B4L/cnx-network-clan
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
50 Commits 1 Branch 0 Tags
a3482face547a39f24044dcf569c8bfb45bc480e
T
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Berwn a3482face5 Allow ACME DNS-01 dynamic updates on ns1 
Add a dedicated acme_ddns TSIG key (scoped to ns1 only) and an acl_acme rule
that limits it to TXT updates at or under _acme-challenge.<zone>. An external
ACME client can now write challenge records via RFC 2136; Knot signs them and
transfers to ns2, which never holds the key.
2026-06-14 17:12:17 +07:00
machines
Allow ACME DNS-01 dynamic updates on ns1
2026-06-14 17:12:17 +07:00
modules
Enable DNSSEC and automatic SOA serials on the DNS zones
2026-06-14 16:27:30 +07:00
sops
Add machine ns2 to secrets
2026-06-14 12:20:27 +07:00
vars
Update vars via generator dns-acme-tsig for machine ns1
2026-06-14 17:07:17 +07:00
.envrc
Initial commit
2026-06-14 12:11:16 +07:00
.gitignore
Initial commit
2026-06-14 12:11:16 +07:00
clan.nix
Enable emergency-access recovery service
2026-06-14 15:02:34 +07:00
flake.lock
Initial commit
2026-06-14 12:11:16 +07:00
flake.nix
Add authoritative DNS on ns1/ns2 and finalize clan config
2026-06-14 13:24:23 +07:00
inventory.json
update(inventory.json): Installed ns2
2026-06-14 13:34:17 +07:00
S
Description
No description provided
550 KiB
Languages
Nix 100%