foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-03-14 18:18:59 +00:00
Code Issues Actions 7 Packages Projects Releases Wiki Activity

hosts/plover: update DNS server setup

Browse Source
This commit is contained in:
Gabriel Arazas 2023-02-22 11:28:59 +08:00
parent 84b4e3be3e
commit 41fd659453
No known key found for this signature in database
GPG Key ID: ADE0C41DAB221FCC
3 changed files with 14 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
hosts/plover/config/coredns/foodogsquared.one.zone
View File

@ -3,7 +3,7 @@
$TTL 12h $TTL 12h
@ 3600 IN SOA ns1.first-ns.de. hostmaster.foodogsquared.one. ( @ 3600 IN SOA ns1.first-ns.de. hostmaster.foodogsquared.one. (
2023021701 ; serial number 2023021803 ; serial number
1h ; refresh 1h ; refresh
15m ; update retry 15m ; update retry
3w ; expiry 3w ; expiry
@ -19,11 +19,11 @@ $TTL 12h
@ IN MX 10 mxext1.mailbox.org. @ IN MX 10 mxext1.mailbox.org.
IN MX 10 mxext2.mailbox.org. IN MX 10 mxext2.mailbox.org.
IN MX 20 mxext3.mailbox.org. IN MX 20 mxext3.mailbox.org.
IN TXT "v=spf1 include:mailbox.org ~all" IN TXT v=spf1 include:mailbox.org ~all
; This is something that is needed for mailbox.org to verify it is indeed in my ; This is something that is needed for mailbox.org to verify it is indeed in my
; domain. ; domain.
#mailboxSecurityKey# IN TXT "#mailboxSecurityKeyRecord#" #mailboxSecurityKey# 3600 IN TXT #mailboxSecurityKeyRecord#
; Protect the validity of my emails sent by me!!!! ; Protect the validity of my emails sent by me!!!!
MBO0001._domainkey IN CNAME MBO0001._domainkey.mailbox.org. MBO0001._domainkey IN CNAME MBO0001._domainkey.mailbox.org.
@ -32,7 +32,7 @@ MBO0003._domainkey IN CNAME MBO0003._domainkey.mailbox.org.
MBO0004._domainkey IN CNAME MBO0004._domainkey.mailbox.org. MBO0004._domainkey IN CNAME MBO0004._domainkey.mailbox.org.
; Protect my domain email from spoofing. ; Protect my domain email from spoofing.
_dmarc IN 400 TXT "v=DMARC1;p=none;rua=mailto:postmaster@foodogsquared.one;ruf=mailto:admin@foodogsquared.one" _dmarc 400 IN TXT v=DMARC1;p=none;rua=mailto:postmaster@foodogsquared.one;ruf=mailto:admin@foodogsquared.one
; This will make PGP clients find my public key for the email. ; This will make PGP clients find my public key for the email.
_hkps._tcp IN SRV 1 1 443 pgp.mailbox.org. _hkps._tcp IN SRV 1 1 443 pgp.mailbox.org.

10
hosts/plover/modules/services/coredns.nix
View File

@ -36,7 +36,7 @@ let
# The local network segments. # The local network segments.
allowedIPs = secondaryNameServersIPv4 ++ [ "172.16.0.0/12" ]; allowedIPs = secondaryNameServersIPv4 ++ [ "172.16.0.0/12" ];
allowedIPv6s = secondaryNameServersIPv6 ++ [ "${privateIPv6Prefix}::/64" ]; allowedIPv6s = secondaryNameServersIPv6 ++ [ "${privateIPv6Prefix}::/48" ];
dnsListenAddresses = with interfaces; [ dnsListenAddresses = with interfaces; [
internal.IPv4.address internal.IPv4.address
@ -61,8 +61,8 @@ in
secrets; secrets;
in in
getSecrets { getSecrets {
"dns/mailbox-security-key" = { }; "dns/${domain}/mailbox-security-key" = { };
"dns/mailbox-security-key-record" = { }; "dns/${domain}/mailbox-security-key-record" = { };
}; };
# Generating a certificate for the DNS-over-TLS feature. # Generating a certificate for the DNS-over-TLS feature.
@ -162,8 +162,8 @@ in
lib.mkBefore '' lib.mkBefore ''
install -Dm0644 ${domainZoneFile} ${domainZoneFile'} install -Dm0644 ${domainZoneFile} ${domainZoneFile'}
${replaceSecretBin} '#mailboxSecurityKey#' '${secretsPath "dns/mailbox-security-key"}' '${domainZoneFile'}' ${replaceSecretBin} '#mailboxSecurityKey#' '${secretsPath "dns/${domain}/mailbox-security-key"}' '${domainZoneFile'}'
${replaceSecretBin} '#mailboxSecurityKeyRecord#' '${secretsPath "dns/mailbox-security-key-record"}' '${domainZoneFile'}' ${replaceSecretBin} '#mailboxSecurityKeyRecord#' '${secretsPath "dns/${domain}/mailbox-security-key-record"}' '${domainZoneFile'}'
''; '';
serviceConfig.LoadCredential = let serviceConfig.LoadCredential = let
certDirectory = certs."${dnsDomainName}".directory; certDirectory = certs."${dnsDomainName}".directory;

