Add Knot to the container

author: Wojtek Kosior <koszko@koszko.org> 2023-09-02 17:59:33 +0200
committer: Wojtek Kosior <koszko@koszko.org> 2023-09-02 17:59:33 +0200
commit: c4644ad9eb16c5b62a9b3042a07c89c866f453c0 (patch)
tree: 9126410c2fda902d0cf4d6333d371c0615c17782 /container.scm
parent: 816ff7ecd4a39c9918141c9fee10932cecb52565 (diff)
download: koszko-org-server-c4644ad9eb16c5b62a9b3042a07c89c866f453c0.tar.gz
koszko-org-server-c4644ad9eb16c5b62a9b3042a07c89c866f453c0.zip
1 files changed, 86 insertions, 1 deletions
diff --git a/container.scm b/container.scm
index a2f3cb6..ea5083b 100644
--- a/container.scm
+++ b/container.scm
@@ -35,7 +35,8 @@
 (use-service-modules web
                      shepherd
                      certbot
-                     mail)
+                     mail
+                     dns)
 
 (define %here
   (getcwd))
@@ -609,6 +610,89 @@ exim_path = /run/setuid-programs/exim
                                     "/etc/dovecot/users")))))
             (mail-location "maildir:~/Maildir"))))
 
+(define %1984-freedns-nameservers
+  '(("ns0.1984.is"         "45.76.37.222")
+    ("ns1.1984.is"         "194.58.192.36")
+    ("ns2.1984.is"         "45.32.180.186" "93.95.226.52")
+    ("ns1.1984hosting.com" "185.42.137.114")
+    ("ns2.1984hosting.com" "93.95.226.53")))
+
+(define (make-zone-entries domain)
+  (define-zone-entries entries-sans-ns
+    ;; domain->IP assignments
+    ("@"    "" "IN" "A"     "93.95.227.159")
+    ("@"    "" "IN" "AAAA"  "fe80::5054:5dff:fe5f:e39f")
+    ("*"    "" "IN" "CNAME" "@")
+    ;; mail
+    ("@"      "" "IN" "MX 10" "koszko.org.")
+    ;; dmarc
+    ("@"      "" "IN" "TXT"   "\"v=spf1 ip4:93.95.227.159 -all\"")
+    ("_dmarc" "" "IN" "TXT"   "\"v=DMARC1;p=reject;rua=mailto:dmarc@koszko.org;ruf=mailto:dmarc@koszko.org;rf=afrf;pct=100\"")
+    ("mail._domainkey" "" "IN" "TXT" "(
+ \"k=rsa;t=s;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAx0kXNRIL\"
+ \"VRDaU1iPdUu2FwX+pRbNS4DwojiOYznESt1npY8LzYV3MBKf2XXOSl+6Ui8Jy91V\"
+ \"KzoUqwN9Rh6vdsLYPaMMtPUe/gN1AOqyF4qYqz499VZqRLmoPyq4EV5eRSqbDeDb\"
+ \"eDOaoJ0+ZJHG6qg2eAz1v2U++lsSRTOkXe3xZFxrHRrvXg5JVl5DNGRKBjotwW8O\"
+ \"EMhwUa2LbmJA/EbbCWhXfmaIEwqP2LRUF2HqFMSr4IHHopcTKQwpSwbsOGYG8MV1\"
+ \"c5HelO+OROpuUNPE8YoKVHKwfWdwgStrrkSYK+H5JQvJgFvyfsyePfXfqszde+4B\"
+ \"EC34ScPW86HKmw4JltFpBCiBThYdD0fu8g5mQzdtwNUbCcPkuUDrUTA4TE44ScHO\"
+ \"VYDX0QWaUubrsf5F1+bwyTKuzbUHXnbXw7r7JLC2P4CjtsS4MLYjrfeQ3TIEdj+s\"
+ \"WtWVItIVQnFRuSTFmHKqnWNDSjmTeH5m8FWPQeDjXRj2e1f5vCrfIvyXTzWvOeIw\"
+ \"DU2QfyUPUKaL9hvNvX9S3G45qM/CH5UTRc2BC0dFZHBNR/uLTGMYaatfw2QAxQzs\"
+ \"cmw34IgwLGswxFj3iaDwc8d3Uh+JamFBf+GUrwjRs/sVRRiXrB+qKwlxckzWHVbV\"
+ \"oABCxjKDmvE86L3kCQ+MobG0BOtFBR4BqU8CAwEAAQ==\"
+)")
+    ((string-append domain "._report._dmarc") "" "IN" "TXT" "\"v=DMARC1\""))
+
+  (append (list (zone-entry (type "NS")
+                           (data "vps-93-95-227-159.1984.is.")))
+          (map (match-lambda ((ns rest ...)
+                              (zone-entry (type "NS")
+                                          (data (string-append ns ".")))))
+               %1984-freedns-nameservers)
+          entries-sans-ns))
+
+(define %koszko-org-zone-configuration
+  (knot-zone-configuration
+   (domain "koszko.org")
+   (zone (zone-file
+          (origin "koszko.org")
+          (entries (make-zone-entries "koszko.org"))
+          (ns "vps-93-95-227-159.1984.is.")
+          (mail "koszko")
+          (serial 2023090200)))
+   (acl '("allow-axfr-from-1984"))
+   (semantic-checks? #t)
+   (notify (map car %1984-freedns-nameservers))))
+
+(define %koszkonutek-tmp.pl.eu.org-zone-configuration
+  (knot-zone-configuration
+   (domain "koszkonutek-tmp.pl.eu.org")
+   (zone (zone-file
+          (origin "koszkonutek-tmp.pl.eu.org")
+          (entries (make-zone-entries "koszkonutek-tmp.pl.eu.org"))
+          (ns "vps-93-95-227-159.1984.is.")
+          (mail "wk")
+          (serial 2023090200)))
+   (acl '("allow-axfr-from-1984"))
+   (semantic-checks? #t)
+   (notify (map car %1984-freedns-nameservers))))
+
+(define %koszko-knot-service
+  (service knot-service-type
+           (knot-configuration
+            (acls (list (knot-acl-configuration
+                         (id "allow-axfr-from-1984")
+                         (address (append-map cdr %1984-freedns-nameservers))
+                         (action '(transfer)))))
+            (remotes (map (match-lambda ((ns addresses ...)
+                                         (knot-remote-configuration
+                                          (id ns)
+                                          (address addresses))))
+                          %1984-freedns-nameservers))
+            (zones (list %koszko-org-zone-configuration
+                         %koszkonutek-tmp.pl.eu.org-zone-configuration)))))
+
 (operating-system
   (host-name "koszko")
   (timezone "Europe/Warsaw")
@@ -736,4 +820,5 @@ exim_path = /run/setuid-programs/exim
           %koszko-exim-service
           %koszko-mail-aliases-service
           %koszko-dovecot-service
+          %koszko-knot-service
           %base-services)))
author	Wojtek Kosior <koszko@koszko.org>	2023-09-02 17:59:33 +0200
committer	Wojtek Kosior <koszko@koszko.org>	2023-09-02 17:59:33 +0200
commit	c4644ad9eb16c5b62a9b3042a07c89c866f453c0 (patch)
tree	9126410c2fda902d0cf4d6333d371c0615c17782 /container.scm
parent	816ff7ecd4a39c9918141c9fee10932cecb52565 (diff)
download	koszko-org-server-c4644ad9eb16c5b62a9b3042a07c89c866f453c0.tar.gz koszko-org-server-c4644ad9eb16c5b62a9b3042a07c89c866f453c0.zip