vidhar: ddns

author: Gregor Kleen <gkleen@yggdrasil.li> 2022-03-15 16:37:42 +0100
committer: Gregor Kleen <gkleen@yggdrasil.li> 2022-03-15 16:37:42 +0100
commit: 366cf64e848eebea98f9d9bb95e623597af74669 (patch)
tree: 949daf1e7b58ce2370b16663fb535ca10bc46bf1 /hosts/vidhar/dns
parent: 6dd45923b4bba68eb08b9d3ec43dc924734dd8c8 (diff)
download: nixos-366cf64e848eebea98f9d9bb95e623597af74669.tar
nixos-366cf64e848eebea98f9d9bb95e623597af74669.tar.gz
nixos-366cf64e848eebea98f9d9bb95e623597af74669.tar.bz2
nixos-366cf64e848eebea98f9d9bb95e623597af74669.tar.xz
nixos-366cf64e848eebea98f9d9bb95e623597af74669.zip
10 files changed, 247 insertions, 0 deletions
diff --git a/hosts/vidhar/dns/Gupfile b/hosts/vidhar/dns/Gupfile
new file mode 100644
index 00000000..ac96f620
--- /dev/null
+++ b/hosts/vidhar/dns/Gupfile
@@ -0,0 +1,2 @@
+key.gup:
+  keys/*.yaml
+\ No newline at end of file
diff --git a/hosts/vidhar/dns/default.nix b/hosts/vidhar/dns/default.nix
new file mode 100644
index 00000000..19a121f6
--- /dev/null
+++ b/hosts/vidhar/dns/default.nix
@@ -0,0 +1,127 @@
+{ config, lib, pkgs, ... }:
+with lib;
+let
+  knotKeys = let
+    dir = ./keys;
+    toKeyInfo = name: v:
+      if v == "regular" || v == "symlink"
+      then { path = dir + "/${name}"; inherit name; }
+      else null;
+  in filter (v: v != null) (mapAttrsToList toKeyInfo (builtins.readDir dir));
+in {
+  config = {
+    services.unbound = {
+      enable = true;
+      resolveLocalQueries = false;
+      stateDir = "/var/lib/unbound";
+      localControlSocketPath = "/run/unbound/unbound.ctl";
+      settings = {
+        server = {
+          interface = ["127.0.0.1" "10.141.0.1" "::0"];
+          prefer-ip6 = true;
+          access-control = ["0.0.0.0/0 allow" "::/0 allow"];
+          root-hints = "${pkgs.dns-root-data}/root.hints";
+          num-threads = 12;
+          so-reuseport = true;
+          msg-cache-slabs = 16;
+          rrset-cache-slabs = 16;
+          infra-cache-slabs = 16;
+          key-cache-slabs = 16;
+          rrset-cache-size = "100m";
+          msg-cache-size = "50m";
+          outgoing-range = 8192;
+          num-queries-per-thread = 4096;
+          so-rcvbuf = "4m";
+          so-sndbuf = "4m";
+          # serve-expired = true;
+          # serve-expired-ttl = 86400;
+          # serve-expired-reply-ttl = 0;
+          prefetch = true;
+          prefetch-key = true;
+          minimal-responses = false;
+          extended-statistics = true;
+          rrset-roundrobin = true;
+          use-caps-for-id = true;
+          local-zone = [
+            "141.10.in-addr.arpa transparent"
+            "yggdrasil transparent"
+          ];
+          domain-insecure = [
+            "141.10.in-addr.arpa"
+            "yggdrasil"
+          ];
+        };
+        stub-zone = map (name: {
+          inherit name;
+          stub-addr = "127.0.0.1@5353";
+          stub-first = true;
+          stub-no-cache = true;
+          stub-prime = false;
+        }) ["yggdrasil" "lan.yggdrasil" "mgmt.yggdrasil" "arpa.in-addr.10.141" "arpa.in-addr.10.141.0" "arpa.in-addr.10.141.1"];
+      };
+    };
+    services.knot = {
+      enable = true;
+      keyFiles = map ({name, ...}: config.sops.secrets.${name}.path) knotKeys;
