1 files changed, 12 insertions, 12 deletions

diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix
index 4a1b2482..eb4dbe13 100644
--- a/hosts/surtr/dns/default.nix
+++ b/hosts/surtr/dns/default.nix
@@ -36,6 +36,18 @@
             secret-lifetime: 4h
             badcookie-slip: 1
 
+        policy:
+          - id: rsa2048
+            algorithm: rsasha256
+            ksk-size: 4096
+            zsk-size: 2048
+            zsk-lifetime: 30d
+          - id: ed25519
+            algorithm: ed25519
+            nsec3: on
+            ksk-lifetime: 360d
+            signing-threads: 2
+
         template:
           - id: default
             global-module: [mod-cookies/default, mod-rrl/default]
@@ -51,18 +63,6 @@
             notify: [inwx_notify]
             acl: [inwx_acl]
 
-        policy:
-          - id: rsa2048
-            algorithm: rsasha256
-            ksk-size: 4096
-            zsk-size: 2048
-            zsk-lifetime: 30d
-          - id: ed25519
-            algorithm: ed25519
-            nsec3: on
-            ksk-lifetime: 360d
-            signing-threads: 2
-
         zone:
           - domain: yggdrasil.li
             template: inwx_zone