trying (but failing) to get zone delegated

ifd3f · Dec 21, 2023 · 2a799b7 · 2a799b7
1 parent 4324fb6
commit 2a799b7
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 8 deletions.
diff --git a/nix/nixos-modules/roles/auth-dns/default.nix b/nix/nixos-modules/roles/auth-dns/default.nix
@@ -6,7 +6,10 @@ let
 in with lib; {
   # vault kv put kv/ddns-key/secrets \
   #   s03=@
-  vault-secrets.secrets."ddns-key" = { user = "named"; };
+  vault-secrets.secrets."ddns-key" = {
+    user = "named";
+    services = mkForce [ ];
+  };
 
   networking.firewall.allowedUDPPorts = [ 53 ];
 
@@ -124,8 +127,8 @@ in with lib; {
   systemd.services.generate-bind-key-includes = {
     description = "Generate config includes for BIND keys";
 
-    # after = [ "ddns-key-secrets.service" ];
-    # requires = [ "ddns-key-secrets.service" ];
+    after = [ "ddns-key-secrets.service" ];
+    requires = [ "ddns-key-secrets.service" ];
 
     before = [ "bind.service" ];
     requiredBy = [ "bind.service" ];

diff --git a/nix/nixos-modules/roles/auth-dns/nya.haus.zone b/nix/nixos-modules/roles/auth-dns/nya.haus.zone
@@ -1,12 +1,12 @@
 ; Registrar: https://porkbun.com
 
-$ORIGIN nya.haus
+$ORIGIN nya.haus.
 $TTL 1h
 
 @ 1h                      IN SOA     dennis.astrid.tech. admin.astrid.tech. (
         ; SOA value reccommendations
         ; https://www.ripe.net/publications/docs/ripe-203
-        2022111200 ; serial YYMMDDnn
+        2023122000 ; serial YYMMDDnn
         3h         ; refresh (3h to allow faster refresh)
         1h         ; retry
         1d         ; expire
@@ -17,9 +17,9 @@ $TTL 1h
 @                         IN NS      dennis.astrid.tech.
 
 ;;; FreeIPA and directory services
-id                        IN NS      ipa0.id
-ipa0.id                   IN A       100.64.64.64
-ipa0.id                   IN AAAA    fd7a:115c:a1e0::b4d1:1b7f
+;id.nya.haus.              IN NS      ipa0.id.nya.haus.
+ipa0.id.nya.haus.         IN A       100.64.64.64
+ipa0.id.nya.haus.         IN AAAA    fd7a:115c:a1e0::b4d1:1b7f
 
 ;;; Mail security
 @                         IN TXT     "v=spf1 -all"