nix(coredns): properly declare nameservers + other

2023-11-13 22:47:06 +01:00 · 2023-11-13 22:47:06 +01:00 · fc20cc832b
commit fc20cc832b
parent 50d1e4ad99
2 changed files with 36 additions and 23 deletions
--- a/nix/hosts/loki/modules/coredns.nix
+++ b/nix/hosts/loki/modules/coredns.nix
@ -5,7 +5,7 @@
  sops-nix,
  ...
 }: let
-  serial = toString 14;
+  serial = toString 15;
  svc = "coredns.service";
  usr = "${toString config.users.users.coredns.name}";
  domain = p.domainName;
@ -35,6 +35,8 @@ in {
      "net/ethLoki".restartUnits = [svc];
      "net/ethCaelum".restartUnits = [svc];
      "net/ethCarina".restartUnits = [svc];
+      "net/ethNixpi".restartUnits = [svc];
+      "net/ethSurtur".restartUnits = [svc];
      "net/wlanLoki".restartUnits = [svc];
      "net/wlanCarina".restartUnits = [svc];

@ -47,6 +49,8 @@ in {
      "net/ethLoki".owner = usr;
      "net/ethCaelum".owner = usr;
      "net/ethCarina".owner = usr;
+      "net/ethNixpi".owner = usr;
+      "net/ethSurtur".owner = usr;
      "net/wlanLoki".owner = usr;
      "net/wlanCarina".owner = usr;
    };
@ -57,33 +61,40 @@ in {
    content = ''
      $ORIGIN ${domain}.
      @                               1D IN SOA   ${domain}. root.${domain}. (
-                                          ${serial}    ; serial (yyyymmdd##)
-                                          1M    ; refresh
-                                          1M   ; retry
-                                          1M    ; expiry
-                                          1m )  ; minimum ttl
+                                          ${serial}     ; serial (yyyymmdd##)
+                                          1m     ; refresh
+                                          1m     ; retry
+                                          1m     ; expiry
+                                          1m )   ; minimum ttl

                                      5m  IN  NS      ${p."net/ethLoki"}.
                                      5m  IN  NS      ${p."net/wlanLoki"}.
                                      5m  IN  NS      ${p."net/ethCarina"}.
                                      5m  IN  NS      ${p."net/wlanCarina"}.

-      grocy.${domain}.	5m  IN  A	${p."net/ethCaelum"}
-      gonic.${domain}.	5m  IN  A	${p."net/ethLoki"}
-      cloud.${domain}.	5m  IN  A	${p."net/ethCaelum"}
-      media.${domain}.	5m  IN  A	${p."net/ethCaelum"}
-      llama.${domain}.	5m  IN  A	${p."net/ethCaelum"}
-      llama2.${domain}.	5m  IN  A	${p."net/ethCaelum"}
-      auth.${domain}.	5m  IN  A	${p."net/ethLoki"}
-      whoami.${domain}.	5m  IN  A	${p."net/ethLoki"}
-      ffsync.${domain}.	5m  IN  A	${p."net/ethLoki"}
-      cache.${domain}.	5m  IN  A	${p."net/ethLoki"}
-      nixcache.${domain}.	5m  IN  CNAME	cache.${domain}
-      uptime.${domain}.	5m  IN  A	${p."net/ethLoki"}
+      ns1	5m  IN  A	${p."net/ethCarina"}
+      ns2	5m  IN  A	${p."net/ethLoki"}
+      ns3	5m  IN  A	${p."net/wlanLoki"}
+      ns4	5m  IN  A	${p."net/wlanCarina"}

-      carina.${domain}.	5m  IN  A	${p."net/ethCarina"}
-      caelum.${domain}.	5m  IN  A	${p."net/ethCaelum"}
-      loki.${domain}.	5m  IN  A	${p."net/ethLoki"}
+      grocy	5m  IN  A	${p."net/ethCaelum"}
+      gonic	5m  IN  A	${p."net/ethLoki"}
+      cloud	5m  IN  A	${p."net/ethCaelum"}
+      media	5m  IN  A	${p."net/ethCaelum"}
+      llama	5m  IN  A	${p."net/ethCaelum"}
+      llama2	5m  IN  A	${p."net/ethCaelum"}
+      auth	5m  IN  A	${p."net/ethLoki"}
+      whoami	5m  IN  A	${p."net/ethLoki"}
+      ffsync	5m  IN  A	${p."net/ethLoki"}
+      cache	5m  IN  A	${p."net/ethLoki"}
+      nixcache	5m  IN  CNAME	cache.${domain}
+      uptime	5m  IN  A	${p."net/ethLoki"}
+
+      carina	5m  IN  A	${p."net/ethCarina"}
+      loki	5m  IN  A	${p."net/ethLoki"}
+      caelum	5m  IN  A	${p."net/ethCaelum"}
+      nixpi	5m  IN  A	${p."net/ethNixpi"}
+      surtur.${domain}.	5m  IN  A	${p."net/ethSurtur"}
    '';
  };

