diff options
Diffstat (limited to 'flake.nix')
| -rw-r--r-- | flake.nix | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..b4c70d0 --- /dev/null +++ b/flake.nix @@ -0,0 +1,57 @@ +{ + description = "resign-dnssec"; + + inputs = { + nixpkgs.url = "git+https://forgejo.spacetime.technology/nix-mirrors/nixpkgs?ref=nixpkgs-unstable&shallow=1"; + flake-parts.url = "git+https://forgejo.spacetime.technology/nix-mirrors/flake-parts?shallow=1"; + system.url = "git+https://forgejo.spacetime.technology/arbel/nix-system?shallow=1"; + }; + + outputs = { self, ... }@inputs: + inputs.flake-parts.lib.mkFlake { inherit inputs self; } { + flake = { + }; + systems = inputs.system.arches; + perSystem = { pkgs, ... }: { + devShells = { + default = pkgs.mkShell { + nativeBuildInputs = [ + pkgs.dig + pkgs.bind + ]; + }; + }; + apps = { + default = self.apps.sign-root-zone; + sign-root-zone = { + type = "app"; + program = pkgs.writeShellApplication { + name = "sign-root-zone"; + runtimeInputs = [ pkgs.bind pkgs.git ]; + text = /*bash*/ '' + set -x + tmpdir="$(mktemp -d)" + cleanup () { + if [ -n "$tmpdir" ]; then + rm -r "$tmpdir" + fi + } + trap cleanup EXIT + + dnssec-keygen -K "$tmpdir" -f KSK -a ECDSA384 -b 4096 -n ZONE . + cp "$tmpdir/"*.key ./output/anchor.key + dnssec-dsfromkey "$tmpdir/"*.key > ./output/anchor.ds + + mkdir -p "$tmpdir/zonekey" + dnssec-keygen -K "$tmpdir/zonekey" -a ECDSA384 -b 4096 -n ZONE . + + + echo "$tmpdir" + + ''; + }; + }; + }; + }; + }; +} |