9
hosts/plover/secrets/secrets.yaml
View File

@ -37,8 +37,9 @@ wireguard:
ni: ENC[AES256_GCM,data:NAgNnVtPKCaaSagWCIet5pd5ZehymJPmhQShoO/ktqa1pl6MtzJsygbTktk=,iv:2/sOdNN6QX1Rou5xnq87t/m/kguPTthOXD8oXJfvM90=,tag:F/I2CYR9O1LAlLs/9LaXGg==,type:str] ni: ENC[AES256_GCM,data:NAgNnVtPKCaaSagWCIet5pd5ZehymJPmhQShoO/ktqa1pl6MtzJsygbTktk=,iv:2/sOdNN6QX1Rou5xnq87t/m/kguPTthOXD8oXJfvM90=,tag:F/I2CYR9O1LAlLs/9LaXGg==,type:str]
phone: ENC[AES256_GCM,data:3wIv8mE7eYhvSjwcE9fwsUZhh2Svmzg+RFjJzvjvMyB9V3uvBYG8vmB751w=,iv:iSm4dXNVqFa52eq0Hhct1MGSoq4x7FFzWdjXHlkGTW8=,tag:Lr463ee5r/ZhEC78uYyzfQ==,type:str] phone: ENC[AES256_GCM,data:3wIv8mE7eYhvSjwcE9fwsUZhh2Svmzg+RFjJzvjvMyB9V3uvBYG8vmB751w=,iv:iSm4dXNVqFa52eq0Hhct1MGSoq4x7FFzWdjXHlkGTW8=,tag:Lr463ee5r/ZhEC78uYyzfQ==,type:str]
dns: dns:
mailbox-security-key: ENC[AES256_GCM,data:e1/y+JNNUxdf5D0OVhTD8hsoPlvV2Jpp3/+nHBktZH02/ZOfa9W5oA==,iv:tR9aVFHuMekr2uz4MaGAddlRsAh9XctS25EO+yMyvhE=,tag:BImSGpx4ltuU1qPTrmioKg==,type:str] foodogsquared.one:
mailbox-security-key-record: ENC[AES256_GCM,data:bP1kKQczfjOQyokOa+cScNs7jKLaXamUHYqzW7k0QRXnin5Nsj7G9w==,iv:l8NtJcYll8rdQJLsuxPIj3Ch3Tc/ESs1wUwPrGRTI7Y=,tag:RWD9mvinKW0xv6GDw/4jkQ==,type:str] mailbox-security-key: ENC[AES256_GCM,data:CmiAcewC47dTlKX+PmWJrnSM7dreMImEL3nw6+MnJ2MCwcnakT8zUw==,iv:tRh4d+QUUqxzz+c0r6NLnnPOgqtYZNdE3RgCa7MbvE4=,tag:RHkPwRVt8+YCw61RwBZZzg==,type:str]
mailbox-security-key-record: ENC[AES256_GCM,data:vXwTyZEsov20GDkg/X2P/MJFKWkrijnNNHrGRp0AMJORh0H5/mnshQ==,iv:7BKnkKj1vwLYCcm1uoHF+Ndunl2enSoXRpReW/uuaAo=,tag:KTzU1MMwXard4+Ar4WrJhA==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -54,8 +55,8 @@ sops:
ZCtNbnFqdzNkVlBtNjVCdE4yNHMrRjQKfFV4GaReO0UO81xsTB0EuN5ibVsafXJY ZCtNbnFqdzNkVlBtNjVCdE4yNHMrRjQKfFV4GaReO0UO81xsTB0EuN5ibVsafXJY
miBgZAZWbJjSBcM4X+Fym/DlxHRoB1a6iFEFN9yg+Z9WI8PfjKnbsA== miBgZAZWbJjSBcM4X+Fym/DlxHRoB1a6iFEFN9yg+Z9WI8PfjKnbsA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-02-11T13:30:33Z" lastmodified: "2023-02-18T12:20:09Z"
mac: ENC[AES256_GCM,data:3/SJstH4DV40P5oRToL77nbGwbIONuhjSrGmlvZvPKip7Mq6VLlpjLZhXWTkuVxZm7bVBloX7QWYZJn0aX9naKOMzqD+EVBmWgP1nC3USfzMXlItOlkrIo04KELb07oKfX8DWvagoZf4BY8p2TVHd4fSZrRJoiATI6TgOoATJeQ=,iv:ZKzNlbZ8mQablscBJKSkd5oTxb5YZQSPmGfjnzpuf4Q=,tag:FjN8/6lksHYw52jUlbQjcA==,type:str] mac: ENC[AES256_GCM,data:b3frDpKobh4Vl/BXX7M0U6eaJ8TdQHylPmUGsZqzGjwxZUMRyrxH/ETx6iseS2aRFyZzShPxJwSETyFswYMuObMRe1pk4DNjYCNCNSn98080nklG4Rod+QrB+p934aGMrpfjd4ZSI3UAQV2AKdZob2ivATwPFj7Q1hMdeXaEJYk=,iv:j+k9tG86UZhBKmSiCz+LtriZj2ajPb6AxuPosoH5bE0=,tag:7NYieEM2XG6Jfaug3UsZFQ==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.7.3 version: 3.7.3