From c4644ad9eb16c5b62a9b3042a07c89c866f453c0 Mon Sep 17 00:00:00 2001 From: Wojtek Kosior Date: Sat, 2 Sep 2023 17:59:33 +0200 Subject: Add Knot to the container --- container.scm | 87 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 86 insertions(+), 1 deletion(-) (limited to 'container.scm') diff --git a/container.scm b/container.scm index a2f3cb6..ea5083b 100644 --- a/container.scm +++ b/container.scm @@ -35,7 +35,8 @@ (use-service-modules web shepherd certbot - mail) + mail + dns) (define %here (getcwd)) @@ -609,6 +610,89 @@ exim_path = /run/setuid-programs/exim "/etc/dovecot/users"))))) (mail-location "maildir:~/Maildir")))) +(define %1984-freedns-nameservers + '(("ns0.1984.is" "45.76.37.222") + ("ns1.1984.is" "194.58.192.36") + ("ns2.1984.is" "45.32.180.186" "93.95.226.52") + ("ns1.1984hosting.com" "185.42.137.114") + ("ns2.1984hosting.com" "93.95.226.53"))) + +(define (make-zone-entries domain) + (define-zone-entries entries-sans-ns + ;; domain->IP assignments + ("@" "" "IN" "A" "93.95.227.159") + ("@" "" "IN" "AAAA" "fe80::5054:5dff:fe5f:e39f") + ("*" "" "IN" "CNAME" "@") + ;; mail + ("@" "" "IN" "MX 10" "koszko.org.") + ;; dmarc + ("@" "" "IN" "TXT" "\"v=spf1 ip4:93.95.227.159 -all\"") + ("_dmarc" "" "IN" "TXT" "\"v=DMARC1;p=reject;rua=mailto:dmarc@koszko.org;ruf=mailto:dmarc@koszko.org;rf=afrf;pct=100\"") + ("mail._domainkey" "" "IN" "TXT" "( + \"k=rsa;t=s;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAx0kXNRIL\" + \"VRDaU1iPdUu2FwX+pRbNS4DwojiOYznESt1npY8LzYV3MBKf2XXOSl+6Ui8Jy91V\" + \"KzoUqwN9Rh6vdsLYPaMMtPUe/gN1AOqyF4qYqz499VZqRLmoPyq4EV5eRSqbDeDb\" + \"eDOaoJ0+ZJHG6qg2eAz1v2U++lsSRTOkXe3xZFxrHRrvXg5JVl5DNGRKBjotwW8O\" + \"EMhwUa2LbmJA/EbbCWhXfmaIEwqP2LRUF2HqFMSr4IHHopcTKQwpSwbsOGYG8MV1\" + \"c5HelO+OROpuUNPE8YoKVHKwfWdwgStrrkSYK+H5JQvJgFvyfsyePfXfqszde+4B\" + \"EC34ScPW86HKmw4JltFpBCiBThYdD0fu8g5mQzdtwNUbCcPkuUDrUTA4TE44ScHO\" + \"VYDX0QWaUubrsf5F1+bwyTKuzbUHXnbXw7r7JLC2P4CjtsS4MLYjrfeQ3TIEdj+s\" + \"WtWVItIVQnFRuSTFmHKqnWNDSjmTeH5m8FWPQeDjXRj2e1f5vCrfIvyXTzWvOeIw\" + \"DU2QfyUPUKaL9hvNvX9S3G45qM/CH5UTRc2BC0dFZHBNR/uLTGMYaatfw2QAxQzs\" + \"cmw34IgwLGswxFj3iaDwc8d3Uh+JamFBf+GUrwjRs/sVRRiXrB+qKwlxckzWHVbV\" + \"oABCxjKDmvE86L3kCQ+MobG0BOtFBR4BqU8CAwEAAQ==\" +)") + ((string-append domain "._report._dmarc") "" "IN" "TXT" "\"v=DMARC1\"")) + + (append (list (zone-entry (type "NS") + (data "vps-93-95-227-159.1984.is."))) + (map (match-lambda ((ns rest ...) + (zone-entry (type "NS") + (data (string-append ns "."))))) + %1984-freedns-nameservers) + entries-sans-ns)) + +(define %koszko-org-zone-configuration + (knot-zone-configuration + (domain "koszko.org") + (zone (zone-file + (origin "koszko.org") + (entries (make-zone-entries "koszko.org")) + (ns "vps-93-95-227-159.1984.is.") + (mail "koszko") + (serial 2023090200))) + (acl '("allow-axfr-from-1984")) + (semantic-checks? #t) + (notify (map car %1984-freedns-nameservers)))) + +(define %koszkonutek-tmp.pl.eu.org-zone-configuration + (knot-zone-configuration + (domain "koszkonutek-tmp.pl.eu.org") + (zone (zone-file + (origin "koszkonutek-tmp.pl.eu.org") + (entries (make-zone-entries "koszkonutek-tmp.pl.eu.org")) + (ns "vps-93-95-227-159.1984.is.") + (mail "wk") + (serial 2023090200))) + (acl '("allow-axfr-from-1984")) + (semantic-checks? #t) + (notify (map car %1984-freedns-nameservers)))) + +(define %koszko-knot-service + (service knot-service-type + (knot-configuration + (acls (list (knot-acl-configuration + (id "allow-axfr-from-1984") + (address (append-map cdr %1984-freedns-nameservers)) + (action '(transfer))))) + (remotes (map (match-lambda ((ns addresses ...) + (knot-remote-configuration + (id ns) + (address addresses)))) + %1984-freedns-nameservers)) + (zones (list %koszko-org-zone-configuration + %koszkonutek-tmp.pl.eu.org-zone-configuration))))) + (operating-system (host-name "koszko") (timezone "Europe/Warsaw") @@ -736,4 +820,5 @@ exim_path = /run/setuid-programs/exim %koszko-exim-service %koszko-mail-aliases-service %koszko-dovecot-service + %koszko-knot-service %base-services))) -- cgit v1.2.3