Skynet/nixos
7
1
Fork 0
Code Issues 45 Pull requests 1 Projects Releases Packages Wiki Activity Actions

dns: got a working letsencrypt setup

Browse source
This commit is contained in:
silver 2023-04-23 04:22:01 +01:00
parent ef37392f07
commit 6119c9a88a
6 changed files with 145 additions and 111 deletions
Download patch file Download diff file Expand all files Collapse all files

192
applications/dns.nix
View file

@ -73,106 +73,124 @@ in {
};
services.bind = {
enable = true;
enable = true;
ipv4Only = true;
ipv4Only = true;
# need to take a look at https://nixos.org/manual/nixos/unstable/#module-security-acme-config-dns
extraConfig = ''
include "/run/agenix/dns_dnskeys";
'';
# need to take a look at https://nixos.org/manual/nixos/unstable/#module-security-acme-config-dns
extraConfig = ''
include "/run/agenix/dns_dnskeys";
'';
# set the upstream dns servers
# overrides the default dns servers
forwarders = [
# Cloudflare
"1.1.1.1"
# Google
"8.8.8.8"
# Quad9
"9.9.9.9"
];
# set the upstream dns servers
# overrides the default dns servers
forwarders = [
# Cloudflare
"1.1.1.1"
# Google
"8.8.8.8"
# Quad9
"9.9.9.9"
];
cacheNetworks = [
# this server itself
"127.0.0.0/24"
# all of skynet can use this as a resolver
"193.1.99.64/26"
];
cacheNetworks = [
# this server itself
"127.0.0.0/24"
# all of skynet can use this as a resolver
"193.1.99.64/26"
];
zones = {
/*
put any other zones above skynet and link to their files like so:
zones = {
/*
put any other zones above skynet and link to their files like so:
example.ie = {
extraConfig = "";
file = ./dns/example;
master = true;
masters = [];
slaves = [ ];
};
Skynet is handled a bit more dynamically since it is the key one we should focus on
*/
"skynet.ie" = {
extraConfig = "allow-update { key rfc2136key.skynet.ie.; };";
# really wish teh nixos config didnt use master/slave
example.ie = {
extraConfig = "";
file = ./dns/example;
master = true;
masters = [];
slaves = [ ];
# need to write this to a file
file = pkgs.writeText "dns_zone_skynet"
# no leading whitespace for first line
''
$TTL 60 ; 1 minute
; hostmaster@skynet.ie is an email address that recieves stuff related to dns
@ IN SOA ${cfg.own.nameserver}.skynet.ie. hostmaster.skynet.ie. (
2023011701 ; Serial (YYYYMMDDCC)
600 ; Refresh (10 minutes)
300 ; Retry (5 minutes)
2419200 ; Expire (4 weeks)
3600 ; Minimum (1 hour)
)
NS ns1.skynet.ie.
NS ns2.skynet.ie.
; @ stands for teh root domain so teh A record below is where skynet.ie points to
A 193.1.99.76
MX 5 mail.skynet.ie.
; can have multiple mailserves
;MX 20 mail2.skynet.ie.
; ------------------------------------------
; Server Names
; ------------------------------------------
; External addresses
; ------------------------------------------
${lib.strings.concatMapStrings (x: x + "\n") cfg.records.external}
; this is fixed for now
wintermute A 193.1.101.148
; internal addresses
; ------------------------------------------
; May come back to this idea in teh future
; agentjones.int A 172.20.20.1
; cname's
; ------------------------------------------
${lib.strings.concatMapStrings (x: x + "\n") cfg.records.cname}
'';
};
Skynet is handled a bit more dynamically since it is the key one we should focus on
*/
"skynet.ie" = {
extraConfig = "allow-update { key rfc2136key.skynet.ie.; };";
# really wish teh nixos config didnt use master/slave
master = true;
slaves = [ ];
# need to write this to a file
file = "/etc/dns_custom/dns_zone_skynet";
# no leading whitespace for first line
};
};
};
# creates a folder in /etc for the dns to use
users.users.named = {
createHome = true;
home = "/etc/dns_custom";
};
environment.etc = {
# Creates /etc/dns_custom/dns_zone_skynet
"dns_custom/dns_zone_skynet" = {
user = "named";
group = "named";
# The UNIX file mode bits
mode = "0644";
text =
''
$TTL 60 ; 1 minute
; hostmaster@skynet.ie is an email address that recieves stuff related to dns
@ IN SOA ${cfg.own.nameserver}.skynet.ie. hostmaster.skynet.ie. (
2023011701 ; Serial (YYYYMMDDCC)
600 ; Refresh (10 minutes)
300 ; Retry (5 minutes)
2419200 ; Expire (4 weeks)
3600 ; Minimum (1 hour)
)
NS ns1.skynet.ie.
NS ns2.skynet.ie.
; @ stands for teh root domain so teh A record below is where skynet.ie points to
A 193.1.99.76
MX 5 mail.skynet.ie.
; can have multiple mailserves
;MX 20 mail2.skynet.ie.
; ------------------------------------------
; Server Names
; ------------------------------------------
; External addresses
; ------------------------------------------
${lib.strings.concatMapStrings (x: x + "\n") cfg.records.external}
; this is fixed for now
wintermute A 193.1.101.148
; internal addresses
; ------------------------------------------
; May come back to this idea in teh future
; agentjones.int A 172.20.20.1
; cname's
; ------------------------------------------
${lib.strings.concatMapStrings (x: x + "\n") cfg.records.cname}
'';
};
};
};
}