kay/acme/rfc2136: init

2 files changed, 41 insertions, 3 deletions

diff --git a/hosts/kay/modules/dns/default.nix b/hosts/kay/modules/dns/default.nix
index 28e48c5..1146cc3 100644
--- a/hosts/kay/modules/dns/default.nix
+++ b/hosts/kay/modules/dns/default.nix
@@ -1,5 +1,18 @@
-{ config, ... }: let
+{ config, pkgs, ... }: let
   listen_addr = "2001:470:ee65::1";
+
+  acmeSOA = pkgs.writeText "acmeSOA" ''
+    $TTL 2d
+
+    @	IN	SOA	ns1.sinanmohd.com.	sinan.sinanmohd.com. (
+                        2024020505 ; serial
+                        2h         ; refresh
+                        5m         ; retry
+                        1d         ; expire
+                        5m )       ; nx ttl
+
+        IN	NS	ns1.sinanmohd.com.
+  '';
 in {
   imports = [ ./ddns.nix ];
 
@@ -58,6 +71,12 @@ in {
           update-type = [ "A" "AAAA" ];
           action = "update";
         }
+        {
+          id = "acme";
+          address = [ listen_addr ];
+          update-type = [ "TXT" ];
+          action = "update";
+        }
       ];
 
       mod-rrl = [{
@@ -74,13 +93,25 @@ in {
         }
         {
           id = "master";
+          semantic-checks = "on";
+
           dnssec-signing = "on";
           dnssec-policy = "gtld-servers.net";
-          semantic-checks = "on";
+
           notify = [ "ns1.he.net" ];
           acl = [ "ns1.he.net" "localhost" ];
+
+          zonefile-sync = "-1";
+          zonefile-load = "difference";
+        }
+        {
+          id = "acme";
+          semantic-checks = "on";
+          acl = [ "acme" ];
+
           zonefile-sync = "-1";
           zonefile-load = "difference";
+          journal-content = "changes";
         }
       ];
 
@@ -91,6 +122,11 @@ in {
           template = "master";
         }
         {
+          domain = "_acme-challenge.sinanmohd.com";
+          file = acmeSOA;
+          template = "acme";
+        }
+        {
           domain = "5.6.e.e.0.7.4.0.1.0.0.2.ip6.arpa";
           file = ./5.6.e.e.0.7.4.0.1.0.0.2.ip6.arpa.zone;
         }
diff --git a/hosts/kay/modules/dns/sinanmohd.com.zone b/hosts/kay/modules/dns/sinanmohd.com.zone
index 1c92366..2ea2925 100644
--- a/hosts/kay/modules/dns/sinanmohd.com.zone
+++ b/hosts/kay/modules/dns/sinanmohd.com.zone
@@ -2,7 +2,7 @@ $ORIGIN sinanmohd.com.
 $TTL 2d
 
 @	IN	SOA	ns1	sinan (
-			2024020400 ; serial
+			2024020800 ; serial
 			2h         ; refresh
 			5m         ; retry
 			1d         ; expire
@@ -23,3 +23,5 @@ www	IN	CNAME	@
 git	IN	CNAME	@
 bin	IN	CNAME	@
 static	IN	CNAME	@
+
+_acme-challenge	IN	NS	ns1