From 68ff82c61628212208bc339b9f91fd1dba6ade50 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
Date: Sat, 13 Feb 2021 15:16:56 +0100
Subject: [PATCH] Add CAA to dns

---
 modules/private/dns.nix         | 3 +++
 modules/private/environment.nix | 1 +
 nixops/secrets                  | 2 +-
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/modules/private/dns.nix b/modules/private/dns.nix
index ebced42..cb900ff 100644
--- a/modules/private/dns.nix
+++ b/modules/private/dns.nix
@@ -102,6 +102,9 @@
               @ IN SOA ${soa.primary}. ${builtins.replaceStrings ["@"] ["."] soa.email}. ${soa.serial} ${soa.refresh} ${soa.retry} ${soa.expire} ${soa.ttl}
 
               ${lib.concatStringsSep "\n" (map (x: "@ IN NS ${x}.") (lib.concatMap (n: lib.attrsets.mapAttrsToList (k: v: k) ns.${n}) conf.ns))}
+              ${lib.optionalString (conf.withCAA != null) ''
+                ${conf.name}. IN CAA 0 issue "${conf.withCAA}"
+              ''}
 
               ${conf.entries}
 
diff --git a/modules/private/environment.nix b/modules/private/environment.nix
index 490a405..91e018d 100644
--- a/modules/private/environment.nix
+++ b/modules/private/environment.nix
@@ -401,6 +401,7 @@ in
             type = listOf (submodule {
               options = {
                 name = mkOption { type = str; description = "zone name"; };
+                withCAA = mkOption { type = nullOr str; description = "CAA entry"; default = null; };
                 slaves = mkOption {
                   description = "NS slave groups of this zone";
                   type = listOf str;
diff --git a/nixops/secrets b/nixops/secrets
index 6864a6e..9f0dec5 160000
--- a/nixops/secrets
+++ b/nixops/secrets
@@ -1 +1 @@
-Subproject commit 6864a6e47101fa922e8d0bca60b9d0ca30803b27
+Subproject commit 9f0dec5a2040820a1ce8859838f92499babefdc8
-- 
2.41.0