sys/ns: enable acme-dns for DNS-01 challenges

author: Alejandro Soto <alejandro@34project.org> 2025-04-26 14:08:37 -0600
committer: Alejandro Soto <alejandro@34project.org> 2025-04-26 16:59:02 -0600
commit: bd48c60838871dcf17899aa1f341914880104b6e (patch)
tree: b7944abbe10dd74c0773ae103a58a0cace5e286a /sys/ns/ns.nix
parent: 1039d1d47a53be0c814a03608e94a9d0e8f4405b (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/sys/ns/ns.nix b/sys/ns/ns.nix
index a1b1605..1e74502 100644
--- a/sys/ns/ns.nix
+++ b/sys/ns/ns.nix
@@ -21,6 +21,11 @@ in
             options.localNS = {
               enable = mkEnableOption "local NS settings";
 
+              acme = mkOption {
+                default = { };
+                type = attrsOf str;
+              };
+
               ptrNet = {
                 v4 = mkOption {
                   type = nullOr str;
@@ -90,6 +95,13 @@ in
                 soa = mkIf ptrDomain {
                   authorityZone = mkDefault "${domain}.";
                 };
+
+                cname = mapAttrsToList
+                  (name: id: {
+                    name = "_acme-challenge" + optionalString (name != "@") ".${name}";
+                    target = "${id}.acme-challenge.${domain}.";
+                  })
+                  cfg.acme;
               };
           }));
   };
author	Alejandro Soto <alejandro@34project.org>	2025-04-26 14:08:37 -0600
committer	Alejandro Soto <alejandro@34project.org>	2025-04-26 16:59:02 -0600
commit	bd48c60838871dcf17899aa1f341914880104b6e (patch)
tree	b7944abbe10dd74c0773ae103a58a0cace5e286a /sys/ns/ns.nix
parent	1039d1d47a53be0c814a03608e94a9d0e8f4405b (diff)