dns.isRoot for @ DNS

depot/modules/home/network.nix

@@ -30,6 +30,16 @@ with lib;
           domain = mkOption {
             type = types.nullOr types.str;
           };
+          out = {
+            identifierList = mkOption {
+              type = types.listOf types.str;
+              default = if config.enable then singleton config.domain ++ config.out.addressList else [ ];
+            };
+            addressList = mkOption {
+              type = types.listOf types.str;
+              default = if config.enable then concatMap (i: optional i.enable i.address) [ config.ipv4 config.ipv6 ] else [ ];
+            };
+          };
         };
       }));
     };
@@ -46,6 +56,7 @@ with lib;
       };
     };
     dns = {
+      isRoot = mkEnableOption "Is this system supposed to be the @ for the domain?";
       email = mkOption {
         type = types.nullOr types.str;
       };

depot/modules/nixos/network.nix

@@ -136,7 +136,24 @@ in {
         domain = v.subdomain;
         aaaa.address = v.ipv6.address;
       }) networksWithDomains;
-    in recordsV4 // recordsV6;
+    in mkMerge [
+      recordsV4
+      recordsV6
+      (mkIf cfg.dns.isRoot {
+        "node_root_${config.networking.hostName}_v4" = {
+          enable = cfg.addresses.public.enable;
+          tld = cfg.dns.tld;
+          domain = "@";
+          a.address = cfg.addresses.public.ipv4.address;
+        };
+        "node_root_${config.networking.hostName}_v6" = {
+          enable = cfg.addresses.public.enable;
+          tld = cfg.dns.tld;
+          domain = "@";
+          aaaa.address = cfg.addresses.public.ipv6.address;
+        };
+      })
+    ];
 
     security.acme.certs = mkIf config.services.nginx.enable (mapAttrs' (n: v:
     nameValuePair "cert_${n}_${config.networking.hostName}" {

depot/services/website/default.nix

@@ -1,6 +1,8 @@
 { config, lib, pkgs, ... }:
 
 {
+  network.dns.isRoot = true;
+
   services.nginx.virtualHosts = {
     "${config.network.dns.domain}" = {
       root = pkgs.kat-website;