init test if runner can use tmpfilesHEADmaster

1 files changed, 57 insertions, 0 deletions

diff --git a/flake.nix b/flake.nix
new file mode 100644
index 0000000..b4c70d0
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,57 @@
+{
+  description = "resign-dnssec";
+
+  inputs = {
+    nixpkgs.url = "git+https://forgejo.spacetime.technology/nix-mirrors/nixpkgs?ref=nixpkgs-unstable&shallow=1";
+    flake-parts.url = "git+https://forgejo.spacetime.technology/nix-mirrors/flake-parts?shallow=1";
+    system.url = "git+https://forgejo.spacetime.technology/arbel/nix-system?shallow=1";
+  };
+
+  outputs = { self, ... }@inputs:
+  inputs.flake-parts.lib.mkFlake { inherit inputs self; } {
+  flake = {
+  };
+  systems = inputs.system.arches;
+    perSystem = { pkgs, ... }: {
+      devShells = {
+        default = pkgs.mkShell {
+          nativeBuildInputs = [
+            pkgs.dig
+            pkgs.bind
+          ];
+        };
+      };
+      apps = {
+        default = self.apps.sign-root-zone;
+        sign-root-zone = {
+          type = "app";
+          program = pkgs.writeShellApplication {
+            name = "sign-root-zone";
+            runtimeInputs = [ pkgs.bind pkgs.git ];
+            text = /*bash*/ ''
+              set -x
+              tmpdir="$(mktemp -d)"
+              cleanup () {
+                if [ -n "$tmpdir" ]; then
+                  rm -r "$tmpdir"
+                fi
+              }
+              trap cleanup EXIT
+
+              dnssec-keygen -K "$tmpdir" -f KSK -a ECDSA384 -b 4096 -n ZONE .
+              cp "$tmpdir/"*.key ./output/anchor.key
+              dnssec-dsfromkey "$tmpdir/"*.key > ./output/anchor.ds
+
+              mkdir -p "$tmpdir/zonekey"
+              dnssec-keygen -K "$tmpdir/zonekey" -a ECDSA384 -b 4096 -n ZONE .
+
+
+              echo "$tmpdir"
+
+            '';
+          };
+        };
+      };
+    };
+  };
+}