# Authoritative domain name server # Copyright (C) 2022 Nguyễn Gia Phong # # This file is part of loang configuration. # # Loang configuration is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # Loang configuration is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with loang configuration. If not, see . { ... }: let cercleLibreZone = builtins.toFile "cercle.libre.zone" '' @ SOA danh.loang.net. mcsinyx.disroot.org. 2023021702 14400 3600 604800 3600 @ NS danh.loang.net. @ A 37.205.11.127 @ AAAA 2a03:3b40:100::1:2 ''; sinyxIndyZone = builtins.toFile "sinyx.indy.zone" '' @ SOA danh.loang.net. mcsinyx.disroot.org. 2023022002 14400 3600 604800 3600 @ NS danh.loang.net. @ A 37.205.11.127 @ AAAA 2a03:3b40:100::1:2 * A 37.205.11.127 * AAAA 2a03:3b40:100::1:2 ''; stripromanPirateZone = builtins.toFile "striproman.pirate.zone" '' @ SOA danh.loang.net. mcsinyx.disroot.org. 2023022023 14400 3600 604800 3600 @ NS danh.loang.net. @ A 37.205.11.127 @ AAAA 2a03:3b40:100::1:2 ''; in { networking.firewall = { allowedTCPPorts = [ 53 ]; allowedUDPPorts = [ 53 ]; }; services.knot = { enable = true; extraConfig = '' server: listen: 0.0.0.0@53 listen: ::@53 remote: - id: secondary address: 204.87.183.53@53 address: 2607:7c80:54:6::53@53 log: - target: syslog any: info acl: - id: lego address: 127.0.0.1 address: ::1 key: lego action: update update-type: TXT update-owner: key - id: secondary address: 204.87.183.53 address: 2607:7c80:54:6::53 action: transfer - id: xarvos key: xrvs.net action: update update-owner: key template: - id: default storage: /var/lib/knot/zones file: %s dnssec-signing: on zone: - domain: cercle.libre file: ${cercleLibreZone} dnssec-signing: off - domain: cnx.gdn notify: secondary acl: secondary - domain: loang.net notify: secondary acl: lego acl: secondary - domain: sinyx.indy file: ${sinyxIndyZone} dnssec-signing: off - domain: striproman.pirate file: ${stripromanPirateZone} dnssec-signing: off - domain: xrvs.net notify: secondary acl: secondary acl: xarvos ''; keyFiles = [ "/var/lib/knot/keys/update/lego" "/var/lib/knot/keys/update/xrvs.net" ]; }; }