From e5040278bafbfdbf33732a82e33e81e0666ba530 Mon Sep 17 00:00:00 2001
From: Brendan Golden <git_laptop@brendan.ie>
Date: Thu, 20 Apr 2023 18:50:00 +0100
Subject: [PATCH] acme: config required for the dns side of things

---
 applications/dns.nix | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/applications/dns.nix b/applications/dns.nix
index 529755e..0eba340 100644
--- a/applications/dns.nix
+++ b/applications/dns.nix
@@ -59,6 +59,7 @@ in {
     };
   };
 
+  age.secrets.dns_dnskeys.file = ../secrets/dns_dnskeys.conf.age;
 
   config = lib.mkIf cfg.enable {
     services.bind = {
@@ -66,11 +67,10 @@ in {
 
         ipv4Only = true;
 
-        #forwarders = [
-          # these were in old config file
-          #"193.1.100.130"
-          #"193.1.100.131"
-        #];
+        # need to take a look at https://nixos.org/manual/nixos/unstable/#module-security-acme-config-dns
+        extraConfig = ''
+          include "/run/agenix/dns_dnskeys";
+        '';
 
         zones = {
           /*
@@ -88,7 +88,7 @@ in {
           */
 
           "skynet.ie" = {
-            extraConfig = "";
+            extraConfig = "allow-update { key rfc2136key.skynet.ie.; };";
             # really wish teh nixos config didnt use master/slave
             master = true;
             slaves = [ ];