# WARNING: this does not take other .nix into account, though they may contribute to the zone's data.
serial = domain: toString (git ./. [ "log" "-1" "--format=%ct" "--" (domain + ".nix") ]);
mermetIPv4 = "80.67.180.129";
+ losurdoIPv4 = "80.67.180.251";
domain = "sourcephile.fr";
in
{
+systemd.services."acme-${domain}".after = [
+ "unbound.service"
+];
security.acme.certs."${domain}" = {
email = "root@${domain}";
extraDomains = {
acl: acl_acme_challenge_sourcephile_fr
dnssec-signing: on
dnssec-policy: rsa
+ - domain: whoami4.${domain}
+ module: mod-whoami
+ file: "${pkgs.writeText "whoami4.zone" ''
+ $TTL 1
+ @ SOA ns root.${domain}. (
+ ${serial domain} ; SERIAL
+ 86400 ; REFRESH
+ 86400 ; RETRY
+ 86400 ; EXPIRE
+ 1 ; MINIMUM
+ )
+ $TTL 86400
+ @ NS ns
+ ns A ${mermetIPv4}
+ ''}"
'';
# TODO: increase the TTL once things have settled down
data = ''
$TTL 500
; SOA (Start Of Authority)
- @ SOA ns admin (
+ @ SOA ns root (
${serial domain} ; Serial number
24h ; Refresh
15m ; Retry
; NS (Name Server)
@ NS ns
@ NS ns6.gandi.net.
+ whoami4 NS ns.whoami4
+ ns.whoami4 A ${mermetIPv4}
; A (DNS -> IPv4)
@ A ${mermetIPv4}
mermet A ${mermetIPv4}
+ losurdo A ${losurdoIPv4}
autoconfig A ${mermetIPv4}
+ doc A ${mermetIPv4}
code A ${mermetIPv4}
git A ${mermetIPv4}
imap A ${mermetIPv4}
smtp A ${mermetIPv4}
submission A ${mermetIPv4}
www A ${mermetIPv4}
+ lemoutona5pattes A ${mermetIPv4}
+ covid19 A ${mermetIPv4}
; SPF (Sender Policy Framework)
@ 3600 IN SPF "v=spf1 mx ip4:${mermetIPv4} -all"
@ CAA 128 issue "letsencrypt.org"
'';
};
+/* Useless since the zone is public
+services.unbound.extraConfig = ''
+ stub-zone:
+ name: "sourcephile.fr"
+ stub-addr: 127.0.0.1@5353
+'';
+*/
}