mirror of
https://github.com/foo-dogsquared/nixos-config.git
synced 2025-03-15 06:19:00 +00:00
hosts/plover/services/dns-server: fix server settings and its zone files
This commit is contained in:
parent
4fd843bd92
commit
1a6ba1df90
@ -8,20 +8,21 @@ let
|
|||||||
cfg = hostCfg.services.dns-server;
|
cfg = hostCfg.services.dns-server;
|
||||||
|
|
||||||
inherit (config.networking) domain fqdn;
|
inherit (config.networking) domain fqdn;
|
||||||
|
inherit (config.state.network.interfaces) wan lan;
|
||||||
|
|
||||||
zonesDir = "/etc/bind/zones";
|
zonesDir = "/etc/bind/zones";
|
||||||
getZoneFile = domain: "${zonesDir}/${domain}.zone";
|
getZoneFile = domain: "${zonesDir}/${domain}.zone";
|
||||||
|
|
||||||
zonefile = pkgs.substituteAll {
|
zonefile = pkgs.substituteAll {
|
||||||
src = ./zones/${domain}.zone;
|
src = ./zones/${domain}.zone;
|
||||||
ploverWANIPv4 = config.state.network.ipv4;
|
ploverWANIPv4 = wan.ipv4;
|
||||||
ploverWANIPv6 = config.state.network.ipv6;
|
ploverWANIPv6 = wan.ipv6;
|
||||||
};
|
};
|
||||||
|
|
||||||
fqdnZone = pkgs.substituteAll {
|
fqdnZone = pkgs.substituteAll {
|
||||||
src = ./zones/${fqdn}.zone;
|
src = ./zones/${fqdn}.zone;
|
||||||
ploverWANIPv4 = config.state.network.ipv4;
|
ploverLANIPv4 = wan.ipv4;
|
||||||
ploverWANIPv6 = config.state.network.ipv6;
|
ploverLANIPv6 = wan.ipv6;
|
||||||
};
|
};
|
||||||
|
|
||||||
dnsSubdomain = "ns1.${domain}";
|
dnsSubdomain = "ns1.${domain}";
|
||||||
@ -66,18 +67,16 @@ in
|
|||||||
|
|
||||||
listenOn = [
|
listenOn = [
|
||||||
"127.0.0.1"
|
"127.0.0.1"
|
||||||
config.state.network.ipv4
|
wan.ipv4
|
||||||
|
lan.ipv4
|
||||||
];
|
];
|
||||||
|
|
||||||
listenOnIpv6 = [
|
listenOnIpv6 = [
|
||||||
"::1"
|
"::1"
|
||||||
config.state.network.ipv6
|
wan.ipv6
|
||||||
|
lan.ipv6
|
||||||
];
|
];
|
||||||
|
|
||||||
extraConfig = ''
|
|
||||||
include "${config.state.paths.dataDir}/dns/*-dnskeys.conf";
|
|
||||||
'';
|
|
||||||
|
|
||||||
# Welp, since the template is pretty limited, we'll have to go with our
|
# Welp, since the template is pretty limited, we'll have to go with our
|
||||||
# own. This is partially based from the NixOS Bind module except without
|
# own. This is partially based from the NixOS Bind module except without
|
||||||
# the template for filling in zones since we use views.
|
# the template for filling in zones since we use views.
|
||||||
@ -187,10 +186,10 @@ in
|
|||||||
in
|
in
|
||||||
lib.mkAfter ''
|
lib.mkAfter ''
|
||||||
# Install the domain zone.
|
# Install the domain zone.
|
||||||
[ -f ${lib.escapeShellArg domainZone'} ] && install -Dm0600 ${zonefile} ${lib.escapeShellArg domainZone'}
|
[ -f ${lib.escapeShellArg domainZone'} ] || install -Dm0600 ${zonefile} ${lib.escapeShellArg domainZone'}
|
||||||
|
|
||||||
# Install the internal DNS zones.
|
# Install the internal DNS zones.
|
||||||
[ -f ${lib.escapeShellArg fqdnZone'} ] && install -Dm0600 '${fqdnZone}' ${lib.escapeShellArg fqdnZone'}
|
[ -f ${lib.escapeShellArg fqdnZone'} ] || install -Dm0600 '${fqdnZone}' ${lib.escapeShellArg fqdnZone'}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
|
@ -18,18 +18,13 @@ $ORIGIN foodogsquared.one.
