]> git.immae.eu Git - perso/Immae/Config/Nix.git/commitdiff
projects / perso / Immae / Config / Nix.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: abd7458)
Add CAA to dns
authorIsmaël Bouya <ismael.bouya@normalesup.org>
Sat, 13 Feb 2021 14:16:56 +0000 (15:16 +0100)
committerIsmaël Bouya <ismael.bouya@normalesup.org>
Sat, 13 Feb 2021 14:16:56 +0000 (15:16 +0100)
modules/private/dns.nix patch | blob | blame | history
modules/private/environment.nix patch | blob | blame | history
nixops/secrets patch | blob | blame | history

diff --git a/modules/private/dns.nix b/modules/private/dns.nix
index ebced4271713f048d2e8dc18689ac35de968f447..cb900ffad6ca725b9853666d6055c095117b716f 100644 (file)
--- a/modules/private/dns.nix
+++ b/modules/private/dns.nix
@@ -102,6 +102,9 @@
               @ IN SOA ${soa.primary}. ${builtins.replaceStrings ["@"] ["."] soa.email}. ${soa.serial} ${soa.refresh} ${soa.retry} ${soa.expire} ${soa.ttl}
 
               ${lib.concatStringsSep "\n" (map (x: "@ IN NS ${x}.") (lib.concatMap (n: lib.attrsets.mapAttrsToList (k: v: k) ns.${n}) conf.ns))}
               @ IN SOA ${soa.primary}. ${builtins.replaceStrings ["@"] ["."] soa.email}. ${soa.serial} ${soa.refresh} ${soa.retry} ${soa.expire} ${soa.ttl}
 
               ${lib.concatStringsSep "\n" (map (x: "@ IN NS ${x}.") (lib.concatMap (n: lib.attrsets.mapAttrsToList (k: v: k) ns.${n}) conf.ns))}
+              ${lib.optionalString (conf.withCAA != null) ''
+                ${conf.name}. IN CAA 0 issue "${conf.withCAA}"
+              ''}
 
               ${conf.entries}
 
 
               ${conf.entries}
 
diff --git a/modules/private/environment.nix b/modules/private/environment.nix
index 490a4051bf3604b5bd4591d7562ed0395e5e743b..91e018d4f76e107ee1a849cbd5b4f6b68704708e 100644 (file)
--- a/modules/private/environment.nix
+++ b/modules/private/environment.nix
@@ -401,6 +401,7 @@ in
             type = listOf (submodule {
               options = {
                 name = mkOption { type = str; description = "zone name"; };
             type = listOf (submodule {
               options = {
                 name = mkOption { type = str; description = "zone name"; };
+                withCAA = mkOption { type = nullOr str; description = "CAA entry"; default = null; };
                 slaves = mkOption {
                   description = "NS slave groups of this zone";
                   type = listOf str;
                 slaves = mkOption {
                   description = "NS slave groups of this zone";
                   type = listOf str;
diff --git a/nixops/secrets b/nixops/secrets
index 6864a6e47101fa922e8d0bca60b9d0ca30803b27..9f0dec5a2040820a1ce8859838f92499babefdc8 160000 (submodule)
--- a/nixops/secrets
+++ b/nixops/secrets
@@ -1 +1 @@
-Subproject commit 6864a6e47101fa922e8d0bca60b9d0ca30803b27
+Subproject commit 9f0dec5a2040820a1ce8859838f92499babefdc8
My infrastructure configuration