+      extraConfig = ''
+        server:
+          listen: 127.0.0.1@5353
+          listen: ::1@5353
+        acl:
+          - id: local_acl
+            key: local_key
+            action: update
+        template:
+          - id: local_zone
+            storage: /var/lib/knot
+            zonefile-sync: -1
+            zonefile-load: difference-no-serial
+            serial-policy: dateserial
+            journal-content: all
+            semantic-checks: on
+            acl: [local_acl]
+        zone:
+          - domain: yggdrasil
+            template: local_zone
+            file: ${./zones/yggdrasil.soa}
+          - domain: lan.yggdrasil
+            template: local_zone
+            file: ${./zones/yggdrasil.lan.soa}
+          - domain: mgmt.yggdrasil
+            template: local_zone
+            file: ${./zones/yggdrasil.mgmt.soa}
+          - domain: 141.10.in-addr.arpa
+            template: local_zone
+            file: ${./zones/arpa.in-addr.10.141.soa}
+          - domain: 0.141.10.in-addr.arpa
+            template: local_zone
+            file: ${./zones/arpa.in-addr.10.141.0.soa}
+          - domain: 1.141.10.in-addr.arpa
+            template: local_zone
+            file: ${./zones/arpa.in-addr.10.141.1.soa}
+      '';
+    };
+    sops.secrets = listToAttrs (map ({name, path}: nameValuePair name {
+      format = "binary";
+      owner = "knot";
+      sopsFile = path;
+    }) knotKeys);
+  };
+}
diff --git a/hosts/vidhar/dns/key.gup b/hosts/vidhar/dns/key.gup
new file mode 100644
index 00000000..83c36b0e
--- /dev/null
+++ b/hosts/vidhar/dns/key.gup
@@ -0,0 +1,6 @@
+#!/usr/bin/env zsh
+keyName=${${2:t}%.yaml}_key
+keymgr -t ${keyName} > $1
+sops -p 'A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362,30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51' --input-type=binary --output-type=binary -e -i $1
diff --git a/hosts/vidhar/dns/keys/local.yaml b/hosts/vidhar/dns/keys/local.yaml
new file mode 100644
index 00000000..e66f4b61
--- /dev/null
+++ b/hosts/vidhar/dns/keys/local.yaml
@@ -0,0 +1,26 @@
+{
+        "data": "ENC[AES256_GCM,data:hpWdnmsmBmO01PkTlmRLHdmXrPX6POuU/PWrOUMgH6glThzsFdk84tskUExnsl3N39ryCmgZwotIZ8zCWduPBn+nN3VTEP5Z4xltC8I82C6F283gWC3gxpTXFSwF7JetRM5uBQV0FFd9iXHUySEHdzoRqsGuZTMYdT44Bm6gGQHyt7N3/EeLHyJKa7MH+SLLznjlaTnmrAxEyGP8Talda0s/mkh4nRqQnbxX6aOTQpQ=,iv:eRQuxRNQGU2Zwudaqjr+QvLLpJ5QqrjvAN/uL6x8hUs=,tag:CYEt1K+gOGiOX9qQR/Q9jw==,type:str]",
+        "sops": {
+                "kms": null,
+                "gcp_kms": null,
+                "azure_kv": null,
+                "hc_vault": null,
+                "age": null,
+                "lastmodified": "2022-03-15T13:30:32Z",
+                "mac": "ENC[AES256_GCM,data:PG4ywF/U6ITmdRB4OU5uXu54YabYt9Yyy2oYEMx0XpMlpKWH5bmg2qQNFakxBD6wCy2H6e3LmwcUl2N692crm3n/qQRNPQ0ETHVlaPlRFG85tiz/Ngi6tasoKG+ciLAXMy05c+yY6oENN7grm1TTMZRGSIyxo27ZU+k4kmz4eVM=,iv:fluwCnXHAJ/z2oGWCLXbjooymXbViPrZdVJOnoSrn1g=,tag:QtNGIKMBDtKnb3JPuRqmiA==,type:str]",
+                "pgp": [
+                        {
+                                "created_at": "2022-03-15T13:30:31Z",
