rebmit/nixos-config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

services/knot: enable dnssec

Browse source
This commit is contained in:
Lu Wang 2024-12-16 00:14:43 +08:00
parent b9fee44d8f
commit 2734bc70c4
Signed by: rebmit
SSH key fingerprint: SHA256:3px8QV1zEerIrEWHaqtH5rR9kjetyRST5EipOPrd+bU
1 changed files with 24 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
nixos/profiles/services/knot/primary.nix
View file

@ -59,6 +59,26 @@ in
remote = builtins.attrNames secondary; remote = builtins.attrNames secondary;
} }
]; ];
policy = [
{
algorithm = "ed25519";
id = "default";
ksk-lifetime = "365d";
ksk-shared = true;
ksk-submission = "default";
nsec3 = true;
nsec3-iterations = "0";
nsec3-salt-length = "0";
signing-threads = "4";
}
];
submission = [
{
check-interval = "10m";
id = "default";
parent = "cloudflare";
}
];
template = [ template = [
{ {
id = "default"; id = "default";
@ -66,6 +86,8 @@ in
global-module = "mod-rrl/default"; global-module = "mod-rrl/default";
catalog-role = "member"; catalog-role = "member";
catalog-zone = "catalog"; catalog-zone = "catalog";
dnssec-policy = "default";
dnssec-signing = true;
serial-policy = "unixtime"; serial-policy = "unixtime";
semantic-checks = true; semantic-checks = true;
zonefile-load = "difference-no-serial"; zonefile-load = "difference-no-serial";
@ -116,4 +138,6 @@ in
]; ];
}; };
}; };
services.restic.backups.b2.paths = [ "/var/lib/knot" ];
} }