lasuite-federez/nix
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

simplify dns conf

Browse source
This commit is contained in:
asyncnomi 2025-07-27 17:09:23 +02:00
parent 0deb5787fd
commit b40660f025
1 changed files with 18 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

53
shared/dns/knot.nix
View file

@ -14,11 +14,6 @@ let
supportsIPv4 = nd: lib.hasAttr "ip4" nd; supportsIPv4 = nd: lib.hasAttr "ip4" nd;
supportsIPv6 = nd: lib.hasAttr "ip6" nd; supportsIPv6 = nd: lib.hasAttr "ip6" nd;
timestampDerivation = pkgs.runCommand "timestamp" {} ''
echo -n $(date +%s) > $out
'';
timestamp = builtins.readFile timestampDerivation;
# Domain key # Domain key
domainkey = '' domainkey = ''
v=DKIM1; k=rsa; p=${dkim.dkim_pub}''; v=DKIM1; k=rsa; p=${dkim.dkim_pub}'';
@ -126,12 +121,11 @@ let
firstNSDn = "${hostToDomain firstNS}.net."; firstNSDn = "${hostToDomain firstNS}.net.";
# Zone conf # Zone conf
zoneLasuiteFederezNetFilePath = "/var/lib/knot/zones/zone-lasuite-federez-net";
zone-lasuite-federez-net = pkgs.writeText "zone-lasuite-federez-net" '' zone-lasuite-federez-net = pkgs.writeText "zone-lasuite-federez-net" ''
$ORIGIN lasuite.federez.net. $ORIGIN lasuite.federez.net.
$TTL 60 $TTL 60
@ IN SOA ${firstNSDn} monitoring.lasuite.federez.net. ( @ IN SOA ${firstNSDn} monitoring.lasuite.federez.net. (
${timestamp} ; serial 2025072701 ; serial
60 ; refresh 60 ; refresh
60 ; retry 60 ; retry
60 ; expire 60 ; expire
@ -150,12 +144,11 @@ let
default._domainkey IN TXT "${lib.concatStringsSep "\" \"" domainkeySplitted}" default._domainkey IN TXT "${lib.concatStringsSep "\" \"" domainkeySplitted}"
''; '';
zoneLfFilePath = "/var/lib/knot/zones/zone-lf";
zone-lf = pkgs.writeText "zone-lf" '' zone-lf = pkgs.writeText "zone-lf" ''
$ORIGIN lf. $ORIGIN lf.
$TTL 60 $TTL 60
@ IN SOA dns.lf. monitoring.lasuite.federez.net. ( @ IN SOA dns.lf. monitoring.lasuite.federez.net. (
${timestamp} ; serial 2025072701 ; serial
60 ; refresh 60 ; refresh
60 ; retry 60 ; retry
60 ; expire 60 ; expire
@ -174,11 +167,11 @@ in
}; };
}; };
# Ensure the directory exists and is writable # # Ensure the directory exists and is writable
systemd.tmpfiles.rules = [ # systemd.tmpfiles.rules = [
"d /var/lib/knot/zones 0755 knot knot -" # "d /var/lib/knot/zones 0755 knot knot -"
"f /var/lib/knot/zones/zone-lasuite-federez-net 0644 knot knot -" # "f /var/lib/knot/zones/zone-lasuite-federez-net 0644 knot knot -"
]; # ];
# Force complete restart on zone changes # Force complete restart on zone changes
systemd.services.knot = { systemd.services.knot = {
@ -212,13 +205,20 @@ in
acl = acls; acl = acls;
mod-queryacl = modQueryACLs; mod-queryacl = modQueryACLs;
template = [{
id = "default";
zonefile-sync = -1;
journal-content = "all";
serial-policy = "increment";
}];
zone = if myName == mapping.dns.master then [ zone = if myName == mapping.dns.master then [
{ {
domain = "lasuite.federez.net"; domain = "lasuite.federez.net";
file = zoneLasuiteFederezNetFilePath; file = zone-lasuite-federez-net;
dnssec-signing = "on"; dnssec-signing = "on";
dnssec-policy = "default"; dnssec-policy = "default";
zonefile-load = "difference"; zonefile-load = "difference-no-serial";
notify = remotesNames; notify = remotesNames;
acl = remotesACLNames ++ [ acl = remotesACLNames ++ [
"acl_le_challenge" "acl_le_challenge"
@ -226,7 +226,8 @@ in
} }
{ {
domain = "lf"; domain = "lf";
file = zoneLfFilePath; file = zone-lf;
zonefile-load = "difference-no-serial";
notify = remotesNames; notify = remotesNames;
acl = remotesACLNames; acl = remotesACLNames;
module = "mod-queryacl/local"; module = "mod-queryacl/local";
@ -253,22 +254,4 @@ in
]; ];
}; };
}; };
# Write the generated zone file to the writable path
systemd.services.writeLasuiteFederezNetZoneFile = {
before = [ "knot.service" ];
description = "Write initial zone file for lasuite.federez.net";
serviceConfig = {
ExecStart = "${pkgs.coreutils}/bin/cp '${zone-lasuite-federez-net}' ${zoneLasuiteFederezNetFilePath}";
};
wantedBy = [ "multi-user.target" ];
};
systemd.services.writeLfZoneFile = {
before = [ "knot.service" ];
description = "Write initial zone file for lasuite.federez";
serviceConfig = {
ExecStart = "${pkgs.coreutils}/bin/cp '${zone-lf}' ${zoneLfFilePath}";
};
wantedBy = [ "multi-user.target" ];
};
} }