+                                "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DbYDvGI0HDr0SAQdAQAK54tXtgsLn6MmWQC/4irGRJd160lpAxCIT+nt/MBUw\nznjpLnbZXSft1RQI6/B95udkm0U/MBKt7wSMe9I/Po44qJrqHqb4jofz6NCeqxD3\n0l4Bl/DpnWfam9knZFQ9NIEaKYWXSmVuxVduhpYYGopXUrKol8BVTdXU6qHaPKgV\nQc72FvezgyHngZwXNEggvS1IWPq4m6pamLi77e8hNGiQx5CiaFXWwCP4gY6A80pS\n=FNi5\n-----END PGP MESSAGE-----\n",
+                                "fp": "A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362"
+                        },
+                        {
+                                "created_at": "2022-03-15T13:30:31Z",
+                                "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA+/lLWPxgadpnWQlbAVbdzpbevoVKuaGrQmp79m4wKycw\nBeErMZugDNzHWXkTHXez5SpS94RYlGzhLcVLGfMg7C0h3wN192QaMrcH01udnjhK\n0l4BRYt9+9CCZL+Nb/ss+BIyOAFCZi2RkwzvXl9wVk+mb1As9/UYml9zqh/juU5F\nBZXqwNPA5RSNCoB0wy3A5yIB3uniMuYczTs67VHJ5cw2VVSQvXF5zue90i2F4mC4\n=IsU1\n-----END PGP MESSAGE-----\n",
+                                "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
+                        }
+                ],
+                "unencrypted_suffix": "_unencrypted",
+                "version": "3.7.1"
+        }
+}
+\ No newline at end of file
diff --git a/hosts/vidhar/dns/zones/arpa.in-addr.10.141.0.soa b/hosts/vidhar/dns/zones/arpa.in-addr.10.141.0.soa
new file mode 100644
index 00000000..75e6b3a8
--- /dev/null
+++ b/hosts/vidhar/dns/zones/arpa.in-addr.10.141.0.soa
@@ -0,0 +1,12 @@
+$ORIGIN 0.141.10.in-addr.arpa.
+$TTL 300
+@ IN SOA vidhar.lan.yggdrasil. root.yggdrasil.li. (
+  2022031504 ; serial
+  300        ; refresh
+  300        ; retry
+  300        ; expire
+  300        ; min TTL
+)
+        IN      NS      vidhar.lan.yggdrasil.
+1       IN      PTR     vidhar.lan.yggdrasil.
diff --git a/hosts/vidhar/dns/zones/arpa.in-addr.10.141.1.soa b/hosts/vidhar/dns/zones/arpa.in-addr.10.141.1.soa
new file mode 100644
index 00000000..2d535d56
--- /dev/null
+++ b/hosts/vidhar/dns/zones/arpa.in-addr.10.141.1.soa
@@ -0,0 +1,14 @@
+$ORIGIN 1.141.10.in-addr.arpa.
+$TTL 300
+@ IN SOA vidhar.mgmt.yggdrasil. root.yggdrasil.li. (
+  2022031505 ; serial
+  300        ; refresh
+  300        ; retry
+  300        ; expire
+  300        ; min TTL
+)
+        IN      NS      vidhar.mgmt.yggdrasil.
+1       IN      PTR     vidhar.mgmt.yggdrasil.
+2       IN      PTR     switch01.mgmt.yggdrasil.
+4       IN      PTR     ap01.mgmt.yggdrasil.
diff --git a/hosts/vidhar/dns/zones/arpa.in-addr.10.141.soa b/hosts/vidhar/dns/zones/arpa.in-addr.10.141.soa
new file mode 100644
index 00000000..ea5a35f3
--- /dev/null
+++ b/hosts/vidhar/dns/zones/arpa.in-addr.10.141.soa
@@ -0,0 +1,11 @@
+$ORIGIN 141.10.in-addr.arpa.
+$TTL 300
+@ IN SOA vidhar.lan.yggdrasil. root.yggdrasil.li. (
+  2022031505 ; serial
+  300        ; refresh
+  300        ; retry
+  300        ; expire
+  300        ; min TTL
+)
+        IN      NS      vidhar.lan.yggdrasil.
diff --git a/hosts/vidhar/dns/zones/yggdrasil.lan.soa b/hosts/vidhar/dns/zones/yggdrasil.lan.soa
new file mode 100644
index 00000000..c58b9a13
--- /dev/null
+++ b/hosts/vidhar/dns/zones/yggdrasil.lan.soa
@@ -0,0 +1,13 @@
+$ORIGIN lan.yggdrasil.
+$TTL 300
+@ IN SOA vidhar.lan.yggdrasil. root.yggdrasil.li. (
+  2022031504 ; serial
+  300        ; refresh
+  300        ; retry
+  300        ; expire
+  300        ; min TTL
+)
+        IN      NS      vidhar.lan.yggdrasil.
