Move config around.
This commit is contained in:
parent
87bb308e42
commit
5632b37b1b
3 changed files with 20 additions and 17 deletions
16
nixos/telperion/config/bind.nix
Normal file
16
nixos/telperion/config/bind.nix
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
{config, ...}:
|
||||||
|
''
|
||||||
|
include "${config.sops.secrets."bind/rndc-keys/externaldns".path}";
|
||||||
|
|
||||||
|
zone "jahanson.tech." {
|
||||||
|
type master;
|
||||||
|
file "${config.sops.secrets."bind/zones/jahanson.tech".path}";
|
||||||
|
journal "${config.services.bind.directory}/db.jahanson.tech.jnl";
|
||||||
|
allow-transfer {
|
||||||
|
key "externaldns";
|
||||||
|
};
|
||||||
|
update-policy {
|
||||||
|
grant externaldns zonesub ANY;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
''
|
|
@ -11,20 +11,12 @@
|
||||||
];
|
];
|
||||||
|
|
||||||
sops = {
|
sops = {
|
||||||
# Mounts unencrypted sops values at /run/secrets/rndc_keys accessible by root only by default.
|
# Mounts unencrypted sops values at /run/secrets/bind/rndc_keys/externaldns accessible by root only by default.
|
||||||
secrets = {
|
secrets = {
|
||||||
"bind/rndc_keys/main" = {
|
|
||||||
owner = config.users.users.named.name;
|
|
||||||
inherit (config.users.users.named) group;
|
|
||||||
};
|
|
||||||
"bind/rndc_keys/externaldns" = {
|
"bind/rndc_keys/externaldns" = {
|
||||||
owner = config.users.users.named.name;
|
owner = config.users.users.named.name;
|
||||||
inherit (config.users.users.named) group;
|
inherit (config.users.users.named) group;
|
||||||
};
|
};
|
||||||
"bind/zones/jahanson.tech" = {
|
|
||||||
owner = config.users.users.named.name;
|
|
||||||
inherit (config.users.users.named) group;
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -61,11 +53,7 @@
|
||||||
|
|
||||||
services.bind = {
|
services.bind = {
|
||||||
enable = true;
|
enable = true;
|
||||||
extraConfig = ''
|
extraConfig = import ./config/bind.nix {inherit config;};
|
||||||
include "${config.sops.secrets."bind/rndc-keys/main".path}";
|
|
||||||
include "${config.sops.secrets."bind/rndc-keys/externaldns".path}";
|
|
||||||
include "${config.sops.secrets."bind/named_extraconfig".path}";
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
|
|
||||||
# Some programs need SUID wrappers, can be configured further or are
|
# Some programs need SUID wrappers, can be configured further or are
|
||||||
|
|
|
@ -2,7 +2,6 @@ bind:
|
||||||
rndc_keys:
|
rndc_keys:
|
||||||
