ + id = "default"; + zonefile-sync = -1; + journal-content = "all"; + serial-policy = "increment"; + }]; + zone = if myName == mapping.dns.master then [ { domain = "lasuite.federez.net"; - file = zoneLasuiteFederezNetFilePath; + file = zone-lasuite-federez-net; dnssec-signing = "on"; dnssec-policy = "default"; - zonefile-load = "difference"; + zonefile-load = "difference-no-serial"; notify = remotesNames; acl = remotesACLNames ++ [ "acl_le_challenge" @@ -226,7 +226,8 @@ in } { domain = "lf"; - file = zoneLfFilePath; + file = zone-lf; + zonefile-load = "difference-no-serial"; notify = remotesNames; acl = remotesACLNames; module = "mod-queryacl/local"; @@ -253,22 +254,4 @@ in ]; }; }; - - # Write the generated zone file to the writable path - systemd.services.writeLasuiteFederezNetZoneFile = { - before = [ "knot.service" ]; - description = "Write initial zone file for lasuite.federez.net"; - serviceConfig = { - ExecStart = "${pkgs.coreutils}/bin/cp '${zone-lasuite-federez-net}' ${zoneLasuiteFederezNetFilePath}"; - }; - wantedBy = [ "multi-user.target" ]; - }; - systemd.services.writeLfZoneFile = { - before = [ "knot.service" ]; - description = "Write initial zone file for lasuite.federez"; - serviceConfig = { - ExecStart = "${pkgs.coreutils}/bin/cp '${zone-lf}' ${zoneLfFilePath}"; - }; - wantedBy = [ "multi-user.target" ]; - }; } \ No newline at end of file