From 3dd9c4274c6227cced90c3782dd554c817fec49d Mon Sep 17 00:00:00 2001
From: kat witch <kat@kittywit.ch>
Date: Wed, 1 Sep 2021 22:35:43 +0100
Subject: [PATCH] services/mail: add dork.dev

---
 config/services/knot/default.nix  |  8 +++-
 config/services/knot/dork.dev.nix | 20 ++++++++++
 config/services/knot/knot.yaml    | 11 ++++++
 config/services/mail/default.nix  | 63 ++++++++++++++++---------------
 4 files changed, 70 insertions(+), 32 deletions(-)
 create mode 100644 config/services/knot/dork.dev.nix

diff --git a/config/services/knot/default.nix b/config/services/knot/default.nix
index 6d71ddf0..694b821c 100644
--- a/config/services/knot/default.nix
+++ b/config/services/knot/default.nix
@@ -2,7 +2,7 @@
 
 {
   kw.secrets.variables = {
-    katdns-key = {
+    katdns-key-config = {
       path = "secrets/katdns";
       field = "notes";
     };
@@ -13,8 +13,12 @@
     udp.ports = [ 53 ];
   };
 
+/*  environment.etc."katdns/zones/dork.dev.zone".text = let
+    dns = pkgs.dns;
+    in dns.lib.toString "dork.dev" (import ./dork.dev.nix { inherit dns lib; }); */
+
   secrets.files.katdns-keyfile = {
-    text = "${tf.variables.katdns-key.ref}";
+    text = "${tf.variables.katdns-key-config.ref}";
     owner = "knot";
     group = "knot";
   };
diff --git a/config/services/knot/dork.dev.nix b/config/services/knot/dork.dev.nix
new file mode 100644
index 00000000..062f23bb
--- /dev/null
+++ b/config/services/knot/dork.dev.nix
@@ -0,0 +1,20 @@
+{ dns, lib }:
+
+with dns.lib.combinators;
+
+{
+  SOA = {
+    nameServer = "ns1";
+    adminEmail = "kat@kittywit.ch";
+    serial = 2021090100;
+    ttl = 3600;
+  };
+
+  CAA = map (x: x // { ttl = 3600; }) (letsEncrypt "acme@kittywit.ch");
+
+  NS = [
+    "ns1.kittywit.ch."
+    "rdns1.benjojo.co.uk."
+    "rdns2.benjojo.co.uk."
+  ];
+}
diff --git a/config/services/knot/knot.yaml b/config/services/knot/knot.yaml
index 5ec3f3a1..89221a8c 100644
--- a/config/services/knot/knot.yaml
+++ b/config/services/knot/knot.yaml
@@ -28,6 +28,17 @@ zone:
     zonefile-load: difference
     acl: [ benjojo, dnsupdate ]
 
+zone:
+  - domain: dork.dev
+    semantic-checks: on
+    storage: /var/lib/knot/zones/
+    file: dork.dev.zone
+    dnssec-signing: on
+    module: mod-stats
+    notify: [ benjojo-1, benjojo-2, benjojo-3 ]
+    zonefile-load: difference
+    acl: [ benjojo, dnsupdate ]
+
 log:
   - target: syslog
     any: info
diff --git a/config/services/mail/default.nix b/config/services/mail/default.nix
index 843ceea8..f2e0fbf2 100644
--- a/config/services/mail/default.nix
+++ b/config/services/mail/default.nix
@@ -2,47 +2,50 @@
 
 with lib;
 
-{
+let
+  domains = [ "kittywitch" "dork" ];
+in {
   imports = [ sources.nixos-mailserver.outPath ];
 
-  kw.secrets.variables = (mapListToAttrs (field:
+  kw.secrets.variables = listToAttrs (map (field:
     nameValuePair "mail-${field}-hash" {
       path = "secrets/mail-kittywitch";
       field = "${field}-hash";
     }) ["gitea" "kat"]
-    // {
-      mail-domainkey-kitty = {
-        path = "secrets/mail-kittywitch";
+    ++ map (domain:
+      nameValuePair "mail-domainkey-${domain}" {
+        path = "secrets/mail-${domain}";
         field = "notes";
+      }) domains);
+
+  deploy.tf.dns.records = lib.mkMerge (map (domain: let
+      zoneGet = domain: if domain == "dork" then "dork.dev." else config.network.dns.zone;
+    in {
+      "services_mail_${domain}_mx" = {
+        zone = zoneGet domain;
+        mx = {
+          priority = 10;
+          target = "${config.network.addresses.public.domain}.";
+        };
       };
-    });
 
-  deploy.tf.dns.records.services_mail_mx = {
-    tld = config.network.dns.tld;
-    domain = "@";
-    mx = {
-      priority = 10;
-      target = "${config.network.addresses.public.domain}.";
-    };
-  };
+      "services_mail_${domain}_spf" = {
+        zone = zoneGet domain;
+        txt.value = "v=spf1 ip4:${config.network.addresses.public.nixos.ipv4.address} ip6:${config.network.addresses.public.nixos.ipv6.address} -all";
+      };
 
-  deploy.tf.dns.records.services_mail_spf = {
-    tld = config.network.dns.tld;
-    domain = "@";
-    txt.value = "v=spf1 ip4:${config.network.addresses.public.nixos.ipv4.address} ip6:${config.network.addresses.public.nixos.ipv6.address} -all";
-  };
+      "services_mail_${domain}_dmarc" = {
+        zone = zoneGet domain;
+        domain = "_dmarc";
+        txt.value = "v=DMARC1; p=none";
+      };
 
-  deploy.tf.dns.records.services_mail_dmarc = {
-    tld = config.network.dns.tld;
-    domain = "_dmarc";
-    txt.value = "v=DMARC1; p=none";
-  };
-
-  deploy.tf.dns.records.services_mail_domainkey = {
-    tld = config.network.dns.tld;
-    domain = "mail._domainkey";
-    txt.value = tf.variables.mail-domainkey-kitty.ref;
-  };
+      "services_mail_${domain}_domainkey" = {
+        zone = zoneGet domain;
+        domain = "mail._domainkey";
+        txt.value = tf.variables."mail-domainkey-${domain}".ref;
+      };
+    }) domains);
 
   secrets.files = {
     mail-kat-hash = {