dns: got a working letsencrypt setup

applications/dns.nix

@@ -121,8 +121,31 @@ in {
           master = true;
           slaves = [ ];
           # need to write this to a file
-            file = pkgs.writeText "dns_zone_skynet"
+          file = "/etc/dns_custom/dns_zone_skynet";
           # no leading whitespace for first line
+
+        };
+      };
+    };
+
+    # creates a folder in /etc for the dns to use
+    users.users.named = {
+      createHome = true;
+      home = "/etc/dns_custom";
+    };
+
+    environment.etc = {
+      # Creates /etc/dns_custom/dns_zone_skynet
+
+      "dns_custom/dns_zone_skynet" = {
+        user = "named";
+        group = "named";
+
+        # The UNIX file mode bits
+        mode = "0644";
+
+
+        text =
           ''
           $TTL 60  ; 1 minute
           ; hostmaster@skynet.ie is an email address that recieves stuff related to dns
@@ -170,9 +193,4 @@ in {
       };
     };
   };
-
-    };
-
-
-
 }

machines/_base.nix

@@ -35,16 +35,16 @@
     # cannot use our own it seems?
     nameservers = [
       # ns2
-      #"193.1.99.109"
+      "193.1.99.109"
       # ns1
-      #"193.1.99.120"
+      "193.1.99.120"
 
       # Cloudflare
-      "1.1.1.1"
+      #"1.1.1.1"
       # Google
-      "8.8.8.8"
+      #"8.8.8.8"
       # Quad9
-      "9.9.9.9"
+      #"9.9.9.9"
     ];
   };
 

secrets/dns_dnskeys.conf.age

@@ -1,19 +1,31 @@
 age-encryption.org/v1
--> ssh-ed25519 V1pwNA 2ktkYzbOCI8Sedb7cFXrmOL7HqPmMFSmavTgJ/kXVyA
+-> ssh-ed25519 V1pwNA sW0/BN/WfF+8VshBdG/RcuJNUJFoRiV207qXHJ+nEQU
-3kcv57UNk7Hryd8RckwYzuzN7eY6Lle4+DdG+QC86Hk
+3xBHqOiK1MXQpfefvXpsUCAtB8SmpPYQxgWnKLY4/Mo
--> ssh-ed25519 rIwlvw MoH0rHRt6ZL/3Ew1O7zHN9pz5CSA6YxbJ840gx0jCGY
+-> ssh-ed25519 rIwlvw 5N++1xasQ3ngJK8rWcnV1febLgOxdQxzj2FdwLeuvm0
-AO7z51p5PlbAYUZgmk/joTdGeK4SxlCc+VgMcOrxkP0
+Ync9n2pX/MPHi6fKcBw/rir/KUOBDRZapaxxsu+XQyI
--> ssh-ed25519 bPfq4g zu5ZfmzDiMBSn0UUpyO9iFieE7b+MMbuk4X5ABSUwhg
+-> ssh-ed25519 bPfq4g GM5ZOInllLXKdpyIREUMWU0QToOgJe7TNWVoMXbYHTk
-HKNFCsxNqEK94tEnYz5+cVypheP5Cf+5tYRft3rCucY
+EfTBSko70+g28s21kPAWixZmkgbwfmTzosmP11q5Kh0
--> ssh-ed25519 P1ilJQ pnX29lb1zHoXzv4S6+D4VtLPJEsrnkyhfNjsaNwkJmw
+-> ssh-ed25519 P1ilJQ 6NcCV8qZcm4zCPAixGhazZvwh2bQxqHsz0p3XuS54z0
-hXc9XLxtvyzUJNdhPi40bMFzdpuUKOHkpZ3gWMfjWwk
+wUPo7zXREnpUkS8mRTU3tM3WR9QuYiC48Rlzl7CyPdk
--> ssh-ed25519 XSrA6w +h7/dC7DYOcRK1nxTDvdsgDEM43bBChM6vJ4PuL45ww
+-> ssh-ed25519 XSrA6w XV0e5v8rRSuTgsFPNjQOcaQnAJJ4JOCViTsiK7ClFUI
-n0mVPplmTM3A76iF27Wt62RDJ4yeoZa51q6bRhPEcXA
+BgY93FYHCAE2BmcNm8SRYKRqMoXc3IshLxkNlJVGxrU
--> ssh-ed25519 pBdJmw b/oJKbk8mXkUsd0oRuzrAQHTsiZdE8cW5bDC3dM3Vn8
+-> ssh-ed25519 pBdJmw /ppt+XqNCOj3ToS59AbT40lliyPi5aYdgsb+nOd70Cc
-6L+Zry15OyCXKOE71iqihTFVc2WB2Y7X7ZuFZSWXFSw
+pXQqbfdC00/ITW9zblgGS+SCaM84BcWRrVr12Gkaqqk
--> ssh-ed25519 v2Y09A DBZDXfWnm/3d83xG4a7XnMDAU+WYR2l4UDOjWAwlVxA
+-> ssh-ed25519 v2Y09A 25QeUKlLkjSOKFIBUHi8I0yQFtjJ10eMd5skrgB4wh4
-4wE9Ss/D2Mmq4WddUsoa79S3db4Z6vpDs9zQR+zLROw
+87j2b0Lvx+Qow8ggjVmkqDTc9par1RUAfmPxB9hL810
--> R9;-grease
+-> ssh-rsa l6p0xw
-C4FHCe8aUuP55YV6ZnrphOE
+aXJe3/ZW4d1wW58cGO43c1c7VqUid6LQNudUXZQF7hDGwWp66zUeTtJS8iK1uVRr
---- /fL2KiOXipdwzKNjkkfwON+3h9JGa+M8wod12lkJ37A
+fBEd9MfCQXZ6e4mmeEsFDYhhsrihjFNqjv/V229VRfvlh6PFjyFsi8kOZmN0IyPC
-tæwkGï°h€<EFBFBD>mhg?:LïŠXJÍîá‚^NN0O|a|<7C>ˆ3Æ|8E"%™3Z~žuÕ†—brÚˆA. ú)ñqëò,\ñ­62ÕÆؼa`/<1'—rÝËÂÖIV3ÌñP ­_…éìID)RÝ”cVÌc–)BüG<C3BC>ƦO±<4F>²Õ¬;¦RÕö×Ù#4(Å-e£¯DÔ
+rffk42oS9cVuG1JT/98kE56vUdJ098E+D7W5vHD6lVayp97DpncQRNqXyTWMdYB+
+75aHyUnI3JXmhftwPmQXthwKqYm/z5Q1yHtUWqo3VZ/UIN2fWD17XOxIVVdksSh6
+WdhJ7B+KYP1oXHZKeTGMpmPP7FYrgybbFlNl2Bg3+hc2g+Pav63ovnokr4hzmxf9
++Vy0/gwE5tLKYXhSgCsfYLoYLcjh2LtdyWttG7z12TjKFtoxS1wfO71PBmQAWwV6
+MAaOfZdCbxZ6xpcJuvONmuvXaxzOxbZ5bgtrd2msEf2L3xlDDAPzUB786kvTLjjh
+SkQFZvX8SWQBB4u7GKu7jwUYl8zcBfczVvQQ0APL/UUdIyYEClhbJO1MKJHgFAGN
+mnuU0GQguxllgsT6+lNyKT9yP9W7wP92Bh+FzfRBH39Rq+FTb+VSQ5aOdoxtmbdQ
+G99WJKDW0v3JXnveUeNGLXe0p0kH5qBdsZmRGcXmu1Wqwa5iIZKC80HEzztYFngc
+n9dxirg30yQYoGUdASEQUDA55ZWb4hsrY7O1bz/fJ/g
+-> B21^W'i:-grease X\JYH |@t jh9o
+t4jio4eAlhMaiiGmy7ZKe7feRi36XQpUMkHAWyF42EMDbwzRcNVcvophXSQ
+--- mvcfX2P6vxluKGbahXGgsl0bnjzgZF7Gd1HNEDnPh0o
+ç”×<EFBFBD>³í’K˜/Z7ÀA’´0+ÕF)Vço›Ãe(ÉOñ’þ}ç¸cùu([(àm6rB‹y“ÃÛX1=³ð-œî˜”<>_8Ò&âå»ü˔ۊçwÓ?Y,I9
€=8FÌ‘]oaÀWó<0F>íXG;2ó<32>jÃìem­.Høƒ†Þ<0C>Š?ÿ"mÒKF9¢Š	èX¹‰R

