summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--hosts/surtr/dns/default.nix7
-rw-r--r--hosts/vidhar/dns/default.nix7
-rw-r--r--hosts/vidhar/dns/keys/local (renamed from hosts/vidhar/dns/keys/local_yaml)0
3 files changed, 8 insertions, 6 deletions
diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix
index e79f4bfb..ab2a3cd5 100644
--- a/hosts/surtr/dns/default.nix
+++ b/hosts/surtr/dns/default.nix
@@ -46,12 +46,12 @@ in {
46 46
47 systemd.services.knot = { 47 systemd.services.knot = {
48 unitConfig.RequiresMountsFor = [ "/var/lib/knot" ]; 48 unitConfig.RequiresMountsFor = [ "/var/lib/knot" ];
49 serviceConfig.LoadCredential = map ({name, ...}: "${name}:${config.sops.secrets.${name}.path}") knotKeys; 49 serviceConfig.LoadCredential = map ({name, ...}: "${name}.yaml:${config.sops.secrets.${name}.path}") knotKeys;
50 }; 50 };
51 51
52 services.knot = { 52 services.knot = {
53 enable = true; 53 enable = true;
54 keyFiles = map ({name, ...}: "/run/credentials/knot.service/${name}") knotKeys; 54 keyFiles = map ({name, ...}: "/run/credentials/knot.service/${name}.yaml") knotKeys;
55 extraConfig = '' 55 extraConfig = ''
56 server: 56 server:
57 listen: 127.0.0.1@53 57 listen: 127.0.0.1@53
@@ -109,20 +109,17 @@ in {
109 algorithm: rsasha256 109 algorithm: rsasha256
110 ksk-size: 4096 110 ksk-size: 4096
111 zsk-size: 2048 111 zsk-size: 2048
112 zsk-lifetime: 30d
113 ksk-submission: validating-resolver 112 ksk-submission: validating-resolver
114 - id: ed25519 113 - id: ed25519
115 algorithm: ed25519 114 algorithm: ed25519
116 nsec3: on 115 nsec3: on
117 nsec3-iterations: 0 116 nsec3-iterations: 0
118 ksk-lifetime: 360d
119 signing-threads: 2 117 signing-threads: 2
120 ksk-submission: validating-resolver 118 ksk-submission: validating-resolver
121 - id: ed25519_local-push 119 - id: ed25519_local-push
122 algorithm: ed25519 120 algorithm: ed25519
123 nsec3: on 121 nsec3: on
124 nsec3-iterations: 0 122 nsec3-iterations: 0
125 ksk-lifetime: 360d
126 signing-threads: 2 123 signing-threads: 2
127 ksk-submission: validating-resolver 124 ksk-submission: validating-resolver
128 cds-cdnskey-publish: double-ds 125 cds-cdnskey-publish: double-ds
diff --git a/hosts/vidhar/dns/default.nix b/hosts/vidhar/dns/default.nix
index 2e943afc..ade884e7 100644
--- a/hosts/vidhar/dns/default.nix
+++ b/hosts/vidhar/dns/default.nix
@@ -79,9 +79,14 @@ in {
79 }; 79 };
80 }; 80 };
81 81
82 systemd.services.knot = {
83 unitConfig.RequiresMountsFor = [ "/var/lib/knot" ];
84 serviceConfig.LoadCredential = map ({name, ...}: "${name}.yaml:${config.sops.secrets.${name}.path}") knotKeys;
85 };
86
82 services.knot = { 87 services.knot = {
83 enable = true; 88 enable = true;
84 keyFiles = map ({name, ...}: config.sops.secrets.${name}.path) knotKeys; 89 keyFiles = map ({name, ...}: "/run/credentials/knot.service/${name}.yaml") knotKeys;
85 extraConfig = '' 90 extraConfig = ''
86 server: 91 server:
87 listen: 127.0.0.1@5353 92 listen: 127.0.0.1@5353
diff --git a/hosts/vidhar/dns/keys/local_yaml b/hosts/vidhar/dns/keys/local
index f682f05e..f682f05e 100644
--- a/hosts/vidhar/dns/keys/local_yaml
+++ b/hosts/vidhar/dns/keys/local
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-21 14:33:38 +0000