{ pkgs, lib, config, ... }: with builtins; let inherit (builtins.extraBuiltins) pass git; inherit (lib) toInt; inherit (pkgs.lib) unlinesAttrs types; inherit (config) networking; inherit (config.services) nsd rspamd; # Use the Git commit time of the ${domain}.nix file to set the serial number. # WARNING: the ${domain}.nix must be committed into Git for this to work. serial = domain: toString (git ./. [ "log" "-1" "--format=%ct" "--" (domain + ".nix") ]); # FIXME: make dedicated config options mermetIPv4 = "80.67.180.129"; chomskyIPv4 = "91.216.110.36"; domain = "autogeree.net"; in { services.nsd.zones."${domain}" = { # DOC: https://docs.gandi.net/en/domain_names/advanced_users/secondary_nameserver.html # DOC: https://www.sidn.nl/en/dnssec/dnssec-signatures-in-bind-named provideXFR = [ "217.70.177.40 NOKEY" ]; # Not allowed by 217.70.177.40 #notify = [ "217.70.177.40 NOKEY" ]; dnssec = false; # TODO: increase the TTL once things have settled down data = '' $ORIGIN ${domain}. $TTL 500 ; SOA (Start Of Authority) @ SOA ns admin ( ${toString (toInt (serial domain) - 1581021859 + 2016043001)} ; Serial number 24h ; Refresh 15m ; Retry 1000h ; Expire (1000h) 1d ; Negative caching ) ; NS (Name Server) @ NS ns @ NS ns6.gandi.net. ; A (DNS -> IPv4) @ A ${mermetIPv4} chomsky A ${chomskyIPv4} mermet A ${mermetIPv4} ; CNAME autoconfig CNAME mermet code CNAME mermet git CNAME mermet imap CNAME mermet mail CNAME mermet ns CNAME mermet pop CNAME mermet smtp CNAME mermet submission CNAME mermet www CNAME mermet ; SPF (Sender Policy Framework) @ 3600 IN SPF "v=spf1 mx ip4:${mermetIPv4} -all" @ 3600 IN TXT "v=spf1 mx ip4:${mermetIPv4} -all" ; MX (Mail eXchange) @ 180 MX 5 mail ; SRV (SeRVice) _git._tcp.git 18000 IN SRV 0 0 9418 git ''; }; }