acme: config required for the dns side of things

2023-04-20 18:50:00 +01:00 · 2023-04-20 18:50:00 +01:00 · e5040278ba
commit e5040278ba
parent 1693a9e5fe
1 changed files with 6 additions and 6 deletions
--- a/applications/dns.nix
+++ b/applications/dns.nix
@ -59,6 +59,7 @@ in {
    };
  };

+  age.secrets.dns_dnskeys.file = ../secrets/dns_dnskeys.conf.age;

  config = lib.mkIf cfg.enable {
    services.bind = {
@ -66,11 +67,10 @@ in {

        ipv4Only = true;

-        #forwarders = [
-          # these were in old config file
-          #"193.1.100.130"
-          #"193.1.100.131"
-        #];
+        # need to take a look at https://nixos.org/manual/nixos/unstable/#module-security-acme-config-dns
+        extraConfig = ''
+          include "/run/agenix/dns_dnskeys";
+        '';

        zones = {
          /*
@ -88,7 +88,7 @@ in {
          */

          "skynet.ie" = {
-            extraConfig = "";
+            extraConfig = "allow-update { key rfc2136key.skynet.ie.; };";
            # really wish teh nixos config didnt use master/slave
            master = true;
            slaves = [ ];