From 6dbbd23d4974937228ff7ff5bb47d3683df37cb9 Mon Sep 17 00:00:00 2001
From: Julien Moutinho <julm+sourcephile-nix@sourcephile.fr>
Date: Sun, 9 Feb 2025 01:46:13 +0100
Subject: [PATCH] mermet: knot: sourcephile.fr: add openpgpkey

---
 hosts/mermet/knot/sourcephile.fr.nix | 31 +++++++++++++++++++++-------
 1 file changed, 24 insertions(+), 7 deletions(-)

diff --git a/hosts/mermet/knot/sourcephile.fr.nix b/hosts/mermet/knot/sourcephile.fr.nix
index 0ca2826..6b788a1 100644
--- a/hosts/mermet/knot/sourcephile.fr.nix
+++ b/hosts/mermet/knot/sourcephile.fr.nix
@@ -1,4 +1,12 @@
-{ pkgs, lib, config, inputs, hosts, info, ... }:
+{
+  pkgs,
+  lib,
+  config,
+  inputs,
+  hosts,
+  info,
+  ...
+}:
 let
   domain = "sourcephile.fr";
   domainID = lib.replaceStrings [ "." ] [ "_" ] domain;
@@ -22,7 +30,7 @@ let
 
       ; NS (Name Server)
       @ NS ns
-      ${lib.concatMapStringsSep "\n" ({name, ...}: "@ NS ${name}.") info.lebureau.dns.secondary.ns}
+      ${lib.concatMapStringsSep "\n" ({ name, ... }: "@ NS ${name}.") info.lebureau.dns.secondary.ns}
       i NS ns
       whoami4 NS ns.whoami4
       ns.whoami4 A ${hosts.mermet._module.args.ipv4}
@@ -68,6 +76,8 @@ let
       nix-serve        CNAME losurdo
       nix-extracache   CNAME losurdo
       nix-localcache   CNAME lan.losurdo
+      ; See https://keys.openpgp.org/about/usage#wkd-as-a-service
+      openpgpkey       CNAME wkd.keys.openpgp.org.
       sftp             CNAME losurdo
       radicle-mermet   CNAME mermet
       radicle          CNAME mermet
@@ -93,9 +103,9 @@ let
       ; DOC: https://blog.qualys.com/ssllabs/2017/03/13/caa-mandated-by-cabrowser-forum
       @ CAA 128 issue "letsencrypt.org; validationmethods=dns-01"
     '';
-  # Incorrect:
-  # accounturi=https://acme-v02.api.letsencrypt.org/acme/acct/78014180
 in
+# Incorrect:
+# accounturi=https://acme-v02.api.letsencrypt.org/acme/acct/78014180
 {
   services.knot.settingsFreeform = {
     remote.ns_iodine.address = "127.0.0.1@1053";
@@ -120,8 +130,14 @@ in
       action = "update";
       update-owner = "name";
       update-owner-match = "equal";
-      update-owner-name = [ "losurdo" "lan.losurdo" ];
-      update-type = [ "A" "AAAA" ];
+      update-owner-name = [
+        "losurdo"
+        "lan.losurdo"
+      ];
+      update-type = [
+        "A"
+        "AAAA"
+      ];
     };
     acl."acl_lebureau_${domainID}" = {
       action = "transfer";
@@ -225,7 +241,8 @@ in
       }; }
     }
   '';
-  /* Useless since the zone is public
+  /*
+    Useless since the zone is public
     services.unbound.settings = {
     stub-zone = {
     name = domain;
-- 
2.47.2