+vidhar  IN      A       10.141.0.1
diff --git a/hosts/vidhar/dns/zones/yggdrasil.mgmt.soa b/hosts/vidhar/dns/zones/yggdrasil.mgmt.soa
new file mode 100644
index 00000000..8a630a9a
--- /dev/null
+++ b/hosts/vidhar/dns/zones/yggdrasil.mgmt.soa
@@ -0,0 +1,15 @@
+$ORIGIN mgmt.yggdrasil.
+$TTL 300
+@ IN SOA vidhar.mgmt.yggdrasil. root.yggdrasil.li. (
+  2022031505 ; serial
+  300        ; refresh
+  300        ; retry
+  300        ; expire
+  300        ; min TTL
+)
+                IN      NS      vidhar.mgmt.yggdrasil.
+vidhar          IN      A       10.141.1.1
+switch01        IN      A       10.141.1.2
+ap01            IN      A       10.141.1.4
diff --git a/hosts/vidhar/dns/zones/yggdrasil.soa b/hosts/vidhar/dns/zones/yggdrasil.soa
new file mode 100644
index 00000000..6e66a063
--- /dev/null
+++ b/hosts/vidhar/dns/zones/yggdrasil.soa
@@ -0,0 +1,21 @@
+$ORIGIN yggdrasil.
+$TTL 300
+@ IN SOA vidhar.yggdrasil. root.yggdrasil.li. (
+  2022031504 ; serial
+  300        ; refresh
+  300        ; retry
+  300        ; expire
+  300        ; min TTL
+)
+                IN      NS      vidhar.yggdrasil.
+surtr           IN      AAAA    2a03:4000:52:ada:1::
+vidhar          IN      AAAA    2a03:4000:52:ada:1:1::
+sif             IN      AAAA    2a03:4000:52:ada:1:2::
+grafana.vidhar  IN      CNAME   vidhar.yggdrasil.
+vidhar.lan      IN      A       10.141.0.1
+vidhar.mgmt     IN      A       10.141.1.1
author	Gregor Kleen <gkleen@yggdrasil.li>	2022-03-15 16:37:42 +0100
committer	Gregor Kleen <gkleen@yggdrasil.li>	2022-03-15 16:37:42 +0100
commit	366cf64e848eebea98f9d9bb95e623597af74669 (patch)
tree	949daf1e7b58ce2370b16663fb535ca10bc46bf1 /hosts/vidhar/dns
parent	6dd45923b4bba68eb08b9d3ec43dc924734dd8c8 (diff)
download	nixos-366cf64e848eebea98f9d9bb95e623597af74669.tar nixos-366cf64e848eebea98f9d9bb95e623597af74669.tar.gz nixos-366cf64e848eebea98f9d9bb95e623597af74669.tar.bz2 nixos-366cf64e848eebea98f9d9bb95e623597af74669.tar.xz nixos-366cf64e848eebea98f9d9bb95e623597af74669.zip

diff --git a/hosts/vidhar/dns/Gupfile b/hosts/vidhar/dns/Gupfile new file mode 100644 index 00000000..ac96f620 --- /dev/null +++ b/hosts/vidhar/dns/Gupfile
@@ -0,0 +1,2 @@
	1	key.gup:
	2	keys/*.yaml \ No newline at end of file


diff --git a/hosts/vidhar/dns/default.nix b/hosts/vidhar/dns/default.nix new file mode 100644 index 00000000..19a121f6 --- /dev/null +++ b/hosts/vidhar/dns/default.nix
@@ -0,0 +1,127 @@
	1	{ config, lib, pkgs, ... }:
	2
	3	with lib;
	4
	5	let
	6	knotKeys = let
	7	dir = ./keys;
	8	toKeyInfo = name: v:
	9	if v == "regular" \|\| v == "symlink"
	10	then { path = dir + "/${name}"; inherit name; }
	11	else null;
	12	in filter (v: v != null) (mapAttrsToList toKeyInfo (builtins.readDir dir));
	13	in {
	14	config = {
	15	services.unbound = {
	16	enable = true;
	17	resolveLocalQueries = false;
	18	stateDir = "/var/lib/unbound";
	19	localControlSocketPath = "/run/unbound/unbound.ctl";
	20	settings = {
	21	server = {
