diff options
Diffstat (limited to 'hosts/kay/modules/dns')
| -rw-r--r-- | hosts/kay/modules/dns/5.6.e.e.0.7.4.0.1.0.0.2.ip6.arpa.zone | 14 | ||||
| -rw-r--r-- | hosts/kay/modules/dns/ddns.nix | 44 | ||||
| -rw-r--r-- | hosts/kay/modules/dns/default.nix | 137 | ||||
| -rw-r--r-- | hosts/kay/modules/dns/sinanmohd.com.zone | 46 |
4 files changed, 0 insertions, 241 deletions
diff --git a/hosts/kay/modules/dns/5.6.e.e.0.7.4.0.1.0.0.2.ip6.arpa.zone b/hosts/kay/modules/dns/5.6.e.e.0.7.4.0.1.0.0.2.ip6.arpa.zone deleted file mode 100644 index 69b3524..0000000 --- a/hosts/kay/modules/dns/5.6.e.e.0.7.4.0.1.0.0.2.ip6.arpa.zone +++ /dev/null @@ -1,14 +0,0 @@ -$ORIGIN 5.6.e.e.0.7.4.0.1.0.0.2.ip6.arpa. -$TTL 2d - -@ IN SOA ns1.sinanmohd.com. sinan.sinanmohd.com. ( - 2024020400 ; serial - 2h ; refresh - 5m ; retry - 1d ; expire - 5m ) ; nx ttl - - IN NS ns1.sinanmohd.com. - -1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR ns1.sinanmohd.com. -7.3.3.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR mail.sinanmohd.com. diff --git a/hosts/kay/modules/dns/ddns.nix b/hosts/kay/modules/dns/ddns.nix deleted file mode 100644 index e6e417a..0000000 --- a/hosts/kay/modules/dns/ddns.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ pkgs, ... }: { - services.pppd.script = { - "02-ddns-ipv4" = { - runtimeInputs = with pkgs; [ coreutils knot-dns ]; - type = "ip-up"; - - text = '' - cat <<- EOF | knsupdate - server 2001:470:ee65::1 - zone sinanmohd.com. - - update delete sinanmohd.com. A - update add sinanmohd.com. 180 A $4 - - update delete mail.sinanmohd.com. A - update add mail.sinanmohd.com. 180 A $4 - - send - EOF - ''; - }; - - "02-ddns-ipv6" = { - runtimeInputs = with pkgs; [ coreutils knot-dns iproute2 gnugrep ]; - type = "ipv6-up"; - - text = '' - while ! ipv6="$(ip -6 addr show dev "$1" scope global | grep -o '[0-9a-f:]*::1')"; do - sleep 0.2 - done - - cat <<- EOF | knsupdate - server 2001:470:ee65::1 - zone sinanmohd.com. - - update delete sinanmohd.com. AAAA - update add sinanmohd.com. 180 AAAA $ipv6 - - send - EOF - ''; - }; - }; -} diff --git a/hosts/kay/modules/dns/default.nix b/hosts/kay/modules/dns/default.nix deleted file mode 100644 index 1146cc3..0000000 --- a/hosts/kay/modules/dns/default.nix +++ /dev/null @@ -1,137 +0,0 @@ -{ config, pkgs, ... }: let - listen_addr = "2001:470:ee65::1"; - - acmeSOA = pkgs.writeText "acmeSOA" '' - $TTL 2d - - @ IN SOA ns1.sinanmohd.com. sinan.sinanmohd.com. ( - 2024020505 ; serial - 2h ; refresh - 5m ; retry - 1d ; expire - 5m ) ; nx ttl - - IN NS ns1.sinanmohd.com. - ''; -in { - imports = [ ./ddns.nix ]; - - networking.firewall = { - allowedTCPPorts = [ 53 ]; - allowedUDPPorts = [ 53 ]; - }; - - sops.secrets.dns = { - owner = config.systemd.services.knot.serviceConfig.User; - group = config.systemd.services.knot.serviceConfig.Group; - }; - - services.knot = { - enable = true; - keyFiles = [ config.sops.secrets.dns.path ]; - - settings = { - server.listen = listen_addr; - - remote = [ - { - id = "ns1.he.net"; - address = [ "2001:470:100::2" "216.218.130.2" ]; - via = "2001:470:ee65::1"; - } - { - id = "m.gtld-servers.net"; - address = [ "2001:501:b1f9::30" "192.55.83.30" ]; - } - ]; - - submission = [{ - id = "gtld-servers.net"; - parent = "m.gtld-servers.net"; - }]; - - policy = [{ - id = "gtld-servers.net"; - algorithm = "ecdsap384sha384"; - ksk-lifetime = "365d"; - ksk-submission = "gtld-servers.net"; - }]; - - # generate TSIG key with keymgr -t name - acl = [ - { - id = "ns1.he.net"; - key = "ns1.he.net"; - address = [ "2001:470:600::2" "216.218.133.2" ]; - action = "transfer"; - } - { - id = "localhost"; - address = [ listen_addr ]; - update-type = [ "A" "AAAA" ]; - action = "update"; - } - { - id = "acme"; - address = [ listen_addr ]; - update-type = [ "TXT" ]; - action = "update"; - } - ]; - - mod-rrl = [{ - id = "default"; - rate-limit = 200; - slip = 2; - }]; - - template = [ - { - id = "default"; - semantic-checks = "on"; - global-module = "mod-rrl/default"; - } - { - id = "master"; - semantic-checks = "on"; - - dnssec-signing = "on"; - dnssec-policy = "gtld-servers.net"; - - notify = [ "ns1.he.net" ]; - acl = [ "ns1.he.net" "localhost" ]; - - zonefile-sync = "-1"; - zonefile-load = "difference"; - } - { - id = "acme"; - semantic-checks = "on"; - acl = [ "acme" ]; - - zonefile-sync = "-1"; - zonefile-load = "difference"; - journal-content = "changes"; - } - ]; - - zone = [ - { - domain = "sinanmohd.com"; - file = ./sinanmohd.com.zone; - template = "master"; - } - { - domain = "_acme-challenge.sinanmohd.com"; - file = acmeSOA; - template = "acme"; - } - { - domain = "5.6.e.e.0.7.4.0.1.0.0.2.ip6.arpa"; - file = ./5.6.e.e.0.7.4.0.1.0.0.2.ip6.arpa.zone; - } - ]; - }; - }; - -} diff --git a/hosts/kay/modules/dns/sinanmohd.com.zone b/hosts/kay/modules/dns/sinanmohd.com.zone deleted file mode 100644 index 0409efc..0000000 --- a/hosts/kay/modules/dns/sinanmohd.com.zone +++ /dev/null @@ -1,46 +0,0 @@ -$ORIGIN sinanmohd.com. -$TTL 2d - -@ IN SOA ns1 hostmaster ( - 2024022700 ; serial - 2h ; refresh - 5m ; retry - 1d ; expire - 5m ) ; nx ttl - - IN NS ns1 - IN NS ns2.he.net. - IN NS ns3.he.net. - IN NS ns4.he.net. - IN NS ns5.he.net. - - 30 IN A 127.0.0.1 - 30 IN AAAA ::1 - - IN MX 10 mail - - IN TXT "v=spf1 mx -all" -_dmarc IN TXT "v=DMARC1; p=reject; rua=mailto:reports@sinanmohd.com; ruf=mailto:reports@sinanmohd.com; adkim=s; aspf=s" - -ed25519._domainkey IN TXT "v=DKIM1; k=ed25519; p=EHk924AruF9Y0Xaf009rpRl+yGusjmjT1Zeho67BnDU=" -rsa._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4HEqO63fSC0cUnJt9vAQBssTkPfT4QefmAK/1BtAIRIOdGakf7PI7p3A1ETgwfYxuHj7BUSzUtESsHMThbhB1Wko79+AR+5ZBDBmD8CE0dOnZfzeG8xIaGfYkaL4gana6YZWiBT2oi/CimJfc22wacF01SufOs4R8cDpy4BZIgDD/zfF4bFTORQ0vMSJQJkp1zdQelERDU5CEezgxgVYgoSmdEpgkhc23PJSyj4Z7hA69N0amsb3cVVrfVXcYvSqTK3S2vLLA89ws4CUjCCpUW40gVIP8QP6CqTL76936Oo7OVWgmV3Sn3wa8FMN6IATY+fbMlrdOMsPY5PauJyEoQIDAQAB" - -ns1 IN AAAA 2001:470:ee65::1 - -mail 30 IN A 127.0.0.1 -mail IN AAAA 2001:470:ee65::1337 -smtp IN CNAME @ -imap IN CNAME @ -mta-sts IN CNAME @ - -_mta-sts IN TXT "v=STSv1; id=2024022500" -_smtp._tls IN TXT "v=TLSRPTv1; rua=mailto:reports@sinanmohd.com" - -www IN CNAME @ -git IN CNAME @ -bin IN CNAME @ -static IN CNAME @ - -lia IN A 65.0.3.127 - -_acme-challenge IN NS ns1 |