Knot: Move to trusted.

2026-02-09 20:39:18 -08:00 · 2021-11-06 19:39:44 +00:00 · 2021-11-06 19:39:44 +00:00 · a5f86c69ee
commit a5f86c69ee
parent a105f8fc2e
6 changed files with 2 additions and 122 deletions
--- a/config/hosts/rinnosuke.nix
+++ b/config/hosts/rinnosuke.nix
@ -2,9 +2,8 @@
  imports = with meta; [
    profiles.hardware.oracle.ubuntu
    profiles.network
-    services.knot
    services.nginx
-  ];
+  ] ++ optional (builtins.getEnv "CI_PLATFORM" == "TRUSTED") ../trusted/knot;

  kw.oci = {
    specs = {
--- a/config/services/knot/default.nix
+++ b/config/services/knot/default.nix
@ -1,35 +0,0 @@
-{ config, lib, tf, pkgs, ... }:
-
-{
-  network.dns.enable = false;
-
-  kw.secrets.variables = {
-    katdns-key-config = {
-      path = "secrets/katdns";
-      field = "notes";
-    };
-  };
-
-  network.firewall.public = {
-    tcp.ports = [ 53 ];
-    udp.ports = [ 53 ];
-  };
-
-  /*  environment.etc."katdns/zones/dork.dev.zone".text = let
-    dns = pkgs.dns;
-    in dns.lib.toString "dork.dev" (import ./dork.dev.nix { inherit dns lib; }); */
-
-  secrets.files.katdns-keyfile = {
-    text = "${tf.variables.katdns-key-config.ref}";
-    owner = "knot";
-    group = "knot";
-  };
-
-  services.knot = {
-    enable = true;
-    extraConfig = builtins.readFile ./knot.yaml;
-    keyFiles = [
-      config.secrets.files.katdns-keyfile.path
-    ];
-  };
-}
--- a/config/services/knot/dork.dev.nix
+++ b/config/services/knot/dork.dev.nix
@ -1,20 +0,0 @@
-{ dns, lib }:
-
-with dns.lib.combinators;
-
-{
-  SOA = {
-    nameServer = "ns1";
-    adminEmail = "kat@kittywit.ch";
-    serial = 2021090100;
-    ttl = 3600;
-  };
-
-  CAA = map (x: x // { ttl = 3600; }) (letsEncrypt "acme@kittywit.ch");
-
-  NS = [
-    "ns1.kittywit.ch."
-    "rdns1.benjojo.co.uk."
-    "rdns2.benjojo.co.uk."
-  ];
-}
--- a/config/services/knot/kittywit.ch.nix
+++ b/config/services/knot/kittywit.ch.nix
@ -1,20 +0,0 @@
-{ dns, lib }:
-
-with dns.lib.combinators;
-
-{
-  SOA = {
-    nameServer = "ns1";
-    adminEmail = "kat@kittywit.ch";
-    serial = 2021083001;
-    ttl = 3600;
-  };
-
-  CAA = map (x: x // { ttl = 3600; }) (letsEncrypt "acme@kittywit.ch");
-
-  NS = [
-    "ns1.kittywit.ch."
-    "rdns1.benjojo.co.uk."
-    "rdns2.benjojo.co.uk."
-  ];
-}
--- a/config/services/knot/knot.yaml
+++ b/config/services/knot/knot.yaml
@ -1,44 +0,0 @@
-server:
-    listen: [ 0.0.0.0@53, ::@53 ]
-
-remote:
-  - id: benjojo-1
-    address: [ 185.230.223.84, 2a0c:2f07:4896:666:216:3eff:fedb:c742 ]
-  - id: benjojo-2
-    address: 185.236.240.26
-  - id: benjojo-3
-    address: 185.230.223.7
-
-acl:
-  - id: dnsupdate
-    key: dnsupdate.kittywit.ch.
-    action: update
-  - id: benjojo
-    remote: [ benjojo-1, benjojo-2, benjojo-3 ]
-    action: transfer
-
-zone:
-  - domain: kittywit.ch
-    semantic-checks: on
-    storage: /var/lib/knot/zones/
-    file: kittywit.ch.zone
-    dnssec-signing: on
-    module: mod-stats
-    notify: [ benjojo-1, benjojo-2, benjojo-3 ]
-    zonefile-load: difference
-    acl: [ benjojo, dnsupdate ]
-
-zone:
-  - domain: dork.dev
-    semantic-checks: on
-    storage: /var/lib/knot/zones/
-    file: dork.dev.zone
-    dnssec-signing: on
-    module: mod-stats
-    notify: [ benjojo-1, benjojo-2, benjojo-3 ]
-    zonefile-load: difference
-    acl: [ benjojo, dnsupdate ]
-
-log:
-  - target: syslog
-    any: info
--- a/config/trusted
+++ b/config/trusted
@ -1 +1 @@
-Subproject commit 28ab5ea09292894d50c516bc14213fc62a6e73ee
+Subproject commit b70784634ce12f0c53859767c52e31e6f8e1ead7