blob: b4c70d04ce1337497ab6e50a2637730b2a11d23a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
{
description = "resign-dnssec";
inputs = {
nixpkgs.url = "git+https://forgejo.spacetime.technology/nix-mirrors/nixpkgs?ref=nixpkgs-unstable&shallow=1";
flake-parts.url = "git+https://forgejo.spacetime.technology/nix-mirrors/flake-parts?shallow=1";
system.url = "git+https://forgejo.spacetime.technology/arbel/nix-system?shallow=1";
};
outputs = { self, ... }@inputs:
inputs.flake-parts.lib.mkFlake { inherit inputs self; } {
flake = {
};
systems = inputs.system.arches;
perSystem = { pkgs, ... }: {
devShells = {
default = pkgs.mkShell {
nativeBuildInputs = [
pkgs.dig
pkgs.bind
];
};
};
apps = {
default = self.apps.sign-root-zone;
sign-root-zone = {
type = "app";
program = pkgs.writeShellApplication {
name = "sign-root-zone";
runtimeInputs = [ pkgs.bind pkgs.git ];
text = /*bash*/ ''
set -x
tmpdir="$(mktemp -d)"
cleanup () {
if [ -n "$tmpdir" ]; then
rm -r "$tmpdir"
fi
}
trap cleanup EXIT
dnssec-keygen -K "$tmpdir" -f KSK -a ECDSA384 -b 4096 -n ZONE .
cp "$tmpdir/"*.key ./output/anchor.key
dnssec-dsfromkey "$tmpdir/"*.key > ./output/anchor.ds
mkdir -p "$tmpdir/zonekey"
dnssec-keygen -K "$tmpdir/zonekey" -a ECDSA384 -b 4096 -n ZONE .
echo "$tmpdir"
'';
};
};
};
};
};
}
|