	22	interface = ["127.0.0.1" "10.141.0.1" "::0"];
	23	prefer-ip6 = true;
	24	access-control = ["0.0.0.0/0 allow" "::/0 allow"];
	25	root-hints = "${pkgs.dns-root-data}/root.hints";
	26
	27	num-threads = 12;
	28	so-reuseport = true;
	29	msg-cache-slabs = 16;
	30	rrset-cache-slabs = 16;
	31	infra-cache-slabs = 16;
	32	key-cache-slabs = 16;
	33
	34	rrset-cache-size = "100m";
	35	msg-cache-size = "50m";
	36	outgoing-range = 8192;
	37	num-queries-per-thread = 4096;
	38
	39	so-rcvbuf = "4m";
	40	so-sndbuf = "4m";
	41
	42	# serve-expired = true;
	43	# serve-expired-ttl = 86400;
	44	# serve-expired-reply-ttl = 0;
	45
	46	prefetch = true;
	47	prefetch-key = true;
	48
	49	minimal-responses = false;
	50
	51	extended-statistics = true;
	52
	53	rrset-roundrobin = true;
	54	use-caps-for-id = true;
	55
	56	local-zone = [
	57	"141.10.in-addr.arpa transparent"
	58	"yggdrasil transparent"
	59	];
	60	domain-insecure = [
	61	"141.10.in-addr.arpa"
	62	"yggdrasil"
	63	];
	64	};
	65
	66	stub-zone = map (name: {
	67	inherit name;
	68	stub-addr = "127.0.0.1@5353";
	69	stub-first = true;
	70	stub-no-cache = true;
	71	stub-prime = false;
	72	}) ["yggdrasil" "lan.yggdrasil" "mgmt.yggdrasil" "arpa.in-addr.10.141" "arpa.in-addr.10.141.0" "arpa.in-addr.10.141.1"];
	73	};
	74	};
	75
	76	services.knot = {
	77	enable = true;
	78	keyFiles = map ({name, ...}: config.sops.secrets.${name}.path) knotKeys;
	79	extraConfig = ''
	80	server:
	81	listen: 127.0.0.1@5353
	82	listen: ::1@5353
	83
	84	acl:
	85	- id: local_acl
	86	key: local_key
	87	action: update
	88
	89	template:
	90	- id: local_zone
	91	storage: /var/lib/knot
	92	zonefile-sync: -1
	93	zonefile-load: difference-no-serial
	94	serial-policy: dateserial
	95	journal-content: all
	96	semantic-checks: on
	97	acl: [local_acl]
	98
	99	zone:
	100	- domain: yggdrasil
	101	template: local_zone
	102	file: ${./zones/yggdrasil.soa}
	103	- domain: lan.yggdrasil
	104	template: local_zone
	105	file: ${./zones/yggdrasil.lan.soa}
	106	- domain: mgmt.yggdrasil
	107	template: local_zone
	108	file: ${./zones/yggdrasil.mgmt.soa}
	109	- domain: 141.10.in-addr.arpa
	110	template: local_zone
	111	file: ${./zones/arpa.in-addr.10.141.soa}
	112	- domain: 0.141.10.in-addr.arpa
	113	template: local_zone
	114	file: ${./zones/arpa.in-addr.10.141.0.soa}
	115	- domain: 1.141.10.in-addr.arpa
	116	template: local_zone
	117	file: ${./zones/arpa.in-addr.10.141.1.soa}
	118	'';
	119	};
	120
	121	sops.secrets = listToAttrs (map ({name, path}: nameValuePair name {
	122	format = "binary";
	123	owner = "knot";
	124	sopsFile = path;
	125	}) knotKeys);
	126	};
	127	}


diff --git a/hosts/vidhar/dns/key.gup b/hosts/vidhar/dns/key.gup new file mode 100644 index 00000000..83c36b0e --- /dev/null +++ b/hosts/vidhar/dns/key.gup
@@ -0,0 +1,6 @@
	1	#!/usr/bin/env zsh
	2
	3	keyName=${${2:t}%.yaml}_key
	4
	5	keymgr -t ${keyName} > $1
	6	sops -p 'A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362,30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51' --input-type=binary --output-type=binary -e -i $1


