From 2a799b7d754b298224fe13cdf7a316898e668138 Mon Sep 17 00:00:00 2001
From: Astrid Yu <astrid@astrid.tech>
Date: Wed, 20 Dec 2023 23:26:22 -0800
Subject: [PATCH] trying (but failing) to get zone delegated

---
 nix/nixos-modules/roles/auth-dns/default.nix   |  9 ++++++---
 nix/nixos-modules/roles/auth-dns/nya.haus.zone | 10 +++++-----
 2 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/nix/nixos-modules/roles/auth-dns/default.nix b/nix/nixos-modules/roles/auth-dns/default.nix
index dcecd7c2..d7cd03a5 100644
--- a/nix/nixos-modules/roles/auth-dns/default.nix
+++ b/nix/nixos-modules/roles/auth-dns/default.nix
@@ -6,7 +6,10 @@ let
 in with lib; {
   # vault kv put kv/ddns-key/secrets \
   #   s03=@
-  vault-secrets.secrets."ddns-key" = { user = "named"; };
+  vault-secrets.secrets."ddns-key" = {
+    user = "named";
+    services = mkForce [ ];
+  };
 
   networking.firewall.allowedUDPPorts = [ 53 ];
 
@@ -124,8 +127,8 @@ in with lib; {
   systemd.services.generate-bind-key-includes = {
     description = "Generate config includes for BIND keys";
 
-    # after = [ "ddns-key-secrets.service" ];
-    # requires = [ "ddns-key-secrets.service" ];
+    after = [ "ddns-key-secrets.service" ];
+    requires = [ "ddns-key-secrets.service" ];
 
     before = [ "bind.service" ];
     requiredBy = [ "bind.service" ];
diff --git a/nix/nixos-modules/roles/auth-dns/nya.haus.zone b/nix/nixos-modules/roles/auth-dns/nya.haus.zone
index 779091c5..99c3d356 100644
--- a/nix/nixos-modules/roles/auth-dns/nya.haus.zone
+++ b/nix/nixos-modules/roles/auth-dns/nya.haus.zone
@@ -1,12 +1,12 @@
 ; Registrar: https://porkbun.com
 
-$ORIGIN nya.haus
+$ORIGIN nya.haus.
 $TTL 1h
 
 @ 1h                      IN SOA     dennis.astrid.tech. admin.astrid.tech. (
         ; SOA value reccommendations
         ; https://www.ripe.net/publications/docs/ripe-203
-        2022111200 ; serial YYMMDDnn
+        2023122000 ; serial YYMMDDnn
         3h         ; refresh (3h to allow faster refresh)
         1h         ; retry
         1d         ; expire
@@ -17,9 +17,9 @@ $TTL 1h
 @                         IN NS      dennis.astrid.tech.
 
 ;;; FreeIPA and directory services
-id                        IN NS      ipa0.id
-ipa0.id                   IN A       100.64.64.64
-ipa0.id                   IN AAAA    fd7a:115c:a1e0::b4d1:1b7f
+;id.nya.haus.              IN NS      ipa0.id.nya.haus.
+ipa0.id.nya.haus.         IN A       100.64.64.64
+ipa0.id.nya.haus.         IN AAAA    fd7a:115c:a1e0::b4d1:1b7f
 
 ;;; Mail security
 @                         IN TXT     "v=spf1 -all"