From 866793e0ce378d9fa0ab9eee565f5f14e17ed7e6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= <sandro.jaeckel@gmail.com>
Date: Sat, 23 Mar 2024 20:57:27 +0100
Subject: [PATCH] knot: add dns catalog

---
 hosts/knot/default.nix | 61 ++++++++++++++++++++++++++++--------------
 1 file changed, 41 insertions(+), 20 deletions(-)

diff --git a/hosts/knot/default.nix b/hosts/knot/default.nix
index 7f7d097b..b94d96e6 100644
--- a/hosts/knot/default.nix
+++ b/hosts/knot/default.nix
@@ -60,6 +60,17 @@
           ];
           action = [ "transfer" "notify" ];
         }
+        {
+          # https://www.knot-dns.cz/docs/3.3/singlehtml/index.html#catalog-zones-configuration-examples
+          id = "zone_xfr";
+          address  = [
+            # ns.spaceboyz.net
+            "95.217.229.209" "2a01:4f9:4b:39ec::4"
+            # ns1.supersandro.de
+            "188.34.196.104" "2a01:4f8:1c1c:1d38::1"
+          ];
+          action = "transfer";
+        }
       ];
 
       log = [ {
@@ -81,11 +92,6 @@
           id = "ns0.q-ix.net";
           address = [ "217.115.12.65" "2a00:1328:e101:b01::1" ];
         }
-        # {
-          # TODO
-          # id = "ns1.supersandro.de";
-          # address = [ "188.34.196.104" "2a01:4f8:1c1c:1d38::1" ];
-        # }
       ];
 
       remotes = [ {
@@ -108,24 +114,39 @@
         version = null;
       };
 
-      template = [ {
-        id = "default";
-        # dnssec-signing = true; ???
-        file = "%s.zone";
-        global-module = [ "mod-stats" ];
-        journal-content = "all"; # required for zonefile-load=difference-no-serial and makes cold starts like zone reloads
-        module = "mod-stats/default";
-        semantic-checks = true;
-        serial-policy = "dateserial";
-        storage = "/var/lib/knot/zones";
-        zonefile-load = "difference-no-serial";
-      } ];
+      template = [
+        {
+          # default is a magic name and is always loaded.
+          # Because we want to use catalog-role/catalog-zone settings for all zones *except* the catalog zone itself, we must split the templates
+          id = "default";
+          global-module = [ "mod-stats" ];
+        }
+        {
+          id = "c3d2";
+          catalog-role = "member";
+          catalog-zone = "c3d2.";
+          dnssec-signing = true;
+          file = "%s.zone";
+          journal-content = "all"; # required for zonefile-load=difference-no-serial and makes cold starts like zone reloads
+          module = "mod-stats/default";
+          semantic-checks = true;
+          serial-policy = "dateserial";
+          storage = "/var/lib/knot/zones";
+          zonefile-load = "difference-no-serial";
+        }
+      ];
 
-      zone = map ({ acl ? [], ... }@zone: {
+      zone = [
+        {
+          domain = "c3d2.";
+          acl = "zone_xfr";
+          catalog-role = "generate";
+        }
+      ] ++ map ({ acl ? [], ... }@zone: {
         inherit (zone) domain;
-        template = "default";
+        template = "c3d2";
         notify = [ "all" ];
-        acl = [ "axfr" ] ++ acl;
+        acl = [ "axfr" "zone_xfr" ] ++ acl;
       }) [
         { domain = "c3dd.de"; }
         { domain = "c3d2.de"; acl = [ "jabber" ]; }