diff --git a/hosts/vidhar/dns/keys/local.yaml b/hosts/vidhar/dns/keys/local.yaml new file mode 100644 index 00000000..e66f4b61 --- /dev/null +++ b/hosts/vidhar/dns/keys/local.yaml
@@ -0,0 +1,26 @@
	1	{
	2	"data": "ENC[AES256_GCM,data:hpWdnmsmBmO01PkTlmRLHdmXrPX6POuU/PWrOUMgH6glThzsFdk84tskUExnsl3N39ryCmgZwotIZ8zCWduPBn+nN3VTEP5Z4xltC8I82C6F283gWC3gxpTXFSwF7JetRM5uBQV0FFd9iXHUySEHdzoRqsGuZTMYdT44Bm6gGQHyt7N3/EeLHyJKa7MH+SLLznjlaTnmrAxEyGP8Talda0s/mkh4nRqQnbxX6aOTQpQ=,iv:eRQuxRNQGU2Zwudaqjr+QvLLpJ5QqrjvAN/uL6x8hUs=,tag:CYEt1K+gOGiOX9qQR/Q9jw==,type:str]",
	3	"sops": {
	4	"kms": null,
	5	"gcp_kms": null,
	6	"azure_kv": null,
	7	"hc_vault": null,
	8	"age": null,
	9	"lastmodified": "2022-03-15T13:30:32Z",
	10	"mac": "ENC[AES256_GCM,data:PG4ywF/U6ITmdRB4OU5uXu54YabYt9Yyy2oYEMx0XpMlpKWH5bmg2qQNFakxBD6wCy2H6e3LmwcUl2N692crm3n/qQRNPQ0ETHVlaPlRFG85tiz/Ngi6tasoKG+ciLAXMy05c+yY6oENN7grm1TTMZRGSIyxo27ZU+k4kmz4eVM=,iv:fluwCnXHAJ/z2oGWCLXbjooymXbViPrZdVJOnoSrn1g=,tag:QtNGIKMBDtKnb3JPuRqmiA==,type:str]",
	11	"pgp": [
	12	{
	13	"created_at": "2022-03-15T13:30:31Z",
	14	"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DbYDvGI0HDr0SAQdAQAK54tXtgsLn6MmWQC/4irGRJd160lpAxCIT+nt/MBUw\nznjpLnbZXSft1RQI6/B95udkm0U/MBKt7wSMe9I/Po44qJrqHqb4jofz6NCeqxD3\n0l4Bl/DpnWfam9knZFQ9NIEaKYWXSmVuxVduhpYYGopXUrKol8BVTdXU6qHaPKgV\nQc72FvezgyHngZwXNEggvS1IWPq4m6pamLi77e8hNGiQx5CiaFXWwCP4gY6A80pS\n=FNi5\n-----END PGP MESSAGE-----\n",
	15	"fp": "A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362"
	16	},
	17	{
	18	"created_at": "2022-03-15T13:30:31Z",
	19	"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA+/lLWPxgadpnWQlbAVbdzpbevoVKuaGrQmp79m4wKycw\nBeErMZugDNzHWXkTHXez5SpS94RYlGzhLcVLGfMg7C0h3wN192QaMrcH01udnjhK\n0l4BRYt9+9CCZL+Nb/ss+BIyOAFCZi2RkwzvXl9wVk+mb1As9/UYml9zqh/juU5F\nBZXqwNPA5RSNCoB0wy3A5yIB3uniMuYczTs67VHJ5cw2VVSQvXF5zue90i2F4mC4\n=IsU1\n-----END PGP MESSAGE-----\n",
	20	"fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
	21	}
	22	],
	23	"unencrypted_suffix": "_unencrypted",
	24	"version": "3.7.1"
	25	}
	26	} \ No newline at end of file


diff --git a/hosts/vidhar/dns/zones/arpa.in-addr.10.141.0.soa b/hosts/vidhar/dns/zones/arpa.in-addr.10.141.0.soa new file mode 100644 index 00000000..75e6b3a8 --- /dev/null +++ b/hosts/vidhar/dns/zones/arpa.in-addr.10.141.0.soa
@@ -0,0 +1,12 @@
	1	$ORIGIN 0.141.10.in-addr.arpa.
	2	$TTL 300
	3	@ IN SOA vidhar.lan.yggdrasil. root.yggdrasil.li. (
	4	2022031504 ; serial
	5	300 ; refresh
	6	300 ; retry
	7	300 ; expire
	8	300 ; min TTL
	9	)
	10
	11	IN NS vidhar.lan.yggdrasil.
	12	1 IN PTR vidhar.lan.yggdrasil.


diff --git a/hosts/vidhar/dns/zones/arpa.in-addr.10.141.1.soa b/hosts/vidhar/dns/zones/arpa.in-addr.10.141.1.soa new file mode 100644 index 00000000..2d535d56 --- /dev/null +++ b/hosts/vidhar/dns/zones/arpa.in-addr.10.141.1.soa
@@ -0,0 +1,14 @@
	1	$ORIGIN 1.141.10.in-addr.arpa.
