diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2022-02-22 17:10:20 +0100 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2022-02-22 17:10:20 +0100 |
commit | 56db0eef6b60891b6320feba397033b68ff3ee56 (patch) | |
tree | 43300690be0c3f54954c54ef80f71f11d713e9f4 /hosts/surtr/dns/default.nix | |
parent | a7255ba16633d70c22e8bed75ae52c49f08e1c18 (diff) | |
download | nixos-56db0eef6b60891b6320feba397033b68ff3ee56.tar nixos-56db0eef6b60891b6320feba397033b68ff3ee56.tar.gz nixos-56db0eef6b60891b6320feba397033b68ff3ee56.tar.bz2 nixos-56db0eef6b60891b6320feba397033b68ff3ee56.tar.xz nixos-56db0eef6b60891b6320feba397033b68ff3ee56.zip |
surtr: dns: open rfc2136 to ymir
Diffstat (limited to 'hosts/surtr/dns/default.nix')
-rw-r--r-- | hosts/surtr/dns/default.nix | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix index 57146d67..dc991b66 100644 --- a/hosts/surtr/dns/default.nix +++ b/hosts/surtr/dns/default.nix | |||
@@ -23,7 +23,9 @@ let | |||
23 | 23 | ||
24 | indentString = indentation: str: concatMapStringsSep "\n" (str: " ${str}") (splitString "\n" (removeSuffix "\n" str)); | 24 | indentString = indentation: str: concatMapStringsSep "\n" (str: " ${str}") (splitString "\n" (removeSuffix "\n" str)); |
25 | 25 | ||
26 | mkZone = {domain, path ? (./zones + "/${reverseDomain domain}.soa"), acmeDomains ? [domain]}: indentString " " '' | 26 | mkZone = {domain, path ? (./zones + "/${reverseDomain domain}.soa"), acmeDomains ? [domain], addACLs ? {}}: indentString " " (let |
27 | keys = acmeDomain: [(assert (config.sops.secrets ? "${acmeDomain}_acme.yaml"); "${acmeDomain}_acme_acl")] ++ (addACLs.${acmeDomain} or []); | ||
28 | in '' | ||
27 | - domain: ${domain} | 29 | - domain: ${domain} |
28 | template: inwx_zone | 30 | template: inwx_zone |
29 | ${optionalString (acmeDomains != []) "acl: [local_acl, inwx_acl]"} | 31 | ${optionalString (acmeDomains != []) "acl: [local_acl, inwx_acl]"} |
@@ -31,10 +33,10 @@ let | |||
31 | ${concatMapStringsSep "\n" (acmeDomain: '' | 33 | ${concatMapStringsSep "\n" (acmeDomain: '' |
32 | - domain: _acme-challenge.${acmeDomain} | 34 | - domain: _acme-challenge.${acmeDomain} |
33 | template: acme_zone | 35 | template: acme_zone |
34 | acl: [${assert (config.sops.secrets ? "${acmeDomain}_acme.yaml"); "${acmeDomain}_acme_acl"}] | 36 | acl: [${concatStringsSep ", " (keys acmeDomain)}] |
35 | file: ${acmeChallengeZonefile acmeDomain} | 37 | file: ${acmeChallengeZonefile acmeDomain} |
36 | '') acmeDomains} | 38 | '') acmeDomains} |
37 | ''; | 39 | ''); |
38 | in { | 40 | in { |
39 | config = { | 41 | config = { |
40 | fileSystems."/var/lib/knot" = | 42 | fileSystems."/var/lib/knot" = |
@@ -152,21 +154,29 @@ in { | |||
152 | zone: | 154 | zone: |
153 | ${concatMapStringsSep "\n" mkZone [ | 155 | ${concatMapStringsSep "\n" mkZone [ |
154 | { domain = "yggdrasil.li"; | 156 | { domain = "yggdrasil.li"; |
157 | addACLs = { "yggdrasil.li" = ["ymir_acme_acl"]; }; | ||
155 | } | 158 | } |
156 | { domain = "nights.email"; | 159 | { domain = "nights.email"; |
160 | addACLs = { "nights.email" = ["ymir_acme_acl"]; }; | ||
157 | } | 161 | } |
158 | { domain = "141.li"; | 162 | { domain = "141.li"; |
159 | acmeDomains = ["webdav.141.li" "141.li"]; | 163 | acmeDomains = ["webdav.141.li" "141.li"]; |
164 | addACLs = { "141.li" = ["ymir_acme_acl"]; }; | ||
160 | } | 165 | } |
161 | { domain = "kleen.li"; | 166 | { domain = "kleen.li"; |
167 | addACLs = { "kleen.li" = ["ymir_acme_acl"]; }; | ||
162 | } | 168 | } |
163 | { domain = "xmpp.li"; | 169 | { domain = "xmpp.li"; |
170 | addACLs = { "xmpp.li" = ["ymir_acme_acl"]; }; | ||
164 | } | 171 | } |
165 | { domain = "dirty-haskell.org"; | 172 | { domain = "dirty-haskell.org"; |
173 | addACLs = { "dirty-haskell.org" = ["ymir_acme_acl"]; }; | ||
166 | } | 174 | } |
167 | { domain = "praseodym.org"; | 175 | { domain = "praseodym.org"; |
176 | addACLs = { "praseodym.org" = ["ymir_acme_acl"]; }; | ||
168 | } | 177 | } |
169 | { domain = "rheperire.org"; | 178 | { domain = "rheperire.org"; |
179 | addACLs = { "rheperire.org" = ["ymir_acme_acl"]; }; | ||
170 | } | 180 | } |
171 | ]} | 181 | ]} |
172 | ''; | 182 | ''; |