--- a/nix/hosts/loki/secrets.yaml
+++ b/nix/hosts/loki/secrets.yaml
@ -13,6 +13,8 @@ authentik:
    #ENC[AES256_GCM,data:7Ux8lB94gwD/7pab3THr8ExJ5DwsMBikqECFIRYEmIAIJh8RnGjORnGIk+Dx06NZ0yr16JMD3o0kyjNL,iv:bIfJmwB4Y/oS241keTPG7Ty9hT7U12ES3XV2vHKFKgI=,tag:qDTXF62SzpMqDNqklkZdsg==,type:comment]
    emailPassword: ENC[AES256_GCM,data:Jr1lpggvsxO50dvQ/jWjinN9CtSA5KiVbIuisYtx+lzzkOZojBlYkOiX3aYNfxX1MOPlsA==,iv:Bl6siYZ6wneYOeZ2PivAUJS1JnLFRgYtdbjrmrKOOBI=,tag:YrsvF3Q1cs6w+bUlHA9Wgw==,type:str]
 net:
+    ethSurtur: ENC[AES256_GCM,data:YvPqV8JDrkHtpqgW,iv:mI3vXwSlmsE/t6z68SovLmDRmKGQzGuxnFxHJOw7Fys=,tag:TrmFvuyGW9Smp5MJRzTPrg==,type:str]
+    ethNixpi: ENC[AES256_GCM,data:CiefW425x9pE24EJ,iv:dnWQNaNrvw4onfENV5t7kTrSKDxycNdHuAolwhKvS6w=,tag:jt205dplzDbqgetBcM/SMg==,type:str]
    ethLoki: ENC[AES256_GCM,data:dP23Oj9pPPntNnx0,iv:kdfdkKhHQQED/iH1BDRUB/C3R/vdVgY4Pm8nZMc62uQ=,tag:8qb669FIhwI5AU/LHfj7wg==,type:str]
    ethCaelum: ENC[AES256_GCM,data:KRiIHgqJVZHbMOEPlw==,iv:xbZBkEboi5B7M0PuWytkc6+Y2FoZ7LhDox39yX4ZTIk=,tag:Y2wElHZzxTn68kTK0e48UQ==,type:str]
    ethCarina: ENC[AES256_GCM,data:IIzTlIdGo17ie1XA6w==,iv:v79kkPFbhj5x+8xTkxSKCS9xCaTzlMK+RaGQgiKnDn8=,tag:cFNDqag0JGLHgVFQ3tA9mA==,type:str]
@ -63,8 +65,8 @@ sops:
            c200TjlWUnFqRCs4V0FjM25iT3YrZTQKfpfrN++o6SZerazvwpuiYLpvJL4Bb4U/
            UIpMVS/rJhDrrBfMsCj253CRYRu73mbN28xnK+e68cl8l3EiMyEkEA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-11-01T22:20:35Z"
-    mac: ENC[AES256_GCM,data:tR1SlKiL9frBg3/KYrb8Igdgbx17mDreNOZEbkR1b7KmwoCvzJbO//5DT7yNPp4xiezTB/fW9xKNVSpBTJCbeifpj2hJGGC3VgUDpuZ9PiNcslIgvdw3tesGkRNq8srDgCx78CGl2q8wYxTtm4CjmjHv662OgNiXqbVHTRzOmZo=,iv:9SzPvUVlh8yNnSKEbaTyXw4JlQ0kbmR+L+9tyI3s2SU=,tag:wbq7R+tkt9uSGQzRs2g/Cw==,type:str]
+    lastmodified: "2023-11-13T21:36:25Z"
+    mac: ENC[AES256_GCM,data:LLXZTAAvR00tY0p6ANpP2SABwlI/hgcHlAArv5YkohykOaamWnHp4ehd248ouFjywPIFDu1YZYVcCPjATuKYv69I+qAD+Y2bApJQNkegthfR3oHQaU6eSpiloMx+Yqqvlb6XpoAB/ewgbPSDRBsQ8tibrNtwhOlX5nqIv5M2sIo=,iv:egsHl9G80EoDHIZannXE1KGJ4MJ/30cYCxfngJFRx7Q=,tag:FewLvSmbfNGyyTdZ2IPK/w==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.7.3