From fb2407ce2363d4bbf70917aab24d3d9e988f581d Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sat, 29 May 2021 16:05:38 +0200 Subject: knot@surtr: yggdrasil.li --- hosts/surtr/default.nix | 2 +- hosts/surtr/dns/default.nix | 23 ++++++++++++++ hosts/surtr/dns/zones/li.yggdrasil.soa | 56 +++++++++++++++++++++++++++++++++ hosts/surtr/dns/zones/org.praseodym.soa | 43 +++++++++++++++++++++++++ 4 files changed, 123 insertions(+), 1 deletion(-) create mode 100644 hosts/surtr/dns/default.nix create mode 100644 hosts/surtr/dns/zones/li.yggdrasil.soa create mode 100644 hosts/surtr/dns/zones/org.praseodym.soa (limited to 'hosts/surtr') diff --git a/hosts/surtr/default.nix b/hosts/surtr/default.nix index 8cbb51ef..828f3361 100644 --- a/hosts/surtr/default.nix +++ b/hosts/surtr/default.nix @@ -1,7 +1,7 @@ { flake, pkgs, ... }: { imports = with flake.nixosModules.systemProfiles; [ - qemu-guest openssh rebuild-machines ./zfs.nix + qemu-guest openssh rebuild-machines ./zfs.nix ./dns ]; config = { diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix new file mode 100644 index 00000000..59214339 --- /dev/null +++ b/hosts/surtr/dns/default.nix @@ -0,0 +1,23 @@ +{...}: +{ + config = { + fileSystems."/var/lib/knot" = + { device = "surtr/safe/var-lib-knot"; + fsType = "zfs"; + }; + + services.knot = { + enable = true; + extraConfig = '' + server: + listen: 0.0.0.0@53 + listen: ::@53 + + zone: + - domain: yggdrasil.li + file: ${./zones/li.yggdrasil.soa} + semantic-checks: on + ''; + }; + }; +} diff --git a/hosts/surtr/dns/zones/li.yggdrasil.soa b/hosts/surtr/dns/zones/li.yggdrasil.soa new file mode 100644 index 00000000..81e7ccfd --- /dev/null +++ b/hosts/surtr/dns/zones/li.yggdrasil.soa @@ -0,0 +1,56 @@ +$ORIGIN yggdrasil.li. +$TTL 3600 +@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( + 2021052900 ; serial + 10800 ; refresh + 3600 ; retry + 604800 ; expire + 3600 ; min TTL +) + IN NS ns.yggdrasil.li. + IN NS ns.inwx.de. + IN NS ns2.inwx.de. + IN NS ns3.inwx.eu. + +ns IN A 202.61.241.61 +ns IN AAAA 2a03:4000:52:ada:: + +@ IN A 188.68.51.254 +@ IN AAAA 2a03:4000:6:d004:: +@ IN MX 0 ymir.yggdrasil.li. +@ IN TXT "v=spf1 a:mailout.yggdrasil.li -all" + +* IN A 188.68.51.254 +* IN AAAA 2a03:4000:6:d004:: +* IN MX 0 ymir.yggdrasil.li. +* IN TXT "v=spf1 redirect=yggdrasil.li" + +ymir IN A 188.68.51.254 +ymir IN AAAA 2a03:4000:6:d004:: +ymir IN MX 0 ymir.yggdrasil.li. +ymir IN TXT "v=spf1 redirect=yggdrasil.li" + +surtr IN A 202.61.241.61 +surtr IN AAAA 2a03:4000:52:ada:: +surtr IN MX 0 ymir.yggdrasil.li +surtr IN TXT "v=spf1 redirect=ullr.yggdrasil.li" + +mailout IN A 188.68.51.254 +mailout IN AAAA 2a03:4000:6:d004:: +mailout IN MX 0 ymir.yggdrasil.li +mailout IN TXT "v=spf1 redirect=yggdrasil.li" + +ymir._domainkey IN TXT ( + "v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq3cCKlk+VPhyAanLZTM0BCzUT/+fmxHioZcFk0uJk1akBYj7BRofR7eVNcLKpm3rwYMQgE+9vJH9p8SV6tws9EcWc8SMCqqGZlREYM7PmLDiTSK/vjCzkygfgFCb0EBNsY2A/fpP4rTeoxrbcBSvMkq97iY5rwyw4wXZVZXLiDaCj23s8POoxTk1ClqUJZJQ5x2" + "qzrC0RfN5kLZ9A7Gq2jB09vNxpXHYqABA0bJv88JiZM7hfkp9IafJZ+yCVMaBcJs4DAxnTjNAuFD9gm+qSFVY8+yeXqL6Qjo5PbruhyZRBW8RgRYT8t5n07XRglMGKKGMwOGLanrltcyXqB+GsDZBD36RAAwjFadnxdpDyRv4SgRP7ff2tKRrORYpmpN+mKdqw5j3J/nP6bXV1oAkyh9XQkPEIDi81WT87EZziTElDzVp6A2qFOxqucAovoRk24" + "7vlsns1FApFRsp9mja0UZNObyKD1M6tP9Ep7lS76tFGMk+WDvXRJH5LEsyCpu7sSyl1r/O0M4K+KldRCqLlZd7rf8F5P8T0dn1azk05g7F4p0N/y9GNdzXbPZ9u0eZdI7SEdh8ZoOZp7NVZiBFfbWLSS5ZtyA2kbBa4i7GJ/cuAbEKOmqAkeQPiu96TGIcyjkXjS6mTPI+9UmKZYZC+OM8XdJ02y5KRoonCc19ZS8CAwEAAQ==" +) + +_xmpp-client._tcp IN SRV 5 0 5222 ymir.yggdrasil.li. +_xmpp-server._tcp IN SRV 5 0 5269 ymir.yggdrasil.li. + +_infinoted._tcp IN SRV 5 0 6523 ymir.yggdrasil.li. + +_submission._tcp IN SRV 5 0 25 ymir.yggdrasil.li. +_imap._tcp IN SRV 5 0 143 ymir.yggdrasil.li. +_imaps._tcp IN SRV 5 0 993 ymir.yggdrasil.li. diff --git a/hosts/surtr/dns/zones/org.praseodym.soa b/hosts/surtr/dns/zones/org.praseodym.soa new file mode 100644 index 00000000..3b946641 --- /dev/null +++ b/hosts/surtr/dns/zones/org.praseodym.soa @@ -0,0 +1,43 @@ +$ORIGIN praseodym.org. +$TTL 3600 +@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( + 2021051520 ; serial + 10800 ; refresh + 3600 ; retry + 604800 ; expire + 3600 ; min TTL +) + IN NS ns.yggdrasil.li. + IN NS ns.inwx.de. + IN NS ns2.inwx.de. + IN NS ns3.inwx.eu. + +@ IN A 188.68.51.254 +@ IN AAAA 2a03:4000:6:d004:: +@ IN MX 0 ymir.yggdrasil.li. +@ IN TXT "v=spf1 redirect=yggdrasil.li" + +* IN A 188.68.51.254 +* IN AAAA 2a03:4000:6:d004:: +* IN MX 0 ymir.yggdrasil.li. +* IN TXT "v=spf1 redirect=yggdrasil.li" + +surtr IN A 202.61.241.61 +surtr IN AAAA 2a03:4000:52:ada:: +surtr IN MX 0 ymir.yggdrasil.li +surtr IN TXT "v=spf1 redirect=ullr.yggdrasil.li" + +ymir._domainkey IN TXT ( + "v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq3cCKlk+VPhyAanLZTM0BCzUT/+fmxHioZcFk0uJk1akBYj7BRofR7eVNcLKpm3rwYMQgE+9vJH9p8SV6tws9EcWc8SMCqqGZlREYM7PmLDiTSK/vjCzkygfgFCb0EBNsY2A/fpP4rTeoxrbcBSvMkq97iY5rwyw4wXZVZXLiDaCj23s8POoxTk1ClqUJZJQ5x2" + "qzrC0RfN5kLZ9A7Gq2jB09vNxpXHYqABA0bJv88JiZM7hfkp9IafJZ+yCVMaBcJs4DAxnTjNAuFD9gm+qSFVY8+yeXqL6Qjo5PbruhyZRBW8RgRYT8t5n07XRglMGKKGMwOGLanrltcyXqB+GsDZBD36RAAwjFadnxdpDyRv4SgRP7ff2tKRrORYpmpN+mKdqw5j3J/nP6bXV1oAkyh9XQkPEIDi81WT87EZziTElDzVp6A2qFOxqucAovoRk24" + "7vlsns1FApFRsp9mja0UZNObyKD1M6tP9Ep7lS76tFGMk+WDvXRJH5LEsyCpu7sSyl1r/O0M4K+KldRCqLlZd7rf8F5P8T0dn1azk05g7F4p0N/y9GNdzXbPZ9u0eZdI7SEdh8ZoOZp7NVZiBFfbWLSS5ZtyA2kbBa4i7GJ/cuAbEKOmqAkeQPiu96TGIcyjkXjS6mTPI+9UmKZYZC+OM8XdJ02y5KRoonCc19ZS8CAwEAAQ==" +) + +_xmpp-client._tcp IN SRV 5 0 5222 ymir.yggdrasil.li. +_xmpp-server._tcp IN SRV 5 0 5269 ymir.yggdrasil.li. + +_infinoted._tcp IN SRV 5 0 6523 ymir.yggdrasil.li. + +_submission._tcp IN SRV 5 0 25 ymir.yggdrasil.li. +_imap._tcp IN SRV 5 0 143 ymir.yggdrasil.li. +_imaps._tcp IN SRV 5 0 993 ymir.yggdrasil.li. -- cgit v1.2.3