From a5f86c69eef8f48b69f50e096381bf315449f305 Mon Sep 17 00:00:00 2001 From: kat witch Date: Sat, 6 Nov 2021 19:39:44 +0000 Subject: [PATCH] Knot: Move to trusted. --- config/hosts/rinnosuke.nix | 3 +- config/services/knot/default.nix | 35 ---------------------- config/services/knot/dork.dev.nix | 20 ------------- config/services/knot/kittywit.ch.nix | 20 ------------- config/services/knot/knot.yaml | 44 ---------------------------- config/trusted | 2 +- 6 files changed, 2 insertions(+), 122 deletions(-) delete mode 100644 config/services/knot/default.nix delete mode 100644 config/services/knot/dork.dev.nix delete mode 100644 config/services/knot/kittywit.ch.nix delete mode 100644 config/services/knot/knot.yaml diff --git a/config/hosts/rinnosuke.nix b/config/hosts/rinnosuke.nix index 521b9640..f6501ec6 100644 --- a/config/hosts/rinnosuke.nix +++ b/config/hosts/rinnosuke.nix @@ -2,9 +2,8 @@ imports = with meta; [ profiles.hardware.oracle.ubuntu profiles.network - services.knot services.nginx - ]; + ] ++ optional (builtins.getEnv "CI_PLATFORM" == "TRUSTED") ../trusted/knot; kw.oci = { specs = { diff --git a/config/services/knot/default.nix b/config/services/knot/default.nix deleted file mode 100644 index 6fd10c4b..00000000 --- a/config/services/knot/default.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ config, lib, tf, pkgs, ... }: - -{ - network.dns.enable = false; - - kw.secrets.variables = { - katdns-key-config = { - path = "secrets/katdns"; - field = "notes"; - }; - }; - - network.firewall.public = { - tcp.ports = [ 53 ]; - udp.ports = [ 53 ]; - }; - - /* environment.etc."katdns/zones/dork.dev.zone".text = let - dns = pkgs.dns; - in dns.lib.toString "dork.dev" (import ./dork.dev.nix { inherit dns lib; }); */ - - secrets.files.katdns-keyfile = { - text = "${tf.variables.katdns-key-config.ref}"; - owner = "knot"; - group = "knot"; - }; - - services.knot = { - enable = true; - extraConfig = builtins.readFile ./knot.yaml; - keyFiles = [ - config.secrets.files.katdns-keyfile.path - ]; - }; -} diff --git a/config/services/knot/dork.dev.nix b/config/services/knot/dork.dev.nix deleted file mode 100644 index 062f23bb..00000000 --- a/config/services/knot/dork.dev.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ dns, lib }: - -with dns.lib.combinators; - -{ - SOA = { - nameServer = "ns1"; - adminEmail = "kat@kittywit.ch"; - serial = 2021090100; - ttl = 3600; - }; - - CAA = map (x: x // { ttl = 3600; }) (letsEncrypt "acme@kittywit.ch"); - - NS = [ - "ns1.kittywit.ch." - "rdns1.benjojo.co.uk." - "rdns2.benjojo.co.uk." - ]; -} diff --git a/config/services/knot/kittywit.ch.nix b/config/services/knot/kittywit.ch.nix deleted file mode 100644 index 65d1c870..00000000 --- a/config/services/knot/kittywit.ch.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ dns, lib }: - -with dns.lib.combinators; - -{ - SOA = { - nameServer = "ns1"; - adminEmail = "kat@kittywit.ch"; - serial = 2021083001; - ttl = 3600; - }; - - CAA = map (x: x // { ttl = 3600; }) (letsEncrypt "acme@kittywit.ch"); - - NS = [ - "ns1.kittywit.ch." - "rdns1.benjojo.co.uk." - "rdns2.benjojo.co.uk." - ]; -} diff --git a/config/services/knot/knot.yaml b/config/services/knot/knot.yaml deleted file mode 100644 index 89221a8c..00000000 --- a/config/services/knot/knot.yaml +++ /dev/null @@ -1,44 +0,0 @@ -server: - listen: [ 0.0.0.0@53, ::@53 ] - -remote: - - id: benjojo-1 - address: [ 185.230.223.84, 2a0c:2f07:4896:666:216:3eff:fedb:c742 ] - - id: benjojo-2 - address: 185.236.240.26 - - id: benjojo-3 - address: 185.230.223.7 - -acl: - - id: dnsupdate - key: dnsupdate.kittywit.ch. - action: update - - id: benjojo - remote: [ benjojo-1, benjojo-2, benjojo-3 ] - action: transfer - -zone: - - domain: kittywit.ch - semantic-checks: on - storage: /var/lib/knot/zones/ - file: kittywit.ch.zone - dnssec-signing: on - module: mod-stats - notify: [ benjojo-1, benjojo-2, benjojo-3 ] - zonefile-load: difference - acl: [ benjojo, dnsupdate ] - -zone: - - domain: dork.dev - semantic-checks: on - storage: /var/lib/knot/zones/ - file: dork.dev.zone - dnssec-signing: on - module: mod-stats - notify: [ benjojo-1, benjojo-2, benjojo-3 ] - zonefile-load: difference - acl: [ benjojo, dnsupdate ] - -log: - - target: syslog - any: info diff --git a/config/trusted b/config/trusted index 28ab5ea0..b7078463 160000 --- a/config/trusted +++ b/config/trusted @@ -1 +1 @@ -Subproject commit 28ab5ea09292894d50c516bc14213fc62a6e73ee +Subproject commit b70784634ce12f0c53859767c52e31e6f8e1ead7