diff options
Diffstat (limited to 'modules/nixfiles/nsd.nix')
| -rw-r--r-- | modules/nixfiles/nsd.nix | 48 |
1 files changed, 27 insertions, 21 deletions
diff --git a/modules/nixfiles/nsd.nix b/modules/nixfiles/nsd.nix index 7abae70..acbfd07 100644 --- a/modules/nixfiles/nsd.nix +++ b/modules/nixfiles/nsd.nix @@ -63,31 +63,36 @@ in { sldIps ? (ips "manwe"), extra ? {}, }: { - ${domain}.data = dns.toString domain ({ + ${domain}.data = dns.toString domain (mkMerge [ + { TTL = 60 * 60; SOA = { nameServer = "${cfg.fqdn}."; adminEmail = "admin+dns@${my.domain.shire}"; - serial = 2022081122; + serial = 2022091420; }; - NS = with my.domain; ["ns1.${shire}" "ns2.${shire}"]; + NS = with my.domain; [ + "ns1.${shire}" + # "ns2.${shire}" + ]; CAA = letsEncrypt "admin+caa@${my.domain.shire}"; } - // sldIps - // extra); + sldIps + extra + ]); }; in mkMerge [ (mkZone { domain = my.domain.shire; - extra = + extra = mkMerge [ (mkEmailEntries { dkimKey = "@DKIM_KEY@"; }) - // { + { subdomains = rec { manwe = ips "manwe"; "*.manwe" = manwe; @@ -110,40 +115,41 @@ in { rss-bridge = manwe; vaultwarden = manwe; }; - }; + } + ]; }) (mkZone { domain = my.domain.azahi; - extra = + extra = mkMerge [ (mkEmailEntries { dkimKey = "@DKIM_KEY@"; }) - // { - subdomains = { - github.CNAME = ["github.com/${my.username}"]; - gitlab.CNAME = ["gitlab.com/${my.username}"]; - }; - }; + { + TXT = ["openpgp4fpr:${my.pgp.fingerprint}"]; # https://docs.keyoxide.org/service-providers/dns/ + } + ]; }) (mkZone { domain = my.domain.gondor; - extra = + extra = mkMerge [ (mkEmailEntries { dkimKey = "@DKIM_KEY@"; }) - // { + { subdomains.frodo = ips "manwe"; - }; + } + ]; }) (mkZone { domain = my.domain.rohan; - extra = + extra = mkMerge [ (mkEmailEntries { dkimKey = "@DKIM_KEY@"; }) - // { + { subdomains.frodo = ips "manwe"; - }; + } + ]; }) ]; }; |