negative trust anchors

author: Gregor Kleen <gkleen@yggdrasil.li> 2018-08-06 14:40:37 +0200
committer: Gregor Kleen <gkleen@yggdrasil.li> 2018-08-06 14:40:37 +0200
commit: d07e7535a9968e0061d2236e3c4efa7c3b64115c (patch)
tree: 1374b43ac56d4d02aeb9e522ab59c3c74bf8f80c /hel.nix
parent: 2994652970e30805a9ebcc1eab62b5bc04901123 (diff)
download: nixos-d07e7535a9968e0061d2236e3c4efa7c3b64115c.tar
nixos-d07e7535a9968e0061d2236e3c4efa7c3b64115c.tar.gz
nixos-d07e7535a9968e0061d2236e3c4efa7c3b64115c.tar.bz2
nixos-d07e7535a9968e0061d2236e3c4efa7c3b64115c.tar.xz
nixos-d07e7535a9968e0061d2236e3c4efa7c3b64115c.zip
1 files changed, 26 insertions, 6 deletions
diff --git a/hel.nix b/hel.nix
index d735a365..b08cf633 100644
--- a/hel.nix
+++ b/hel.nix
@@ -569,12 +569,32 @@
    '';
  };
-  systemd.network.networks."yggdrasil" = {
+  environment.etc."dnssec-trust-anchors.d/local-ip.negative".text = ''
-    name = "yggdrasil";
+    10.in-addr.arpa
-    networkConfig = {
+    16.172.in-addr.arpa
-      DNSSECNegativeTrustAnchors = [ "10.in-addr.arpa" "yggdrasil" "168.192.in-addr.arpa" "box" ];
+    17.172.in-addr.arpa
-    };
+    18.172.in-addr.arpa
-  };
+    19.172.in-addr.arpa
+    20.172.in-addr.arpa
+    21.172.in-addr.arpa
+    22.172.in-addr.arpa
+    23.172.in-addr.arpa
+    24.172.in-addr.arpa
+    25.172.in-addr.arpa
+    26.172.in-addr.arpa
+    27.172.in-addr.arpa
+    28.172.in-addr.arpa
+    29.172.in-addr.arpa
+    30.172.in-addr.arpa
+    31.172.in-addr.arpa
+    168.192.in-addr.arpa
+    d.f.ip6.arpa
+  '';
+  environment.etc."dnssec-trust-anchors.d/local-domains.negative" = ''
+    yggdrasil
+    box
+  '';
  system = {
    stateVersion = "16.09";
author	Gregor Kleen <gkleen@yggdrasil.li>	2018-08-06 14:40:37 +0200
committer	Gregor Kleen <gkleen@yggdrasil.li>	2018-08-06 14:40:37 +0200
commit	d07e7535a9968e0061d2236e3c4efa7c3b64115c (patch)
tree	1374b43ac56d4d02aeb9e522ab59c3c74bf8f80c /hel.nix
parent	2994652970e30805a9ebcc1eab62b5bc04901123 (diff)
download	nixos-d07e7535a9968e0061d2236e3c4efa7c3b64115c.tar nixos-d07e7535a9968e0061d2236e3c4efa7c3b64115c.tar.gz nixos-d07e7535a9968e0061d2236e3c4efa7c3b64115c.tar.bz2 nixos-d07e7535a9968e0061d2236e3c4efa7c3b64115c.tar.xz nixos-d07e7535a9968e0061d2236e3c4efa7c3b64115c.zip

diff --git a/hel.nix b/hel.nix index d735a365..b08cf633 100644 --- a/hel.nix +++ b/hel.nix
@@ -569,12 +569,32 @@
569	'';	569	'';
570	};	570	};
571		571
572	systemd.network.networks."yggdrasil" = {	572	environment.etc."dnssec-trust-anchors.d/local-ip.negative".text = ''
573	name = "yggdrasil";	573	10.in-addr.arpa
574	networkConfig = {	574	16.172.in-addr.arpa
575	DNSSECNegativeTrustAnchors = [ "10.in-addr.arpa" "yggdrasil" "168.192.in-addr.arpa" "box" ];	575	17.172.in-addr.arpa
576	};	576	18.172.in-addr.arpa
577	};	577	19.172.in-addr.arpa
		578	20.172.in-addr.arpa
		579	21.172.in-addr.arpa
		580	22.172.in-addr.arpa
		581	23.172.in-addr.arpa
		582	24.172.in-addr.arpa
		583	25.172.in-addr.arpa
		584	26.172.in-addr.arpa
		585	27.172.in-addr.arpa
		586	28.172.in-addr.arpa
		587	29.172.in-addr.arpa
		588	30.172.in-addr.arpa
		589	31.172.in-addr.arpa
		590	168.192.in-addr.arpa
		591	d.f.ip6.arpa
		592	'';
		593
		594	environment.etc."dnssec-trust-anchors.d/local-domains.negative" = ''
		595	yggdrasil
		596	box
		597	'';
578		598
579	system = {	599	system = {
580	stateVersion = "16.09";	600	stateVersion = "16.09";