|
|||||||
; https://mxroutedocs.com/
|
; https://mxroutedocs.com/
|
||||||
@ IN MX 10 heracles.mxrouting.net.
|
@ IN MX 10 heracles.mxrouting.net.
|
||||||
IN MX 20 heracles-relay.mxrouting.net.
|
IN MX 20 heracles-relay.mxrouting.net.
|
||||||
IN TXT "v=spf1 include:mxlogin.com -all"
|
IN TXT v=spf1 include:mxlogin.com -all
|
||||||
|
|
||||||
; Protect the validity of my emails sent by me!!!!
|
; Protect the validity of my emails sent by me!!!!
|
||||||
x._domainkey 3600 IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyLlrgdsO4jLncMoGAowlE14oB9R2ESxNLRBtkzc24LOPJ1CwEIE+5AHZd+ZRMwiD7fdXcyCH7/E1BRXWT+TtLnKnBgf5I0z6EbPqiPPb6nmpDWrbZzA2mdKetAKz0kFJC8oYK7lQF7Bdh57y/HWksoH6yjl1E88m8tEQ/thlyABGjqzV+txgmc1BryFu23KasqI2c4We/KgvsoSSAaUHkjpAMCuJck/P0G9mJWyTHrnZN2gCotyenLBZew0BIbiA2XYp6dQW4sU+MawfZ0E1KA0lem0SRYCB+sGD248uj4xVo9sIiCVyO9EQXy/YCZTeuTQHf1+QeFzI82vIrlv63QIDAQAB"
|
x._domainkey 3600 IN TXT v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyLlrgdsO4jLncMoGAowlE14oB9R2ESxNLRBtkzc24LOPJ1CwEIE+5AHZd+ZRMwiD7fdXcyCH7/E1BRXWT+TtLnKnBgf5I0z6EbPqiPPb6nmpDWrbZzA2mdKetAKz0kFJC8oYK7lQF7Bdh57y/HWksoH6yjl1E88m8tEQ/thlyABGjqzV+txgmc1BryFu23KasqI2c4We/KgvsoSSAaUHkjpAMCuJck/P0G9mJWyTHrnZN2gCotyenLBZew0BIbiA2XYp6dQW4sU+MawfZ0E1KA0lem0SRYCB+sGD248uj4xVo9sIiCVyO9EQXy/YCZTeuTQHf1+QeFzI82vIrlv63QIDAQAB
|
||||||
|
|
||||||
; Protect my domain email from spoofing.
|
; Protect my domain email from spoofing.
|
||||||
_dmarc 400 IN TXT "v=DMARC1;p=none;rua=mailto:postmaster@foodogsquared.one;ruf=mailto:admin@foodogsquared.one"
|
_dmarc 400 IN TXT v=DMARC1;p=none;rua=mailto:postmaster@foodogsquared.one;ruf=mailto:admin@foodogsquared.one
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
; Keybase verification key.
|
|
||||||
@ 3600 IN TXT #keybaseVerificationKey#
|
|
||||||
|
|
||||||
; This will make PGP clients find my public key for the email.
|
; This will make PGP clients find my public key for the email.
|
||||||
_hkps._tcp IN SRV 1 1 443 pgp.mailbox.org.
|
_hkps._tcp IN SRV 1 1 443 pgp.mailbox.org.
|
||||||
|
Loading…
Reference in New Issue
Block a user