secrets/secrets.nix

@@ -16,6 +16,9 @@ let
 
   galatea = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3Mke5YtaMkLvXJxJ3y7YAIEBesoJk3qJyJsnoLUWgW root@galatea";
 
+  # for testing configs at home
+  silver_homelab = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCG1JzosOwS7oKjgm0+FlqMKrUbu+M5403un+VA7LwiGRQnneawuq6aqQsIoDqAlb9AzUdLTeBQb+rBf94kx7yVGdEIz1i34WdMK3kgl176jnDIR4TWeNKdj8Q6+4d7tn5mZrqmpXZ/+1KSauV9JHxytR+7A4NVexkhGX1Mq3efGBYsCKzUQh83lHs2baWUYuxaPCCR6vy6uklzQRQfg+NsxCCUKkbgJwv1ar5U1ccr4N89EWiR2Yu4XsPzXr0JJUQcUy587l+G7QYVoCwVgUKHevCRqtRlmnI6JrzWctQJPpAmWF4EF66QnWccdXUS+aVc0IKP0ORqmz8Nps4NWWVPjRRxeshl2XfFawWxGlgT4WJ0+qv/EDVPZQvNBrjFvY5QBAaU08Nnkg6QzehlwD4/zQQMFiDjMb7sUuhXdq0vOK235QMhS4jtX7Sm2ki6mJdXrlErq9dIaqcoYuw9EtfajaM/NnGYIy97JUOrfztQTAwiuPgrc4DijpdR0QtvYK7NvefiJYcW+osmcv+FYM03kMXK9uGtM6KI44i27ZdsUFWTIHeiR1yBGUfP1ObFLLaNx5E42jSA77RLF8BSUaPbGgRv3OciACNftIKhAJrV4AZGvBbaUvAlzC8CryFAcRDgQwIVlXBJzChc7Rh9/V8I5342Tq7xMmzBQ2WcQdqZ9Q== root@galatea";
+
 
   systems = [
     agentjones
@@ -23,12 +26,13 @@ let
     galatea
     vendetta
     vigil
+
+    silver_homelab
   ];
 in
 {
   # nix run github:ryantm/agenix -- -e secret1.age
 
-  "wireguard.age".publicKeys = users ++ systems;
   "dns_certs.secret.age".publicKeys = users ++ systems;
   "dns_dnskeys.conf.age".publicKeys = users ++ systems;