knot: nearly working state

config/services/knot/default.nix

@@ -1,4 +1,4 @@
-{ config, tf, pkgs, ... }:
+{ config, lib, tf, pkgs, ... }:
 
 {
   kw.secrets = [ "knot-dnsupdate" ];
@@ -14,9 +14,9 @@
     group = "knot";
   };
 
-  /*  environment.etc."katdns/zones/kittywit.ch.zone".text = let
+/*  environment.etc."katdns/zones/kittywit.ch.zone".text = let
     dns = pkgs.dns;
-    in dns.lib.toString "kittywit.ch." (import ./kittywit.ch.nix {inherit dns; }); */
+    in dns.lib.toString "kittywit.ch" (import ./kittywit.ch.nix { inherit dns lib; }); */
 
   services.knot = {
     enable = true;

config/services/knot/kittywit.ch.nix

@@ -1,4 +1,4 @@
-{ dns }:
+{ dns, lib }:
 
 with dns.lib.combinators;
 
@@ -6,11 +6,15 @@ with dns.lib.combinators;
   SOA = {
     nameServer = "ns1";
     adminEmail = "kat@kittywit.ch";
-    serial = 0;
+    serial = 2021083001;
+    ttl = 3600;
   };
 
+  CAA = map (x: x // { ttl = 3600; }) (letsEncrypt "acme@kittywit.ch");
+
   NS = [
     "ns1.kittywit.ch."
-    "ns2.kittywit.ch."
+    "rdns1.benjojo.co.uk."
+    "rdns2.benjojo.co.uk."
   ];
 }

config/services/knot/knot.yaml

@@ -2,20 +2,29 @@ server:
     listen: 0.0.0.0@53
     listen: ::@53
 
+remote:
+  - id: benjojo
+    address: 185.230.223.84
+    address: 2a0c:2f07:4896:666:216:3eff:fedb:c742
+
 acl:
   - id: update_acl
     key: dnsupdate
     address: 0.0.0.0/0
     address: ::/0
     action: update
+  - id: benjojo_acl
+    remote: benjojo
+    action: transfer
 
 zone:
   - domain: kittywit.ch
     semantic-checks: on
-    storage: /etc/katdns/zones/
+    storage: /var/lib/knot/zones/
     file: kittywit.ch.zone
     dnssec-signing: on
-    acl: update_acl
+    notify: benjojo
+    acl: [ benjojo_acl, update_acl ]
 
 log:
   - target: syslog