Add dnssec for reverse zones
This commit is contained in:
parent
a7ea67fedb
commit
aa331b5b48
|
|
@ -102,11 +102,13 @@ in {
|
||||||
inherit (domainCfg) zone;
|
inherit (domainCfg) zone;
|
||||||
};
|
};
|
||||||
}) cfg.domains;
|
}) cfg.domains;
|
||||||
reverseZones = concatMapAttrs (domain: domainOpts:
|
reverseZones = concatMapAttrs (domain:
|
||||||
|
{ ksk, zone, ... }:
|
||||||
listToAttrs (map (network:
|
listToAttrs (map (network:
|
||||||
reverseZonefile {
|
reverseZonefile {
|
||||||
inherit domain network;
|
inherit domain network ksk;
|
||||||
inherit (domainOpts.zone) nameservers;
|
inherit (zone) nameservers;
|
||||||
|
keyFile = ksk.key-file;
|
||||||
ipHostMap = cfg.ip-host-map;
|
ipHostMap = cfg.ip-host-map;
|
||||||
serial = cfg.timestamp;
|
serial = cfg.timestamp;
|
||||||
}) domainOpts.reverse-zones)) cfg.domains;
|
}) domainOpts.reverse-zones)) cfg.domains;
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,8 @@
|
||||||
{ pkgs, ... }:
|
{ pkgs, ... }:
|
||||||
|
|
||||||
{ domain, network, nameservers, ipHostMap, serial, zoneTTL ? 10800
|
{ domain, network, nameservers, ipHostMap, serial, keyFile ? null
|
||||||
, refresh ? 3600, retry ? 1800, expire ? 604800, minimum ? 3600 }:
|
, zoneTTL ? 10800, refresh ? 3600, retry ? 1800, expire ? 604800, minimum ? 3600
|
||||||
|
}:
|
||||||
|
|
||||||
with pkgs.lib;
|
with pkgs.lib;
|
||||||
let
|
let
|
||||||
|
|
@ -47,16 +48,21 @@ let
|
||||||
|
|
||||||
nameserverEntries = map (nameserver: "@ IN NS ${nameserver}.") nameservers;
|
nameserverEntries = map (nameserver: "@ IN NS ${nameserver}.") nameservers;
|
||||||
|
|
||||||
in nameValuePair "${getNetworkZoneName network}" ''
|
in nameValuePair "${getNetworkZoneName network}" {
|
||||||
$ORIGIN ${getNetworkZoneName network}
|
dnssec = keyFile != null;
|
||||||
$TTL ${toString zoneTTL}
|
ksk.keyFile = keyFile;
|
||||||
@ IN SOA ${head nameservers}. hostmaster.${domain}. (
|
data = ''
|
||||||
${serial}
|
$ORIGIN ${getNetworkZoneName network}
|
||||||
${toString refresh}
|
$TTL ${toString zoneTTL}
|
||||||
${toString retry}
|
@ IN SOA ${head nameservers}. hostmaster.${domain}. (
|
||||||
${toString expire}
|
${serial}
|
||||||
${toString minimum}
|
${toString refresh}
|
||||||
)
|
${toString retry}
|
||||||
${concatStringsSep "\n" nameserverEntries}
|
${toString expire}
|
||||||
${concatStringsSep "\n" (generateReverseZoneEntries network domain ipHostMap)}
|
${toString minimum}
|
||||||
''
|
)
|
||||||
|
${concatStringsSep "\n" nameserverEntries}
|
||||||
|
${concatStringsSep "\n"
|
||||||
|
(generateReverseZoneEntries network domain ipHostMap)}
|
||||||
|
'';
|
||||||
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue