rouven.seifert/nixos-config
1
1
Fork 0
mirror of https://git.sr.ht/~rouven/nixos-config synced 2024-11-15 05:13:10 +01:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: rouven.seifert:7a3f987b0d51b23775e2b99ed144f8df9928aaf3
Branches Tags
rouven.seifert:main
rouven.seifert:push-vxnoqsltyuxy
..
compare: rouven.seifert:9f0712d2ca443790c7cb2a45577cc2e7b11364dc
Branches Tags
rouven.seifert:main
rouven.seifert:push-vxnoqsltyuxy

2 commits
7a3f987b0d ... 9f0712d2ca

Author SHA1 Message Date
Rouven Seifert 9f0712d2ca
falkenstein: enable dnssec 2024-03-09 23:22:02 +01:00
Rouven Seifert be70c4119a
dns: simplify zonefile 2024-03-09 21:39:15 +01:00
1 changed files with 60 additions and 49 deletions
Show stats Expand all files Collapse all files

109
hosts/falkenstein/modules/dns/default.nix
View file

@ -1,7 +1,58 @@
{ pkgs, ... }: { pkgs, config, ... }:
let
zonefile = pkgs.writeText "rfive.de.zone.txt" ''
$TTL 3600
$ORIGIN rfive.de.
rfive.de. 86400 IN SOA ns.rfive.de. hostmaster.rfive.de. 2024030838 10800 3600 604800 3600
@ NS ns0.rfive.de.
@ NS ns.inwx.de.
@ NS ns2.inwx.de.
@ NS ns3.inwx.eu.
ns0 A 23.88.121.184
ns0 AAAA 2a01:4f8:c012:49de::1
@ A 23.88.121.184
@ AAAA 2a01:4f8:c012:49de::1
@ CAA 0 iodef "mailto:ca@rfive.de"
@ CAA 0 issue "letsencrypt.org"
@ CAA 0 issuewild ";"
nuc A 141.30.227.6
falkenstein A 23.88.121.184
falkenstein AAAA 2a01:4f8:c012:49de::1
falkenstein SSHFP 1 1 DE42CA418093CF94EABC124E101AE4D8DE02C69F
falkenstein SSHFP 1 2 149100F5C3CA333E20E7B03EB463B0FB23D34FFE1FC65EFAADDDBE51 8EC35990
falkenstein SSHFP 4 1 70A38677DEE50C5B67AA11400A6BCD4984355C2A
falkenstein SSHFP 4 2 B25AD18A23C885AE965875C4C9EDA4E4EDFD3503334B10F0BFE7527B EB178CB2
@ MX 1 mail.rfive.de.
mail A 23.88.121.184
mail AAAA 2a01:4f8:c012:49de::1
@ TXT "v=spf1 mx ~all"
rspamd._domainkey TXT "v=DKIM1; k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoirUMubro4nlmY6a8JMwK9QB2agAXiJzexDU/7ba6KCggONfoSTfUHlrM/XeM1GG/9oKpngApxDPP97adJuxc8/EELyo4HjTyYD8GBFZhg0AN7V8IPaJ1o5k6dGDk8ZLh41ZCnlAVWkhVSKs5pYtzkrlJIfUSzyuoe8nuFsVe3QIDAQAB"
_dmarc TXT "v=DMARC1; p=none; adkim=s; fo=1; rua=mailto:dmarc@rfive.de; ruf=mailto:dmarc@rfive.de"
_discord TXT "dh=0bcca75b0a56c304f0c23fbdb3f12009411e8c0c"
cache CNAME nuc.rfive.de.
chat CNAME nuc.rfive.de.
img.trucks CNAME falkenstein.rfive.de.
matrix CNAME nuc.rfive.de.
purge CNAME falkenstein.rfive.de.
rspamd CNAME falkenstein.rfive.de.
seafile CNAME nuc.rfive.de.
trucks CNAME falkenstein.rfive.de.
vault CNAME nuc.rfive.de.
'';
in
{ {
services.bind = { services.bind = rec {