	2	$TTL 300
	3	@ IN SOA vidhar.mgmt.yggdrasil. root.yggdrasil.li. (
	4	2022031505 ; serial
	5	300 ; refresh
	6	300 ; retry
	7	300 ; expire
	8	300 ; min TTL
	9	)
	10
	11	IN NS vidhar.mgmt.yggdrasil.
	12	1 IN PTR vidhar.mgmt.yggdrasil.
	13	2 IN PTR switch01.mgmt.yggdrasil.
	14	4 IN PTR ap01.mgmt.yggdrasil.


diff --git a/hosts/vidhar/dns/zones/arpa.in-addr.10.141.soa b/hosts/vidhar/dns/zones/arpa.in-addr.10.141.soa new file mode 100644 index 00000000..ea5a35f3 --- /dev/null +++ b/hosts/vidhar/dns/zones/arpa.in-addr.10.141.soa
@@ -0,0 +1,11 @@
	1	$ORIGIN 141.10.in-addr.arpa.
	2	$TTL 300
	3	@ IN SOA vidhar.lan.yggdrasil. root.yggdrasil.li. (
	4	2022031505 ; serial
	5	300 ; refresh
	6	300 ; retry
	7	300 ; expire
	8	300 ; min TTL
	9	)
	10
	11	IN NS vidhar.lan.yggdrasil.


diff --git a/hosts/vidhar/dns/zones/yggdrasil.lan.soa b/hosts/vidhar/dns/zones/yggdrasil.lan.soa new file mode 100644 index 00000000..c58b9a13 --- /dev/null +++ b/hosts/vidhar/dns/zones/yggdrasil.lan.soa
@@ -0,0 +1,13 @@
	1	$ORIGIN lan.yggdrasil.
	2	$TTL 300
	3	@ IN SOA vidhar.lan.yggdrasil. root.yggdrasil.li. (
	4	2022031504 ; serial
	5	300 ; refresh
	6	300 ; retry
	7	300 ; expire
	8	300 ; min TTL
	9	)
	10
	11	IN NS vidhar.lan.yggdrasil.
	12
	13	vidhar IN A 10.141.0.1


diff --git a/hosts/vidhar/dns/zones/yggdrasil.mgmt.soa b/hosts/vidhar/dns/zones/yggdrasil.mgmt.soa new file mode 100644 index 00000000..8a630a9a --- /dev/null +++ b/hosts/vidhar/dns/zones/yggdrasil.mgmt.soa
@@ -0,0 +1,15 @@
	1	$ORIGIN mgmt.yggdrasil.
	2	$TTL 300
	3	@ IN SOA vidhar.mgmt.yggdrasil. root.yggdrasil.li. (
	4	2022031505 ; serial
	5	300 ; refresh
	6	300 ; retry
	7	300 ; expire
	8	300 ; min TTL
	9	)
	10
	11	IN NS vidhar.mgmt.yggdrasil.
	12
	13	vidhar IN A 10.141.1.1
	14	switch01 IN A 10.141.1.2
	15	ap01 IN A 10.141.1.4


diff --git a/hosts/vidhar/dns/zones/yggdrasil.soa b/hosts/vidhar/dns/zones/yggdrasil.soa new file mode 100644 index 00000000..6e66a063 --- /dev/null +++ b/hosts/vidhar/dns/zones/yggdrasil.soa
@@ -0,0 +1,21 @@
	1	$ORIGIN yggdrasil.
	2	$TTL 300
	3	@ IN SOA vidhar.yggdrasil. root.yggdrasil.li. (
	4	2022031504 ; serial
	5	300 ; refresh
	6	300 ; retry
	7	300 ; expire
	8	300 ; min TTL
	9	)
	10
	11	IN NS vidhar.yggdrasil.
	12
	13	surtr IN AAAA 2a03:4000:52:ada:1::
	14	vidhar IN AAAA 2a03:4000:52:ada:1:1::
	15	sif IN AAAA 2a03:4000:52:ada:1:2::
	16
	17	grafana.vidhar IN CNAME vidhar.yggdrasil.
	18
	19
	20	vidhar.lan IN A 10.141.0.1
	21	vidhar.mgmt IN A 10.141.1.1