hosts/plover: add Keybase verification key

hosts/plover/config/dns/foodogsquared.one.zone

@@ -4,7 +4,7 @@ $TTL 12h
 $ORIGIN foodogsquared.one.
 
 @	3600	IN	SOA	ns1 hostmaster (
-				2023062601 	; serial number
+				2023072101 	; serial number
 				1h		; refresh
 				15m		; update retry
 				3w		; expiry
@@ -22,6 +22,9 @@ $ORIGIN foodogsquared.one.
 	IN	MX	20 mxext3.mailbox.org.
 	IN	TXT	v=spf1 include:mailbox.org ~all
 
+; Keybase verification key.
+@	3600	IN	TXT #keybaseVerificationKey#
+
 ; This is something that is needed for mailbox.org to verify it is indeed in my
 ; domain.
 #mailboxSecurityKey#	3600	IN	TXT	#mailboxSecurityKeyRecord#

hosts/plover/modules/services/bind.nix

@@ -62,6 +62,7 @@ in
     lib.getSecrets ../../secrets/secrets.yaml {
       "dns/${domain}/mailbox-security-key" = dnsFileAttribute;
       "dns/${domain}/mailbox-security-key-record" = dnsFileAttribute;
+      "dns/${domain}/keybase-verification-key" = dnsFileAttribute;
       "dns/${domain}/rfc2136-key" = dnsFileAttribute // {
         reloadUnits = [ "bind.service" ];
       };
@@ -189,13 +190,13 @@ in
         secretPath = path: config.sops.secrets."dns/${path}".path;
       in
       lib.mkAfter ''
-        [ -f '${domainZone'}' ] || {
+        {
           install -Dm0600 '${domainZone}' '${domainZone'}'
           replace-secret #mailboxSecurityKey# '${secretPath "${domain}/mailbox-security-key"}' '${domainZone'}'
           replace-secret #mailboxSecurityKeyRecord# '${secretPath "${domain}/mailbox-security-key-record"}' '${domainZone'}'
         }
 
-        [ -f '${fqdnZone'}' ] || {
+        {
           install -Dm0600 '${fqdnZone}' '${fqdnZone'}'
         }
       '';

hosts/plover/secrets/secrets.yaml

@@ -40,6 +40,7 @@ dns:
     foodogsquared.one:
         mailbox-security-key: ENC[AES256_GCM,data:CmiAcewC47dTlKX+PmWJrnSM7dreMImEL3nw6+MnJ2MCwcnakT8zUw==,iv:tRh4d+QUUqxzz+c0r6NLnnPOgqtYZNdE3RgCa7MbvE4=,tag:RHkPwRVt8+YCw61RwBZZzg==,type:str]
         mailbox-security-key-record: ENC[AES256_GCM,data:vXwTyZEsov20GDkg/X2P/MJFKWkrijnNNHrGRp0AMJORh0H5/mnshQ==,iv:7BKnkKj1vwLYCcm1uoHF+Ndunl2enSoXRpReW/uuaAo=,tag:KTzU1MMwXard4+Ar4WrJhA==,type:str]
+        keybase-verification-key: ENC[AES256_GCM,data:HyNegHeHJCl39MV6RRpz2MmFXGfyp/riNnwWXTXGJye2wULe+y19DGPVdBSm9IaJKwK2CYtGDAQhD9OUw0MheQ252Xe3,iv:Lt/nKV++KjHaXip3zy3bB5oNPzO3Z5mIdZZEtDBKwLY=,tag:OpNhjpsUbBnGSJNYwlqDbQ==,type:str]
         rfc2136-key: ENC[AES256_GCM,data:K6CRj09oQA/po/IYfM/LH1y8Hjt/gXewUxfDcEzZVsFCYs4CEpysnhFlu6P9Srwy0lXapZI+4x4kB0mY5TarxZc5OFpx+6Xslw964x10Eot1sTFn8Y7Mrogh8VwHFXdtKuvHKkHcW2nZshBnKv0FPsy6Wvv79NUwEfc=,iv:TJiq+z552fT0vVT1WKJUUwB+oP/sUGIav1ab8G/1ENc=,tag:aqpBcdWh2i551p8aAzsUXA==,type:str]
 sops:
     kms: []
@@ -56,8 +57,8 @@ sops:
             ZCtNbnFqdzNkVlBtNjVCdE4yNHMrRjQKfFV4GaReO0UO81xsTB0EuN5ibVsafXJY
             miBgZAZWbJjSBcM4X+Fym/DlxHRoB1a6iFEFN9yg+Z9WI8PfjKnbsA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-06-30T13:22:45Z"
-    mac: ENC[AES256_GCM,data:pmFTsgbR74gvdUToTimXM6PfHijofSGeg35Uq8Y3UVJ6tzGxumh6Mve4/D0CmlirpssbReSlV3twgzhPzRBATVWkaBH7e4g1Xvqp/RFIgdNKi0+b/6PKuk3wZVdwab+kTHPoIL6m1hXUxXcgD5H1Ka8HOYMwLjVMZK/ltFjPfoo=,iv:y5sQeSE2av8a5TW9ovoHQpRrML0oiWuizo9cgFYR07U=,tag:P/H5TpUhwAPaUEPsT47/+g==,type:str]
+    lastmodified: "2023-07-21T09:15:13Z"
+    mac: ENC[AES256_GCM,data:6BJjEsYtFb4v8dmWPHzzL4DJcI4jdTUv0IVeoh9O4pgh4yUnPIxU2c4WJMc+zqrT+A1pwJFDk3BpgRYJ5ydO0+roIJVwzSP5nAc8HTi/DzTsiK3kjv6//DkT5vC7J+w1AcDJraoZUSIuiOX9hJRh4YK9looOvDi+j1WQG5rWwj0=,iv:fEKMILwu05WGJYphnx2pIKR4RqXmogx/Xb1pKs+E07g=,tag:+m9TjzXtWfQwwkdcmSI4lA==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.7.3