hosts/plover/services/dns-server: fix server settings and its zone files

This commit is contained in:
Gabriel Arazas 2024-09-28 19:01:59 +08:00
parent 4fd843bd92
commit 1a6ba1df90
No known key found for this signature in database
GPG Key ID: 62104B43D00AA360
2 changed files with 14 additions and 20 deletions

View File

@ -8,20 +8,21 @@ let
cfg = hostCfg.services.dns-server; cfg = hostCfg.services.dns-server;
inherit (config.networking) domain fqdn; inherit (config.networking) domain fqdn;
inherit (config.state.network.interfaces) wan lan;
zonesDir = "/etc/bind/zones"; zonesDir = "/etc/bind/zones";
getZoneFile = domain: "${zonesDir}/${domain}.zone"; getZoneFile = domain: "${zonesDir}/${domain}.zone";
zonefile = pkgs.substituteAll { zonefile = pkgs.substituteAll {
src = ./zones/${domain}.zone; src = ./zones/${domain}.zone;
ploverWANIPv4 = config.state.network.ipv4; ploverWANIPv4 = wan.ipv4;
ploverWANIPv6 = config.state.network.ipv6; ploverWANIPv6 = wan.ipv6;
}; };
fqdnZone = pkgs.substituteAll { fqdnZone = pkgs.substituteAll {
src = ./zones/${fqdn}.zone; src = ./zones/${fqdn}.zone;
ploverWANIPv4 = config.state.network.ipv4; ploverLANIPv4 = wan.ipv4;
ploverWANIPv6 = config.state.network.ipv6; ploverLANIPv6 = wan.ipv6;
}; };
dnsSubdomain = "ns1.${domain}"; dnsSubdomain = "ns1.${domain}";
@ -66,18 +67,16 @@ in
listenOn = [ listenOn = [
"127.0.0.1" "127.0.0.1"
config.state.network.ipv4 wan.ipv4
lan.ipv4
]; ];
listenOnIpv6 = [ listenOnIpv6 = [
"::1" "::1"
config.state.network.ipv6 wan.ipv6
lan.ipv6
]; ];
extraConfig = ''
include "${config.state.paths.dataDir}/dns/*-dnskeys.conf";
'';
# Welp, since the template is pretty limited, we'll have to go with our # Welp, since the template is pretty limited, we'll have to go with our
# own. This is partially based from the NixOS Bind module except without # own. This is partially based from the NixOS Bind module except without
# the template for filling in zones since we use views. # the template for filling in zones since we use views.
@ -187,10 +186,10 @@ in
in in
lib.mkAfter '' lib.mkAfter ''
# Install the domain zone. # Install the domain zone.
[ -f ${lib.escapeShellArg domainZone'} ] && install -Dm0600 ${zonefile} ${lib.escapeShellArg domainZone'} [ -f ${lib.escapeShellArg domainZone'} ] || install -Dm0600 ${zonefile} ${lib.escapeShellArg domainZone'}
# Install the internal DNS zones. # Install the internal DNS zones.
[ -f ${lib.escapeShellArg fqdnZone'} ] && install -Dm0600 '${fqdnZone}' ${lib.escapeShellArg fqdnZone'} [ -f ${lib.escapeShellArg fqdnZone'} ] || install -Dm0600 '${fqdnZone}' ${lib.escapeShellArg fqdnZone'}
''; '';
serviceConfig = { serviceConfig = {

View File

@ -18,18 +18,13 @@ $ORIGIN foodogsquared.one.
; https://mxroutedocs.com/ ; https://mxroutedocs.com/
@ IN MX 10 heracles.mxrouting.net. @ IN MX 10 heracles.mxrouting.net.
IN MX 20 heracles-relay.mxrouting.net. IN MX 20 heracles-relay.mxrouting.net.
IN TXT "v=spf1 include:mxlogin.com -all" IN TXT v=spf1 include:mxlogin.com -all
; Protect the validity of my emails sent by me!!!! ; Protect the validity of my emails sent by me!!!!
x._domainkey 3600 IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyLlrgdsO4jLncMoGAowlE14oB9R2ESxNLRBtkzc24LOPJ1CwEIE+5AHZd+ZRMwiD7fdXcyCH7/E1BRXWT+TtLnKnBgf5I0z6EbPqiPPb6nmpDWrbZzA2mdKetAKz0kFJC8oYK7lQF7Bdh57y/HWksoH6yjl1E88m8tEQ/thlyABGjqzV+txgmc1BryFu23KasqI2c4We/KgvsoSSAaUHkjpAMCuJck/P0G9mJWyTHrnZN2gCotyenLBZew0BIbiA2XYp6dQW4sU+MawfZ0E1KA0lem0SRYCB+sGD248uj4xVo9sIiCVyO9EQXy/YCZTeuTQHf1+QeFzI82vIrlv63QIDAQAB" x._domainkey 3600 IN TXT v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyLlrgdsO4jLncMoGAowlE14oB9R2ESxNLRBtkzc24LOPJ1CwEIE+5AHZd+ZRMwiD7fdXcyCH7/E1BRXWT+TtLnKnBgf5I0z6EbPqiPPb6nmpDWrbZzA2mdKetAKz0kFJC8oYK7lQF7Bdh57y/HWksoH6yjl1E88m8tEQ/thlyABGjqzV+txgmc1BryFu23KasqI2c4We/KgvsoSSAaUHkjpAMCuJck/P0G9mJWyTHrnZN2gCotyenLBZew0BIbiA2XYp6dQW4sU+MawfZ0E1KA0lem0SRYCB+sGD248uj4xVo9sIiCVyO9EQXy/YCZTeuTQHf1+QeFzI82vIrlv63QIDAQAB
; Protect my domain email from spoofing. ; Protect my domain email from spoofing.
_dmarc 400 IN TXT "v=DMARC1;p=none;rua=mailto:postmaster@foodogsquared.one;ruf=mailto:admin@foodogsquared.one" _dmarc 400 IN TXT v=DMARC1;p=none;rua=mailto:postmaster@foodogsquared.one;ruf=mailto:admin@foodogsquared.one
; Keybase verification key.
@ 3600 IN TXT #keybaseVerificationKey#
; This will make PGP clients find my public key for the email. ; This will make PGP clients find my public key for the email.
_hkps._tcp IN SRV 1 1 443 pgp.mailbox.org. _hkps._tcp IN SRV 1 1 443 pgp.mailbox.org.