nix: update nixpkgs

[sourcephile-nix.git] / hosts / mermet / knot / sourcephile.fr.nix

diff --git a/hosts/mermet/knot/sourcephile.fr.nix b/hosts/mermet/knot/sourcephile.fr.nix
index 56bd653349287e065c26b9ae37eaf7d47361b289..6e06e31fe33d57a3e3f5ff0676138b14c78cc1de 100644 (file)
--- a/hosts/mermet/knot/sourcephile.fr.nix
+++ b/hosts/mermet/knot/sourcephile.fr.nix
@@ -16,7 +16,7 @@ services.knot.zones."${domain}" = {
         action: update
         update-owner: name
         update-owner-match: equal
-        update-owner-name: [_acme-challenge]
+        update-owner-name: [_acme-challenge, _acme-challenge.hut, _acme-challenge.code]
         update-type: [TXT]
       - id: acl_tsig_acme_${domainID}
         key: acme_${domainID}
@@ -86,7 +86,6 @@ services.knot.zones."${domain}" = {
     mermet       A ${hosts.mermet.extraArgs.ipv4}
     autoconfig   A ${hosts.mermet.extraArgs.ipv4}
     doc          A ${hosts.mermet.extraArgs.ipv4}
-    code         A ${hosts.mermet.extraArgs.ipv4}
     git          A ${hosts.mermet.extraArgs.ipv4}
     imap         A ${hosts.mermet.extraArgs.ipv4}
     mail         A ${hosts.mermet.extraArgs.ipv4}
@@ -104,6 +103,18 @@ services.knot.zones."${domain}" = {
     stun         A ${hosts.mermet.extraArgs.ipv4}
     turn         A ${hosts.mermet.extraArgs.ipv4}
     whoami       A ${hosts.mermet.extraArgs.ipv4}
+    code          A ${hosts.mermet.extraArgs.ipv4}
+    builds.code   A ${hosts.mermet.extraArgs.ipv4}
+    dispatch.code A ${hosts.mermet.extraArgs.ipv4}
+    git.code      A ${hosts.mermet.extraArgs.ipv4}
+    hg.code       A ${hosts.mermet.extraArgs.ipv4}
+    hub.code      A ${hosts.mermet.extraArgs.ipv4}
+    lists.code    A ${hosts.mermet.extraArgs.ipv4}
+    meta.code     A ${hosts.mermet.extraArgs.ipv4}
+    man.code      A ${hosts.mermet.extraArgs.ipv4}
+    pages.code    A ${hosts.mermet.extraArgs.ipv4}
+    paste.code    A ${hosts.mermet.extraArgs.ipv4}
+    todo.code     A ${hosts.mermet.extraArgs.ipv4}
 
     ; CNAME (Canonical Name)
     losurdo          CNAME bureau1
@@ -117,13 +128,32 @@ services.knot.zones."${domain}" = {
     cryptpad-sandbox CNAME losurdo
     mumble           CNAME mermet
     freeciv          CNAME losurdo
+    nix-serve        CNAME losurdo
+    nix-extracache   CNAME losurdo
+    nix-localcache   CNAME lan.losurdo
+    hut              CNAME code
+    builds.hut       CNAME builds.code
+    dispatch.hut     CNAME dispatch.code
+    git.hut          CNAME git.code
+    hg.hut           CNAME hg.code
+    hub.hut          CNAME hub.code
+    lists.hut        CNAME lists.code
+    meta.hut         CNAME meta.code
+    man.hut          CNAME man.code
+    pages.hut        CNAME pages.code
+    paste.hut        CNAME paste.code
+    todo.hut         CNAME todo.code
+
+    ; DMARC (Domain-based Message Authentication, Reporting and Conformance)
+    _dmarc 3600 IN TXT "v=DMARC1; p=none; pct=100; rua=mailto:root+dmarc+aggregate@sourcephile.fr; ruf=mailto:root+dmarc+forensic@sourcephile.fr"
 
     ; SPF (Sender Policy Framework)
-    @ 3600 IN SPF "v=spf1 mx ip4:${hosts.mermet.extraArgs.ipv4} -all"
     @ 3600 IN TXT "v=spf1 mx ip4:${hosts.mermet.extraArgs.ipv4} -all"
 
     ; MX (Mail eXchange)
-    @ 180 MX 5 mail
+    @ 1800 MX 5 mail
+    lists.code 1800 MX 5 mail
+    todo.code  1800 MX 5 mail
 
     ; SRV (SeRVice)
     _git._tcp.git             18000 IN SRV 0 0 9418 git
@@ -165,10 +195,12 @@ systemd.services.knot = {
   ];
 };
 /* Useless since the zone is public
-services.unbound.extraConfig = ''
-  stub-zone:
-    name: "sourcephile.fr"
-    stub-addr: 127.0.0.1@5353
+services.unbound.settings = {
+  stub-zone = {
+    name = domain;
+    stub-addr = "127.0.0.1@5353";
+  };
+};
 '';
 */
 }