Let Knot manage its states

1 files changed, 23 insertions, 26 deletions

diff --git a/dns.nix b/dns.nix
index 5e9174f..f0547ba 100644
--- a/dns.nix
+++ b/dns.nix
@@ -16,25 +16,8 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with loang configuration.  If not, see <https://www.gnu.org/licenses/>.
 
-{ lib, pkgs, ... }:
-let
-  cnxZone = pkgs.writeText "cnx.gdn.zone" ''
-    @  SOA  ns.cnx.gdn. mcsinyx.disroot.org. 2022091901 10800 3600 604800 3600
-    @  NS   ns
-    ns A    37.205.11.127
-    ns AAAA 2a03:3b40:100::1:2
-    @  A    37.205.11.127
-    @  AAAA 2a03:3b40:100::1:2
-  '';
-  loangZone = pkgs.writeText "loang.net.zone" ''
-    @  SOA  ns.loang.net. mcsinyx.disroot.org. 2022092101 10800 3600 604800 3600
-    @  NS   ns
-    @  A    37.205.11.127
-    @  AAAA 2a03:3b40:100::1:2
-    *  A    37.205.11.127
-    *  AAAA 2a03:3b40:100::1:2
-  '';
-in {
+{ ... }:
+{
   networking.firewall = {
     allowedTCPPorts = [ 53 ];
     allowedUDPPorts = [ 53 ];
@@ -47,16 +30,30 @@ in {
           listen: 0.0.0.0@53
           listen: ::@53
 
-      zone:
-        - domain: cnx.gdn
-          file: ${cnxZone}
-        - domain: loang.net
-          file: ${loangZone}
-
       log:
         - target: syslog
           any: info
+
+      acl:
+        - id: xarvos
+          action: update
+          update-owner: key
+          key: xrvs.net
+
+      template:
+        - id: default
+          storage: /var/lib/knot/zones
+          file: %s
+          dnssec-signing: on
+
+      zone:
+        - domain: cnx.gdn
+        - domain: loang.net
+        - domain: xrvs.net
+          acl: xarvos
     '';
-    keyFiles = [ ];
+    keyFiles = [
+      "/var/lib/knot/keys/update/xrvs.net"
+    ];
   };
 }