# DNS Configuration

DNS records are managed with [dnscontrol](https://docs.dnscontrol.org/).

## Setup

1. Create/edit DNS credentials in agenix:
   ```bash
   cd secrets
   agenix -e dns-creds.age
   ```
   
   Format the JSON like `creds.json` example:
   ```json
   {
     "cloudflare": {
       "TYPE": "CLOUDFLAREAPI",
       "accountid": "your-account-id",
       "apitoken": "your-api-token"
     }
   }
   ```

2. Update `dnscontrol.js` with your static IP address (replace `TODO_STATIC_IP`)

3. If using a different DNS provider, update the provider in `dnscontrol.js`

## Commands

On the server, credentials are auto-decrypted to `/run/agenix/dns-creds`.

**Preview changes:**
```bash
cd /etc/nixos/dns
dnscontrol preview --config dnscontrol.js --creds /run/agenix/dns-creds
```

**Apply changes:**
```bash
dnscontrol push --config dnscontrol.js --creds /run/agenix/dns-creds
```

**Validate config:**
```bash
dnscontrol check --config dnscontrol.js
```

## DNS Records

All subdomains point to the same static IP:

- `pds.commonscomputer.com` → PDS (port 5556, proxied via Caddy)
- `knot.commonscomputer.com` → Tangled Knot (port 5555, proxied via Caddy)
- `spindle.commonscomputer.com` → Tangled Spindle (port 6555, proxied via Caddy)

Caddy handles HTTPS termination and reverse proxying to the internal services.