summaryrefslogtreecommitdiff
path: root/hosts/surtr/dns/default.nix
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2022-02-22 17:10:20 +0100
committerGregor Kleen <gkleen@yggdrasil.li>2022-02-22 17:10:20 +0100
commit56db0eef6b60891b6320feba397033b68ff3ee56 (patch)
tree43300690be0c3f54954c54ef80f71f11d713e9f4 /hosts/surtr/dns/default.nix
parenta7255ba16633d70c22e8bed75ae52c49f08e1c18 (diff)
downloadnixos-56db0eef6b60891b6320feba397033b68ff3ee56.tar
nixos-56db0eef6b60891b6320feba397033b68ff3ee56.tar.gz
nixos-56db0eef6b60891b6320feba397033b68ff3ee56.tar.bz2
nixos-56db0eef6b60891b6320feba397033b68ff3ee56.tar.xz
nixos-56db0eef6b60891b6320feba397033b68ff3ee56.zip
surtr: dns: open rfc2136 to ymir
Diffstat (limited to 'hosts/surtr/dns/default.nix')
-rw-r--r--hosts/surtr/dns/default.nix16
1 files changed, 13 insertions, 3 deletions
diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix
index 57146d67..dc991b66 100644
--- a/hosts/surtr/dns/default.nix
+++ b/hosts/surtr/dns/default.nix
@@ -23,7 +23,9 @@ let
23 23
24 indentString = indentation: str: concatMapStringsSep "\n" (str: " ${str}") (splitString "\n" (removeSuffix "\n" str)); 24 indentString = indentation: str: concatMapStringsSep "\n" (str: " ${str}") (splitString "\n" (removeSuffix "\n" str));
25 25
26 mkZone = {domain, path ? (./zones + "/${reverseDomain domain}.soa"), acmeDomains ? [domain]}: indentString " " '' 26 mkZone = {domain, path ? (./zones + "/${reverseDomain domain}.soa"), acmeDomains ? [domain], addACLs ? {}}: indentString " " (let
27 keys = acmeDomain: [(assert (config.sops.secrets ? "${acmeDomain}_acme.yaml"); "${acmeDomain}_acme_acl")] ++ (addACLs.${acmeDomain} or []);
28 in ''
27 - domain: ${domain} 29 - domain: ${domain}
28 template: inwx_zone 30 template: inwx_zone
29 ${optionalString (acmeDomains != []) "acl: [local_acl, inwx_acl]"} 31 ${optionalString (acmeDomains != []) "acl: [local_acl, inwx_acl]"}
@@ -31,10 +33,10 @@ let
31 ${concatMapStringsSep "\n" (acmeDomain: '' 33 ${concatMapStringsSep "\n" (acmeDomain: ''
32 - domain: _acme-challenge.${acmeDomain} 34 - domain: _acme-challenge.${acmeDomain}
33 template: acme_zone 35 template: acme_zone
34 acl: [${assert (config.sops.secrets ? "${acmeDomain}_acme.yaml"); "${acmeDomain}_acme_acl"}] 36 acl: [${concatStringsSep ", " (keys acmeDomain)}]
35 file: ${acmeChallengeZonefile acmeDomain} 37 file: ${acmeChallengeZonefile acmeDomain}
36 '') acmeDomains} 38 '') acmeDomains}
37 ''; 39 '');
38in { 40in {
39 config = { 41 config = {
40 fileSystems."/var/lib/knot" = 42 fileSystems."/var/lib/knot" =
@@ -152,21 +154,29 @@ in {
152 zone: 154 zone:
153 ${concatMapStringsSep "\n" mkZone [ 155 ${concatMapStringsSep "\n" mkZone [
154 { domain = "yggdrasil.li"; 156 { domain = "yggdrasil.li";
157 addACLs = { "yggdrasil.li" = ["ymir_acme_acl"]; };
155 } 158 }
156 { domain = "nights.email"; 159 { domain = "nights.email";
160 addACLs = { "nights.email" = ["ymir_acme_acl"]; };
157 } 161 }
158 { domain = "141.li"; 162 { domain = "141.li";
159 acmeDomains = ["webdav.141.li" "141.li"]; 163 acmeDomains = ["webdav.141.li" "141.li"];
164 addACLs = { "141.li" = ["ymir_acme_acl"]; };
160 } 165 }
161 { domain = "kleen.li"; 166 { domain = "kleen.li";
167 addACLs = { "kleen.li" = ["ymir_acme_acl"]; };
162 } 168 }
163 { domain = "xmpp.li"; 169 { domain = "xmpp.li";
170 addACLs = { "xmpp.li" = ["ymir_acme_acl"]; };
164 } 171 }
165 { domain = "dirty-haskell.org"; 172 { domain = "dirty-haskell.org";
173 addACLs = { "dirty-haskell.org" = ["ymir_acme_acl"]; };
166 } 174 }
167 { domain = "praseodym.org"; 175 { domain = "praseodym.org";
176 addACLs = { "praseodym.org" = ["ymir_acme_acl"]; };
168 } 177 }
169 { domain = "rheperire.org"; 178 { domain = "rheperire.org";
179 addACLs = { "rheperire.org" = ["ymir_acme_acl"]; };
170 } 180 }
171 ]} 181 ]}
172 ''; 182 '';