diff options
Diffstat (limited to 'hosts/surtr/dns/default.nix')
| -rw-r--r-- | hosts/surtr/dns/default.nix | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix index 2079585c..971de5e8 100644 --- a/hosts/surtr/dns/default.nix +++ b/hosts/surtr/dns/default.nix | |||
| @@ -25,6 +25,7 @@ in { | |||
| 25 | enable = true; | 25 | enable = true; |
| 26 | keyFiles = [ | 26 | keyFiles = [ |
| 27 | config.sops.secrets."rheperire.org_acme_key.yaml".path | 27 | config.sops.secrets."rheperire.org_acme_key.yaml".path |
| 28 | config.sops.secrets."webdav.141.li_acme_key.yaml".path | ||
| 28 | config.sops.secrets."knot_local_key.yaml".path | 29 | config.sops.secrets."knot_local_key.yaml".path |
| 29 | ]; | 30 | ]; |
| 30 | extraConfig = '' | 31 | extraConfig = '' |
| @@ -50,6 +51,9 @@ in { | |||
| 50 | - id: rheperire.org_acme_acl | 51 | - id: rheperire.org_acme_acl |
| 51 | key: rheperire.org_acme_key | 52 | key: rheperire.org_acme_key |
| 52 | action: update | 53 | action: update |
| 54 | - id: webdav.141.li_acme_acl | ||
| 55 | key: webdav.141.li_acme_key | ||
| 56 | action: update | ||
| 53 | - id: local_acl | 57 | - id: local_acl |
| 54 | key: local_key | 58 | key: local_key |
| 55 | action: update | 59 | action: update |
| @@ -130,7 +134,12 @@ in { | |||
| 130 | 134 | ||
| 131 | - domain: 141.li | 135 | - domain: 141.li |
| 132 | template: inwx_zone | 136 | template: inwx_zone |
| 137 | acl: [local_acl, inwx_acl] | ||
| 133 | file: ${./zones/li.141.soa} | 138 | file: ${./zones/li.141.soa} |
| 139 | - domain: _acme-challenge.webdav.141.li | ||
| 140 | template: acme_zone | ||
| 141 | acl: [webdav.141.li_acme_acl] | ||
| 142 | file: ${acmeChallengeZonefile "webdav.141.li"} | ||
| 134 | 143 | ||
| 135 | - domain: kleen.li | 144 | - domain: kleen.li |
| 136 | template: inwx_zone | 145 | template: inwx_zone |
| @@ -150,8 +159,8 @@ in { | |||
| 150 | 159 | ||
| 151 | - domain: rheperire.org | 160 | - domain: rheperire.org |
| 152 | template: inwx_zone | 161 | template: inwx_zone |
| 153 | file: ${./zones/org.rheperire.soa} | ||
| 154 | acl: [local_acl, inwx_acl] | 162 | acl: [local_acl, inwx_acl] |
| 163 | file: ${./zones/org.rheperire.soa} | ||
| 155 | - domain: _acme-challenge.rheperire.org | 164 | - domain: _acme-challenge.rheperire.org |
| 156 | template: acme_zone | 165 | template: acme_zone |
| 157 | acl: [rheperire.org_acme_acl] | 166 | acl: [rheperire.org_acme_acl] |
| @@ -165,6 +174,11 @@ in { | |||
| 165 | owner = "knot"; | 174 | owner = "knot"; |
| 166 | sopsFile = ./keys/rheperire.org_acme.yaml; | 175 | sopsFile = ./keys/rheperire.org_acme.yaml; |
| 167 | }; | 176 | }; |
| 177 | "webdav.141.li_acme_key.yaml" = { | ||
| 178 | format = "binary"; | ||
| 179 | owner = "knot"; | ||
| 180 | sopsFile = ./keys/webdav.141.li_acme.yaml; | ||
| 181 | }; | ||
| 168 | "knot_local_key.yaml" = { | 182 | "knot_local_key.yaml" = { |
| 169 | format = "binary"; | 183 | format = "binary"; |
| 170 | owner = "knot"; | 184 | owner = "knot"; |