main: ENC[AES256_GCM,data:fHA7GHqsS2A4W4sp8f/qW1CAsK9g4GOV6AJosDkJHYD1hm6gGP/c7qN3LPCVGNP1dLvwdFBMsJw9Zk11RXmqix+4RRVJe1H+b0kYYgdawiWpujQ3APlb6FNRJL05818vLYJs5gnP,iv:Kpq6AVJG/7gbztgxsDzY087Q/ykg9Pe92IXdk88LsOg=,tag:qSYN8JCzh8XJuagU7RHctg==,type:str]
|
main: ENC[AES256_GCM,data:fHA7GHqsS2A4W4sp8f/qW1CAsK9g4GOV6AJosDkJHYD1hm6gGP/c7qN3LPCVGNP1dLvwdFBMsJw9Zk11RXmqix+4RRVJe1H+b0kYYgdawiWpujQ3APlb6FNRJL05818vLYJs5gnP,iv:Kpq6AVJG/7gbztgxsDzY087Q/ykg9Pe92IXdk88LsOg=,tag:qSYN8JCzh8XJuagU7RHctg==,type:str]
|
||||||
externaldns: ENC[AES256_GCM,data:aAKeXstTUfpTSR7M3TMtXaHoYRiaQAVUsfEbIIOAP4V1vAwsTTZg7u8hKdyDh3xA+oXnrcZL9Z0/lKyfvEaZSkHdC1ATTNgnFXEhoJg+k52knETYQMRJMn54lxCwIgGxJ0pkcgIXxdg5,iv:VAUzo2UQ0DfLUcchlNJW7lmS0BK/KFgAYncqwmMDpxw=,tag:pLVWO63bIV4vn12kbeS6Ug==,type:str]
|
externaldns: ENC[AES256_GCM,data:aAKeXstTUfpTSR7M3TMtXaHoYRiaQAVUsfEbIIOAP4V1vAwsTTZg7u8hKdyDh3xA+oXnrcZL9Z0/lKyfvEaZSkHdC1ATTNgnFXEhoJg+k52knETYQMRJMn54lxCwIgGxJ0pkcgIXxdg5,iv:VAUzo2UQ0DfLUcchlNJW7lmS0BK/KFgAYncqwmMDpxw=,tag:pLVWO63bIV4vn12kbeS6Ug==,type:str]
|
||||||
named_extraconfig: ENC[AES256_GCM,data:wrkNCGFDR2h97PIYd3Ij0bge2sAD90GoqP4TqbYOUYYsxUiyZg9CCqtg6y4y3CwOt034L5ZKERMdEvohRevMONnsA3QW9pqdAudGPHrkkhu95EgfrFp4auSPhZA622D/1H0bNNomtYiL/LNwxXfHgwrsfKEzAQwjZBunAbclBrJQRUer6I6n5Mcfl26oxlng7UWgGlJm+484rCrMm2x/5qAaQU7Gb4B8ufCBneINoLsWaSZ3Mj94kQwZyShqDyJfjXn6Lm5Zq+iXUQI1foHHmGK4+wR3nI9X9/9Xq3eszZWfZltft4UJQUhipV4O87/Wh6gG60YQGfZAwJsC6pwk9GVo2RxxdKiKj8LiEIGxfcMLSZra45uF8A==,iv:xBnA1dbXDqU0YwDd7v9S/RAHQABz8cQhAbMkAQkW1NU=,tag:VmQorIWxmHpMW2zZRt2FvA==,type:str]
|
|
||||||
zones:
|
zones:
|
||||||
jahanson.tech: ENC[AES256_GCM,data:Q6vuMug4oNR8tn7hKhxFCeYlV16EV2fuenC/ZX5+VCpj+79YYuKWvegRihDFSF+pyzbSDXiN2VWBUgxR1nrNv7lQNr6Etz3q3fGZEj/+0H8hbKEnNsvqlh9r8XZvOYR+bcXF8cEuz8UUDmQmErC9b0m7VEfvz8ahlJ8kh7dgWWP4VUjrrLj3Fy3+/q48LwBMRRrqbNJMLbnF+JNSuL3W0TeO9mtXhXM4U27p1pW2ucfGlKoFBevEe+JiknDz6QKSlRae4En6xstXtlDsX20hmyTvmX9mjPo2PHdzn2hvBJ9PHUEUPUJfVSlErli0Y2Hl22MTmH0TbdGFoGWYVJjwPT25DGdxlEDuucw9ioTGZFC9X0ffdoBD8ffaiKdLywZwfmF4j2ZrqzaGqF7IsT1sCAnvo8iKcwU3P22ma7ZVBSGN2umll5f2+Go6yGEsNjQtsYrqqGHYi3OXTKskQdFcYy17hoAchcW8fYRlGwK3SvGKZGr/QZU0xkhPRbyFF25AVfto0LzKwOi3KwMRxkArQM/g4P42lzNs76OaqW7FZfBPsEL/H9z0Ff2ctyewwjck0HkFdCBrNZAr62HU74V8/Ytl039NFK6BCRH5K+3miDFw0px7IUdXIJx8sL8yzaP0fW/P5vmGF5ONBzJkzVmaB5ma8qij1W8zQlF6QRIVe0YuNfsiugatUEbRZppqpb7eIH9v4se+SBUN89w54mOuiQ/VY9oBT6nkSrEiJuVnWk/8z3rXGpxnEGCFjWAe2dqKo0c2D/xdmUHkJyoqDqBZdSphpXtEJ/UVWQMjCL8EBKKobARCmy2FiPQhuQ+PAy3Z991jhJ9RVTcckFu90Q4LWkrDHd4iZDVrLosdgV0GCE9VK5eH2OSHCGkiQ8Y7QaIfAqTYt+Asbvv5lad7n5n2PpXslGMOkQgz2xWMwv9SLNVn3xmegBxb14l4PT+lIQexXkewcBZ9JPTsuTTqJXT5VGDglncXXehJqnezQD+V2dSX6AUAUCAvOCRs1/uRAHzh4IZsQxsmaxPNrCybq8uiGj1bymfX2LbS8ZsQ,iv:Jnw8C+KA4DjKeitEGrqY51Os1ar+ZOIqivsF0x5hvQM=,tag:p/cDPkK3URWk8fTZhYO9nA==,type:str]
