From d2a8bedb686f503fcdbd30f05bff7dd0627e7882 Mon Sep 17 00:00:00 2001
From: Johannes Löthberg <johannes@kyriasis.com>
Date: Sat, 27 Aug 2022 23:18:50 +0200
Subject: Add remmy.io zone
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
---
 named-slave.conf |  9 +++++++++
 named.conf       | 12 ++++++++++++
 remmy.io.zone    | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 73 insertions(+)
 create mode 100644 remmy.io.zone

diff --git a/named-slave.conf b/named-slave.conf
index b081d90..607e4bd 100644
--- a/named-slave.conf
+++ b/named-slave.conf
@@ -35,6 +35,15 @@ zone "kyriasis.com" {
 	};
 };
 
+zone "remmy.io" {
+	type slave;
+	file "remmy.io.zone";
+	masters {
+		212.71.254.33; // theos
+		2a01:7e00::f03c:91ff:fe6e:f996; // theos
+	};
+};
+
 zone "the-tk.com" {
 	type slave;
 	file "the-tk.com.zone";
diff --git a/named.conf b/named.conf
index 2570f1c..e84cac4 100644
--- a/named.conf
+++ b/named.conf
@@ -44,6 +44,18 @@ zone "kyriasis.com" IN {
 	dnssec-policy standard;
 };
 
+zone "remmy.io" IN {
+	type master;
+	file "dns/remmy.io.zone";
+	allow-transfer {
+		178.79.157.58; // lucifer
+		2a01:7e00::f03c:91ff:fe69:1787; // lucifer
+	};
+	notify explicit;
+
+	dnssec-policy standard;
+};
+
 zone "the-tk.com" {
 	type slave;
 	file "the-tk.com.zone";
diff --git a/remmy.io.zone b/remmy.io.zone
new file mode 100644
index 0000000..0e1d15f
--- /dev/null
+++ b/remmy.io.zone
@@ -0,0 +1,52 @@
+; vi: ft=bindzone:ts=8:sw=8:nowrap:et
+$ORIGIN remmy.io.
+$TTL 24h
+
+@       IN       SOA     ns1.kyriasis.com. hostmaster.remmy.io (
+                                2208272237  ; serial
+                                24h         ; refresh
+                                2h          ; retry
+                                1w          ; expire
+                                4h          ; minttl
+                        )
+                 NS ns1.kyriasis.com.
+                 NS ns2.kyriasis.com.
+
+                 ; -> theos.kyriasis.com
+                 A       212.71.254.33
+                 AAAA    2a01:7e00:e000:136::1
+
+www              CNAME remmy.io.
+
+;; Gallery
+gallery          CNAME   remmy.io.
+gallery-static   CNAME   remmy.io.
+
+;;;; Email
+
+;; MX
+@                MX      0 theos.kyriasis.com
+
+;; DMARC <https://tools.ietf.org/html/rfc7489>
+_dmarc           TXT     "v=DMARC1; adkim=r; aspf=r; fo=1:d:s; p=none; rua=mailto:aggrep@remmy.io; ruf=mailto:authfail@remmy.io"
+
+;; SPF <http://tools.ietf.org/html/rfc4408>
+@                TXT    "v=spf1 a mx ip4:178.79.157.58 ip6:2a01:7e00::f03c:91ff:fe69:1787 ~all"
+@                SPF    "v=spf1 a mx ip4:178.79.157.58 ip6:2a01:7e00::f03c:91ff:fe69:1787 ~all"
+
+;; DKIM <http://tools.ietf.org/html/rfc6376>
+theos._domainkey TXT    "k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5u7MOeQk0oIgy64BcFDvmxiRGuZBPTFaFvRTz0LZMIq66E0iW76RFC9tBONQrVvVUCeMldmgy7AGjRMbZaszgtL14PJQeD9HDfbVnEVQhS12kMY2HPR3HruwfLcSgADjBwt3nVkdXusjTsNoGB/Yj7+Bdr/HFHi5blLB3a+6S7wIDAQAB"
+
+
+;; Google Postmaster Tools
+@                TXT     "google-site-verification=oBjxYyNlVzkw3gcMJcXx9_ElXSULYrraglg-ytnEgWQ"
+
+;;;; Certificates
+;; CAA
+@                CAA     0 issue "letsencrypt.org"
+@                CAA     0 iodef "mailto:certificates@remmy.io"
+
+;; TLSA
+$INCLUDE "dns/letsencrypt-tlsa.zone" _443._tcp.remmy.io
+$INCLUDE "dns/letsencrypt-tlsa.zone" _443._tcp.gallery.remmy.io
+$INCLUDE "dns/letsencrypt-tlsa.zone" _443._tcp.gallery-static.remmy.io
-- 
cgit v1.2.3-54-g00ecf