home/kubernetes-deployments
2
0
Fork 0
Code Issues 3 Pull requests Projects Releases Packages Wiki Activity Actions

Allow zone transfers

Browse source
This commit is contained in:
Pim Kunis 2025-07-06 17:30:19 +02:00
parent ded49ebc4e
commit b4c5177f6c
3 changed files with 15 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

8
modules/bind9/default.nix
View file

@ -30,16 +30,20 @@ in {
forwarders { }; forwarders { };
directory "/run/named"; directory "/run/named";
pid-file "/run/named/named.pid"; pid-file "/run/named/named.pid";
allow-transfer { none; };
allow-recursion { none; }; allow-recursion { none; };
version none; version none;
notify no; notify no;
}; };
key "kun.is." {
algorithm hmac-sha512;
secret "ref+sops://secrets.yml#/bind/zoneTransferKeys/kunis+";
};
zone "kun.is" { zone "kun.is" {
type master; type master;
file "/etc/bind/kun.is.zone"; file "/etc/bind/kun.is.zone";
allow-transfer { }; allow-transfer { 192.168.20.91; };
allow-query { any; }; allow-query { any; };
}; };
''; '';

4
modules/bind9/kun.is.zone.nix
View file

@ -1,11 +1,13 @@
globals: dns: globals: dns:
with dns.lib.combinators; { with dns.lib.combinators; {
TTL = 300;
CAA = letsEncrypt "caa@kun.is"; CAA = letsEncrypt "caa@kun.is";
SOA = { SOA = {
nameServer = "ns1"; nameServer = "ns1";
adminEmail = "webmaster.kun.is"; adminEmail = "webmaster.kun.is";
serial = 2024041302; serial = 2025070600;
}; };
NS = [ NS = [

14
secrets.yml
View file

@ -55,11 +55,10 @@ authentik:
smtp2go: smtp2go:
username: ENC[AES256_GCM,data:BEr7Rq7rlGvfYEpY/ZXnhM2eClnHdqU81A==,iv:dwYD5h+C5bzS9ikUgxQ51+jRQ32TtDy2PhDbd1tpS8Q=,tag:CjjLDz5n4H28qi8jWf9S4w==,type:str] username: ENC[AES256_GCM,data:BEr7Rq7rlGvfYEpY/ZXnhM2eClnHdqU81A==,iv:dwYD5h+C5bzS9ikUgxQ51+jRQ32TtDy2PhDbd1tpS8Q=,tag:CjjLDz5n4H28qi8jWf9S4w==,type:str]
password: ENC[AES256_GCM,data:Yys6qy6DRYo16+X+Uj9oa9otjaKBnHOtIQ==,iv:G7H9mxsODShFoVlNMwuV8O18NBG/7LTFDFdqnH83YkE=,tag:hSlYp27QMoPZwiKBqyOpKA==,type:str] password: ENC[AES256_GCM,data:Yys6qy6DRYo16+X+Uj9oa9otjaKBnHOtIQ==,iv:G7H9mxsODShFoVlNMwuV8O18NBG/7LTFDFdqnH83YkE=,tag:hSlYp27QMoPZwiKBqyOpKA==,type:str]
bind:
zoneTransferKeys:
kunis: ENC[AES256_GCM,data:OBCPQDko7075wipcaVRBX6UmtUaA3g7qHs103cWYH9G+WrOkCHppCm+DWk2s4wqo+4hEf2j9ie9O/rvank9tHfHtpfQTYmjVoQzgZHFM5urLeQOqh4PLwg==,iv:9yBvjB1NBPH5aZCzUglm2GcmlMxUMCb6wMXL74gfd18=,tag:QeErY8EDlBCitfFe48sidA==,type:str]
sops: sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: age:
- recipient: age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw - recipient: age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw
enc: | enc: |
@ -79,8 +78,7 @@ sops:
azR0UkJyL0RwUVk4ZzdkSWptcDlWVjAK5FU9B5TBSnV3azO4eCv13T6i3dGGuI68 azR0UkJyL0RwUVk4ZzdkSWptcDlWVjAK5FU9B5TBSnV3azO4eCv13T6i3dGGuI68
UgBrVEb1/Fv+4XTjeSEhpiOaH8sNWYoNa3Aa7uTZYlHDRWga2GC7zw== UgBrVEb1/Fv+4XTjeSEhpiOaH8sNWYoNa3Aa7uTZYlHDRWga2GC7zw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-05-26T20:32:01Z" lastmodified: "2025-07-06T15:01:44Z"
mac: ENC[AES256_GCM,data:si28Fu1crF2mYYCJAgN95+G8iJkn4T9wF0Itpi+5cjoSZ2ebxm2wWnVLQ9PwLIkHVF7nNbQM4fWy3eGIWWpexW6ReEc/aGJBLM0L4ho7iFaO1tzWEa5nTyz3QQH8kap1xvqEYgwH9EDkblc4gFpCUDnYbBt9lNcRCZ3JzeYoPxQ=,iv:QHsvuyCCn+9oe5ZQJi2/qDtV7Z2N4JMfqXUEqJkzKH4=,tag:2NGB4VR5bPEZmIC/lYX2VQ==,type:str] mac: ENC[AES256_GCM,data:RqNGiO/TltGMMfhV2MsEH7uaJ+Cj2Ay6bDBBgV8Drs9pLSSqNZl6yr45Ze5lALU/ieV0ssfuPBBe7A5QnWpBUTcAoY0FX7XbOuRwR0BVR7+c4AgLrKybovvKR7Fm7gOZGZ3bwtvoYpn5mQhIODXYehvXihdiOxshAj5oWCPlp9w=,iv:J73EBrJVO121Gfia3xnfrr3Gyennp3+cnuh8rSrcJZM=,tag:nd/xWyT1/wSVo529GuS12g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.4 version: 3.10.2