From bd48c60838871dcf17899aa1f341914880104b6e Mon Sep 17 00:00:00 2001
From: Alejandro Soto <alejandro@34project.org>
Date: Sat, 26 Apr 2025 14:08:37 -0600
Subject: sys/ns: enable acme-dns for DNS-01 challenges

---
 sys/ns/ns.nix | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'sys/ns/ns.nix')

diff --git a/sys/ns/ns.nix b/sys/ns/ns.nix
index a1b1605..1e74502 100644
--- a/sys/ns/ns.nix
+++ b/sys/ns/ns.nix
@@ -21,6 +21,11 @@ in
             options.localNS = {
               enable = mkEnableOption "local NS settings";
 
+              acme = mkOption {
+                default = { };
+                type = attrsOf str;
+              };
+
               ptrNet = {
                 v4 = mkOption {
                   type = nullOr str;
@@ -90,6 +95,13 @@ in
                 soa = mkIf ptrDomain {
                   authorityZone = mkDefault "${domain}.";
                 };
+
+                cname = mapAttrsToList
+                  (name: id: {
+                    name = "_acme-challenge" + optionalString (name != "@") ".${name}";
+                    target = "${id}.acme-challenge.${domain}.";
+                  })
+                  cfg.acme;
               };
           }));
   };
-- 
cgit v1.2.3