|
jahanson.tech: ENC[AES256_GCM,data:Q6vuMug4oNR8tn7hKhxFCeYlV16EV2fuenC/ZX5+VCpj+79YYuKWvegRihDFSF+pyzbSDXiN2VWBUgxR1nrNv7lQNr6Etz3q3fGZEj/+0H8hbKEnNsvqlh9r8XZvOYR+bcXF8cEuz8UUDmQmErC9b0m7VEfvz8ahlJ8kh7dgWWP4VUjrrLj3Fy3+/q48LwBMRRrqbNJMLbnF+JNSuL3W0TeO9mtXhXM4U27p1pW2ucfGlKoFBevEe+JiknDz6QKSlRae4En6xstXtlDsX20hmyTvmX9mjPo2PHdzn2hvBJ9PHUEUPUJfVSlErli0Y2Hl22MTmH0TbdGFoGWYVJjwPT25DGdxlEDuucw9ioTGZFC9X0ffdoBD8ffaiKdLywZwfmF4j2ZrqzaGqF7IsT1sCAnvo8iKcwU3P22ma7ZVBSGN2umll5f2+Go6yGEsNjQtsYrqqGHYi3OXTKskQdFcYy17hoAchcW8fYRlGwK3SvGKZGr/QZU0xkhPRbyFF25AVfto0LzKwOi3KwMRxkArQM/g4P42lzNs76OaqW7FZfBPsEL/H9z0Ff2ctyewwjck0HkFdCBrNZAr62HU74V8/Ytl039NFK6BCRH5K+3miDFw0px7IUdXIJx8sL8yzaP0fW/P5vmGF5ONBzJkzVmaB5ma8qij1W8zQlF6QRIVe0YuNfsiugatUEbRZppqpb7eIH9v4se+SBUN89w54mOuiQ/VY9oBT6nkSrEiJuVnWk/8z3rXGpxnEGCFjWAe2dqKo0c2D/xdmUHkJyoqDqBZdSphpXtEJ/UVWQMjCL8EBKKobARCmy2FiPQhuQ+PAy3Z991jhJ9RVTcckFu90Q4LWkrDHd4iZDVrLosdgV0GCE9VK5eH2OSHCGkiQ8Y7QaIfAqTYt+Asbvv5lad7n5n2PpXslGMOkQgz2xWMwv9SLNVn3xmegBxb14l4PT+lIQexXkewcBZ9JPTsuTTqJXT5VGDglncXXehJqnezQD+V2dSX6AUAUCAvOCRs1/uRAHzh4IZsQxsmaxPNrCybq8uiGj1bymfX2LbS8ZsQ,iv:Jnw8C+KA4DjKeitEGrqY51Os1ar+ZOIqivsF0x5hvQM=,tag:p/cDPkK3URWk8fTZhYO9nA==,type:str]
|
||||||
sops:
|
sops:
|
||||||
|
@ -29,8 +28,8 @@ sops:
|
||||||
SHZmN3JDL1ExVHZ5K2txM2h6MzRKWE0KbS3kO9teIcRDY4hnb54LgWzcRQu7aGGf
|
SHZmN3JDL1ExVHZ5K2txM2h6MzRKWE0KbS3kO9teIcRDY4hnb54LgWzcRQu7aGGf
|
||||||
TjnTJzqKqmRRMLOs5be6wbrxBiRe9p5nCN/WJ9nqhr7rfNNMUiZePw==
|
TjnTJzqKqmRRMLOs5be6wbrxBiRe9p5nCN/WJ9nqhr7rfNNMUiZePw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-04-29T17:31:42Z"
|
lastmodified: "2024-04-29T17:44:50Z"
|
||||||
mac: ENC[AES256_GCM,data:mrfK8pGbj3w2BvcwzsL9YHPJyh+T42IGAIpy+XFmUXvrV8rqkWcSabCOddmGDqUtHGpEHQ7xxDvUmI83zSRt5hS/pbVYMVrwAw8lWjJS59bE6sUO0F3kKPzIH1G2K1evZ1hesSk/y7RWuL3+KV+KQ7YzMSYD1Iqabc2Q5HEqZ94=,iv:6IdFxpvpNjE2JNMlbOTr+CZis85x3D7jFVtMD9TUNo4=,tag:H1JJlszywcvVGHNa8juR5g==,type:str]
|
mac: ENC[AES256_GCM,data:ebvcOej/ADwCQd7a1m9wUHI6Hccj50WMraeYvNZRe8GCtyUWA6tnBsJk/d4NnhLpuWXVOXV+CuTcUr7C+Q6I6ZcPsiQoDyuwf0+LvtsMWf2Ep8tVLc55JCyoOWAdVYPif2Elisaj9X1y5Z0hGhKy8nfJ5j7J87CP32bZo59+Hbg=,iv:mMLq0uV4lnaeTdnCyVBbJuwsZxcGQWuZn8BTvmtXO0Q=,tag:4O/tQxKrZV183fIw9CVdXQ==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
Reference in a new issue