foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-04-16 00:19:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

hosts/plover: update Bind secrets permission

Browse Source
This commit is contained in:
Gabriel Arazas 2023-06-29 09:46:35 +08:00
parent a8aef35c5c
commit 9c3d3901ab
No known key found for this signature in database
GPG Key ID: ADE0C41DAB221FCC
1 changed files with 8 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
hosts/plover/modules/services/bind.nix
View File

@ -14,8 +14,6 @@ let
(lib.attrValues secondaryNameServers);
secondaryNameServersIPs = secondaryNameServersIPv4 ++ secondaryNameServersIPv6;
serviceUser = config.users.users.named.name;
domainZone = pkgs.substituteAll {
src = ../../config/dns/${domain}.zone;
ploverWANIPv4 = interfaces.wan.IPv4.address;
@ -67,16 +65,17 @@ in
"plover/${secret}"
((getKey secret) // config))
secrets;
dnsFileAttribute = {
owner = config.users.users.named.name;
group = config.users.users.named.group;
mode = "0400";
};
in
getSecrets {
"dns/${domain}/mailbox-security-key" = { };
"dns/${domain}/mailbox-security-key-record" = { };
"dns/${domain}/rfc2136-key" = {
owner = serviceUser;
group = "root";
"dns/${domain}/mailbox-security-key" = dnsFileAttribute;
"dns/${domain}/mailbox-security-key-record" = dnsFileAttribute;
"dns/${domain}/rfc2136-key" = dnsFileAttribute // {
reloadUnits = [ "bind.service" ];
mode = "0400";
};
};