gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

knot + rfc2136

Browse source
This commit is contained in:
kat witch 2021-08-30 22:34:38 +01:00
parent bf369e6496
commit bbdc56ab5d
No known key found for this signature in database
GPG key ID: 1B477797DCA5EC72
4 changed files with 16 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

2
config/modules/nixos/dyndns.nix
View file

@ -7,7 +7,7 @@ with lib;
network.dns.dynamic = mkEnableOption "Enable Glauca Dynamic DNS Updater";
};
config = mkIf (config.network.dns.dynamic) {
config = mkIf (false) {
kw.secrets = [
"hexdns-key"
"hexdns-secret"

13
config/services/knot/knot.yaml
View file

@ -6,14 +6,14 @@ remote:
- id: benjojo
address: 185.230.223.84
address: 2a0c:2f07:4896:666:216:3eff:fedb:c742
address: 185.236.240.26
address: 185.230.223.7
acl:
- id: update_acl
key: dnsupdate
address: 0.0.0.0/0
address: ::/0
- id: dnsupdate
key: dnsupdate.kittywit.ch.
action: update
- id: benjojo_acl
- id: benjojo
remote: benjojo
action: transfer
@ -24,7 +24,8 @@ zone:
file: kittywit.ch.zone
dnssec-signing: on
notify: benjojo
acl: [ benjojo_acl, update_acl ]
zonefile-load: difference
acl: [ benjojo, dnsupdate ]
log:
- target: syslog

6
config/services/nginx/default.nix
View file

@ -5,10 +5,10 @@ with lib;
{
secrets.files.dns_creds = {
text = ''
RFC2136_NAMESERVER='ns1.as207960.net'
RFC2136_NAMESERVER='${tf.variables.katdns-addr.ref}'
RFC2136_TSIG_ALGORITHM='hmac-sha512.'
RFC2136_TSIG_KEY='${tf.variables.rfc2136-key.ref}'
RFC2136_TSIG_SECRET='${tf.variables.rfc2136-secret.ref}'
RFC2136_TSIG_KEY='${tf.variables.katdns-name.ref}'
RFC2136_TSIG_SECRET='${tf.variables.katdns-key.ref}'
'';
};

8
config/targets/common/default.nix
View file

@ -12,10 +12,12 @@
externalSecret = true;
};
variables.katdns-addr = {
externalSecret = true;
};
variables.katdns-name = {
externalSecret = true;
};
variables.katdns-key = {
externalSecret = true;
};
@ -23,8 +25,8 @@
providers.katdns = {
type = "dns";
inputs.update = {
server = "ns1.kittywit.ch";
key_name = "kittywit.ch.";
server = config.variables.katdns-addr.ref;
key_name = config.variables.katdns-name.ref;
key_secret = config.variables.katdns-key.ref;
key_algorithm = "hmac-sha512";
};