From 68ff82c61628212208bc339b9f91fd1dba6ade50 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
Date: Sat, 13 Feb 2021 15:16:56 +0100
Subject: Add CAA to dns

---
 modules/private/dns.nix         | 3 +++
 modules/private/environment.nix | 1 +
 2 files changed, 4 insertions(+)

(limited to 'modules')

diff --git a/modules/private/dns.nix b/modules/private/dns.nix
index ebced42..cb900ff 100644
--- a/modules/private/dns.nix
+++ b/modules/private/dns.nix
@@ -102,6 +102,9 @@
               @ IN SOA ${soa.primary}. ${builtins.replaceStrings ["@"] ["."] soa.email}. ${soa.serial} ${soa.refresh} ${soa.retry} ${soa.expire} ${soa.ttl}
 
               ${lib.concatStringsSep "\n" (map (x: "@ IN NS ${x}.") (lib.concatMap (n: lib.attrsets.mapAttrsToList (k: v: k) ns.${n}) conf.ns))}
+              ${lib.optionalString (conf.withCAA != null) ''
+                ${conf.name}. IN CAA 0 issue "${conf.withCAA}"
+              ''}
 
               ${conf.entries}
 
diff --git a/modules/private/environment.nix b/modules/private/environment.nix
index 490a405..91e018d 100644
--- a/modules/private/environment.nix
+++ b/modules/private/environment.nix
@@ -401,6 +401,7 @@ in
             type = listOf (submodule {
               options = {
                 name = mkOption { type = str; description = "zone name"; };
+                withCAA = mkOption { type = nullOr str; description = "CAA entry"; default = null; };
                 slaves = mkOption {
                   description = "NS slave groups of this zone";
                   type = listOf str;
-- 
cgit v1.2.3