diff --git a/configs/nixos/plover/modules/services/dns-server/default.nix b/configs/nixos/plover/modules/services/dns-server/default.nix index 2dac7d4c..b70e0732 100644 --- a/configs/nixos/plover/modules/services/dns-server/default.nix +++ b/configs/nixos/plover/modules/services/dns-server/default.nix @@ -8,20 +8,21 @@ let cfg = hostCfg.services.dns-server; inherit (config.networking) domain fqdn; + inherit (config.state.network.interfaces) wan lan; zonesDir = "/etc/bind/zones"; getZoneFile = domain: "${zonesDir}/${domain}.zone"; zonefile = pkgs.substituteAll { src = ./zones/${domain}.zone; - ploverWANIPv4 = config.state.network.ipv4; - ploverWANIPv6 = config.state.network.ipv6; + ploverWANIPv4 = wan.ipv4; + ploverWANIPv6 = wan.ipv6; }; fqdnZone = pkgs.substituteAll { src = ./zones/${fqdn}.zone; - ploverWANIPv4 = config.state.network.ipv4; - ploverWANIPv6 = config.state.network.ipv6; + ploverLANIPv4 = wan.ipv4; + ploverLANIPv6 = wan.ipv6; }; dnsSubdomain = "ns1.${domain}"; @@ -66,18 +67,16 @@ in listenOn = [ "127.0.0.1" - config.state.network.ipv4 + wan.ipv4 + lan.ipv4 ]; listenOnIpv6 = [ "::1" - config.state.network.ipv6 + wan.ipv6 + lan.ipv6 ]; - extraConfig = '' - include "${config.state.paths.dataDir}/dns/*-dnskeys.conf"; - ''; - # Welp, since the template is pretty limited, we'll have to go with our # own. This is partially based from the NixOS Bind module except without # the template for filling in zones since we use views. @@ -187,10 +186,10 @@ in in lib.mkAfter '' # Install the domain zone. - [ -f ${lib.escapeShellArg domainZone'} ] && install -Dm0600 ${zonefile} ${lib.escapeShellArg domainZone'} + [ -f ${lib.escapeShellArg domainZone'} ] || install -Dm0600 ${zonefile} ${lib.escapeShellArg domainZone'} # Install the internal DNS zones. - [ -f ${lib.escapeShellArg fqdnZone'} ] && install -Dm0600 '${fqdnZone}' ${lib.escapeShellArg fqdnZone'} + [ -f ${lib.escapeShellArg fqdnZone'} ] || install -Dm0600 '${fqdnZone}' ${lib.escapeShellArg fqdnZone'} ''; serviceConfig = { diff --git a/configs/nixos/plover/modules/services/dns-server/zones/foodogsquared.one.zone b/configs/nixos/plover/modules/services/dns-server/zones/foodogsquared.one.zone index 0ccfb782..cf2bf30e 100644 --- a/configs/nixos/plover/modules/services/dns-server/zones/foodogsquared.one.zone +++ b/configs/nixos/plover/modules/services/dns-server/zones/foodogsquared.one.zone @@ -18,18 +18,13 @@ $ORIGIN foodogsquared.one. ; https://mxroutedocs.com/ @ IN MX 10 heracles.mxrouting.net. IN MX 20 heracles-relay.mxrouting.net. - IN TXT "v=spf1 include:mxlogin.com -all" + IN TXT v=spf1 include:mxlogin.com -all ; Protect the validity of my emails sent by me!!!! -x._domainkey 3600 IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyLlrgdsO4jLncMoGAowlE14oB9R2ESxNLRBtkzc24LOPJ1CwEIE+5AHZd+ZRMwiD7fdXcyCH7/E1BRXWT+TtLnKnBgf5I0z6EbPqiPPb6nmpDWrbZzA2mdKetAKz0kFJC8oYK7lQF7Bdh57y/HWksoH6yjl1E88m8tEQ/thlyABGjqzV+txgmc1BryFu23KasqI2c4We/KgvsoSSAaUHkjpAMCuJck/P0G9mJWyTHrnZN2gCotyenLBZew0BIbiA2XYp6dQW4sU+MawfZ0E1KA0lem0SRYCB+sGD248uj4xVo9sIiCVyO9EQXy/YCZTeuTQHf1+QeFzI82vIrlv63QIDAQAB" +x._domainkey 3600 IN TXT v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyLlrgdsO4jLncMoGAowlE14oB9R2ESxNLRBtkzc24LOPJ1CwEIE+5AHZd+ZRMwiD7fdXcyCH7/E1BRXWT+TtLnKnBgf5I0z6EbPqiPPb6nmpDWrbZzA2mdKetAKz0kFJC8oYK7lQF7Bdh57y/HWksoH6yjl1E88m8tEQ/thlyABGjqzV+txgmc1BryFu23KasqI2c4We/KgvsoSSAaUHkjpAMCuJck/P0G9mJWyTHrnZN2gCotyenLBZew0BIbiA2XYp6dQW4sU+MawfZ0E1KA0lem0SRYCB+sGD248uj4xVo9sIiCVyO9EQXy/YCZTeuTQHf1+QeFzI82vIrlv63QIDAQAB ; Protect my domain email from spoofing. -_dmarc 400 IN TXT "v=DMARC1;p=none;rua=mailto:postmaster@foodogsquared.one;ruf=mailto:admin@foodogsquared.one" - - - -; Keybase verification key. -@ 3600 IN TXT #keybaseVerificationKey# +_dmarc 400 IN TXT v=DMARC1;p=none;rua=mailto:postmaster@foodogsquared.one;ruf=mailto:admin@foodogsquared.one ; This will make PGP clients find my public key for the email. _hkps._tcp IN SRV 1 1 443 pgp.mailbox.org.