From 39094f52acc0b3c38fc1a50718b5cc8e25b8fb7a Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Mon, 30 Jan 2023 12:41:51 +0100
Subject: ...

---
 hosts/surtr/dns/default.nix | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

(limited to 'hosts/surtr')

diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix
index e79f4bfb..ab2a3cd5 100644
--- a/hosts/surtr/dns/default.nix
+++ b/hosts/surtr/dns/default.nix
@@ -46,12 +46,12 @@ in {
 
     systemd.services.knot = {
       unitConfig.RequiresMountsFor = [ "/var/lib/knot" ];
-      serviceConfig.LoadCredential = map ({name, ...}: "${name}:${config.sops.secrets.${name}.path}") knotKeys;
+      serviceConfig.LoadCredential = map ({name, ...}: "${name}.yaml:${config.sops.secrets.${name}.path}") knotKeys;
     };
 
     services.knot = {
       enable = true;
-      keyFiles = map ({name, ...}: "/run/credentials/knot.service/${name}") knotKeys;
+      keyFiles = map ({name, ...}: "/run/credentials/knot.service/${name}.yaml") knotKeys;
       extraConfig = ''
         server:
           listen: 127.0.0.1@53
@@ -109,20 +109,17 @@ in {
             algorithm: rsasha256
             ksk-size: 4096
             zsk-size: 2048
-            zsk-lifetime: 30d
             ksk-submission: validating-resolver
           - id: ed25519
             algorithm: ed25519
             nsec3: on
             nsec3-iterations: 0
-            ksk-lifetime: 360d
             signing-threads: 2
             ksk-submission: validating-resolver
           - id: ed25519_local-push
             algorithm: ed25519
             nsec3: on
             nsec3-iterations: 0
-            ksk-lifetime: 360d
             signing-threads: 2
             ksk-submission: validating-resolver
             cds-cdnskey-publish: double-ds
-- 
cgit v1.2.3