From d8c6298409a81c46ae8e4f5691f057afd2a2a0ad Mon Sep 17 00:00:00 2001
From: asyncnomi <me@asyncnomi.fr>
Date: Thu, 31 Jul 2025 18:55:44 +0200
Subject: [PATCH] fix spf and soa record

---
 shared/dns/knot.nix | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/shared/dns/knot.nix b/shared/dns/knot.nix
index e2220d0..156c41a 100644
--- a/shared/dns/knot.nix
+++ b/shared/dns/knot.nix
@@ -101,6 +101,14 @@ let
     dnsSecondaryConfigs = lib.filterAttrs (peerName: _peerConfig: lib.elem peerName mapping.dns.secondary) nodes;
     mailConfigs = lib.filterAttrs (peerName: _peerConfig: lib.elem peerName mapping.mail.hosts) nodes;
 
+    # For now lasuite.federez.net will redirect to mail server
+    soaARecords = lib.flatten (lib.mapAttrsToList (hostname: node:
+        lib.optional (supportsIPv4 node) "\tIN A ${rmCidr node.ip4}"
+    ) mailConfigs);
+    soaAAAARecords = lib.flatten (lib.mapAttrsToList (hostname: node:
+        lib.optional (supportsIPv6 node) "\tIN AAAA ${rmCidr node.ip6}"
+    ) mailConfigs);
+
     # Gen A NS
     nsARecords = lib.flatten (lib.mapAttrsToList (hostname: node:
         lib.optional (supportsIPv4 node) "${hostToDomain hostname}.net. IN A ${rmCidr node.ip4}"
@@ -135,6 +143,15 @@ let
     firstNS = builtins.head mapping.dns.secondary;
     firstNSDn = "${hostToDomain firstNS}.net.";
 
+    # Generate SPF record with all mail server IPs
+    spfIpv4Records = lib.flatten (lib.mapAttrsToList (hostname: node:
+        lib.optional (supportsIPv4 node) "ip4:${rmCidr node.ip4}"
+    ) mailConfigs);
+    spfIpv6Records = lib.flatten (lib.mapAttrsToList (hostname: node:
+        lib.optional (supportsIPv6 node) "ip6:${rmCidr node.ip6}"
+    ) mailConfigs);
+    spfRecord = "v=spf1 a:lasuite.federez.net ${builtins.concatStringsSep " " (spfIpv4Records ++ spfIpv6Records)} ~all";
+
     # Zone conf
     zone-lasuite-federez-net = pkgs.writeText "zone-lasuite-federez-net" ''
         $ORIGIN lasuite.federez.net.
@@ -146,10 +163,12 @@ let
                     60 ; expire
                     60 ) ; minimum TTL
 
-            IN  TXT "v=spf1 a:lasuite.federez.net ~all"
+            IN  TXT "${spfRecord}"
 
         ${builtins.concatStringsSep "\n" nsRecords}
         ${builtins.concatStringsSep "\n" mxRecords}
+        ${builtins.concatStringsSep "\n" soaARecords}
+        ${builtins.concatStringsSep "\n" soaAAAARecords}
 
         ${builtins.concatStringsSep "\n" nsARecords}
         ${builtins.concatStringsSep "\n" nsAAAARecords}