Anish Lakhwara
57 lines
1.3 KiB
Markdown
57 lines
1.3 KiB
Markdown
# DNS Configuration
|
|
|
|
DNS records are managed with [dnscontrol](https://docs.dnscontrol.org/).
|
|
|
|
## Setup
|
|
|
|
1. Create/edit DNS credentials in agenix:
|
|
```bash
|
|
cd secrets
|
|
agenix -e dns-creds.age
|
|
```
|
|
|
|
Format the JSON like `creds.json` example:
|
|
```json
|
|
{
|
|
"cloudflare": {
|
|
"TYPE": "CLOUDFLAREAPI",
|
|
"accountid": "your-account-id",
|
|
"apitoken": "your-api-token"
|
|
}
|
|
}
|
|
```
|
|
|
|
2. Update `dnscontrol.js` with your static IP address (replace `TODO_STATIC_IP`)
|
|
|
|
3. If using a different DNS provider, update the provider in `dnscontrol.js`
|
|
|
|
## Commands
|
|
|
|
On the server, credentials are auto-decrypted to `/run/agenix/dns-creds`.
|
|
|
|
**Preview changes:**
|
|
```bash
|
|
cd /etc/nixos/dns
|
|
dnscontrol preview --config dnscontrol.js --creds /run/agenix/dns-creds
|
|
```
|
|
|
|
**Apply changes:**
|
|
```bash
|
|
dnscontrol push --config dnscontrol.js --creds /run/agenix/dns-creds
|
|
```
|
|
|
|
**Validate config:**
|
|
```bash
|
|
dnscontrol check --config dnscontrol.js
|
|
```
|
|
|
|
## DNS Records
|
|
|
|
All subdomains point to the same static IP:
|
|
|
|
- `pds.commonscomputer.com` → PDS (port 5556, proxied via Caddy)
|
|
- `knot.commonscomputer.com` → Tangled Knot (port 5555, proxied via Caddy)
|
|
- `spindle.commonscomputer.com` → Tangled Spindle (port 6555, proxied via Caddy)
|
|
|
|
Caddy handles HTTPS termination and reverse proxying to the internal services.
|