enable = true; enable = true;
directory = "/var/lib/bind";
zones = { zones = {
"rfive.de" = { "rfive.de" = {
master = true; master = true;
@ -10,57 +61,17 @@
]; ];
extraConfig = '' extraConfig = ''
also-notify {185.181.104.96;}; also-notify {185.181.104.96;};
dnssec-policy default;
inline-signing yes;
''; '';
file = pkgs.writeText "rfive.de_zone.txt" '' file = "${directory}/rfive.de.zone.txt";
$TTL 3600
$ORIGIN rfive.de.
rfive.de. 86400 IN SOA ns.rfive.de. hostmaster.rfive.de. 2024030832 10800 3600 604800 3600
@ 3600 IN NS ns.rfive.de.
@ 3600 IN NS ns.inwx.de.
@ 3600 IN NS ns2.inwx.de.
ns.rfive.de. 3600 IN A 23.88.121.184
ns.rfive.de. 3600 IN AAAA 2a01:4f8:c012:49de::1
@ IN A 23.88.121.184
@ IN AAAA 2a01:4f8:c012:49de::1
@ IN CAA 0 iodef "mailto:ca@rfive.de"
@ IN CAA 0 issue "letsencrypt.org"
@ IN CAA 0 issuewild ";"
nuc IN A 141.30.227.6
falkenstein IN A 23.88.121.184
falkenstein IN AAAA 2a01:4f8:c012:49de::1
falkenstein IN SSHFP 1 1 DE42CA418093CF94EABC124E101AE4D8DE02C69F
falkenstein IN SSHFP 1 2 149100F5C3CA333E20E7B03EB463B0FB23D34FFE1FC65EFAADDDBE51 8EC35990
falkenstein IN SSHFP 4 1 70A38677DEE50C5B67AA11400A6BCD4984355C2A
falkenstein IN SSHFP 4 2 B25AD18A23C885AE965875C4C9EDA4E4EDFD3503334B10F0BFE7527B EB178CB2
@ IN MX 1 mail.rfive.de.
mail IN A 23.88.121.184
mail IN AAAA 2a01:4f8:c012:49de::1
@ IN TXT "v=spf1 mx ~all"
rspamd._domainkey IN TXT "v=DKIM1; k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoirUMubro4nlmY6a8JMwK9QB2agAXiJzexDU/7ba6KCggONfoSTfUHlrM/XeM1GG/9oKpngApxDPP97adJuxc8/EELyo4HjTyYD8GBFZhg0AN7V8IPaJ1o5k6dGDk8ZLh41ZCnlAVWkhVSKs5pYtzkrlJIfUSzyuoe8nuFsVe3QIDAQAB"
_dmarc IN TXT "v=DMARC1; p=none; adkim=s; fo=1; rua=mailto:dmarc@rfive.de; ruf=mailto:dmarc@rfive.de"
cache IN CNAME nuc.rfive.de.
chat IN CNAME nuc.rfive.de.
img.trucks IN CNAME falkenstein.rfive.de.
matrix IN CNAME nuc.rfive.de.
purge IN CNAME falkenstein.rfive.de.
rspamd IN CNAME falkenstein.rfive.de.
seafile IN CNAME nuc.rfive.de.
trucks IN CNAME falkenstein.rfive.de.
vault IN CNAME nuc.rfive.de.
_discord IN TXT "dh=0bcca75b0a56c304f0c23fbdb3f12009411e8c0c"
'';
}; };
}; };
}; };
systemd.services.bind.preStart = ''
# copy the file manually to its destination since signing requires a writable directory
${pkgs.coreutils}/bin/cp ${zonefile} ${config.services.bind.directory}/rfive.de.zone.txt
'';
networking.firewall.allowedUDPPorts = [ 53 ]; networking.firewall.allowedUDPPorts = [ 53 ];
networking.firewall.allowedTCPPorts = [ 53 ]; networking.firewall.allowedTCPPorts = [ 53 ];
} }