From 426235c17e4d6557744701a86783907351708af7 Mon Sep 17 00:00:00 2001 From: Nguyễn Gia Phong Date: Sun, 12 Feb 2023 02:14:43 +0900 Subject: Dogfood our authoritative DNS server --- dns.nix | 19 ++++++++++++------- ipfs.nix | 10 ++++++---- 2 files changed, 18 insertions(+), 11 deletions(-) diff --git a/dns.nix b/dns.nix index 307e930..35f6676 100644 --- a/dns.nix +++ b/dns.nix @@ -40,18 +40,21 @@ any: info acl: + - id: lego + address: 127.0.0.1 + address: ::1 + key: lego + action: update + update-type: TXT + update-owner: key - id: secondary address: 204.87.183.53 address: 2607:7c80:54:6::53 action: transfer - - id: cnx - action: update - update-owner: key - key: cnx.gdn - id: xarvos + key: xrvs.net action: update update-owner: key - key: xrvs.net template: - id: default @@ -63,15 +66,17 @@ - domain: cnx.gdn notify: secondary acl: secondary - acl: cnx - domain: loang.net + notify: secondary + acl: lego + acl: secondary - domain: xrvs.net notify: secondary acl: secondary acl: xarvos ''; keyFiles = [ - "/var/lib/knot/keys/update/cnx.gdn" + "/var/lib/knot/keys/update/lego" "/var/lib/knot/keys/update/xrvs.net" ]; }; diff --git a/ipfs.nix b/ipfs.nix index d8c19c6..5122c67 100644 --- a/ipfs.nix +++ b/ipfs.nix @@ -26,11 +26,13 @@ in { security = { acme.certs.${domain} = { - credentialsFile = pkgs.writeText "namesilo.env" '' - NAMESILO_API_KEY_FILE=/var/lib/acme/namesilo.key - NAMESILO_PROPAGATION_TIMEOUT=1800 + credentialsFile = pkgs.writeText "knot.env" '' + RFC2136_NAMESERVER=127.0.0.1 + RFC2136_TSIG_KEY=lego + RFC2136_TSIG_ALGORITHM=hmac-sha256 + RFC2136_TSIG_SECRET_FILE=/var/lib/acme/knot.secret ''; - dnsProvider = "namesilo"; + dnsProvider = "rfc2136"; extraDomainNames = [ "*.ipfs.${domain}" "*.ipns.${domain}" -- cgit 1.4.1