From 9316ab1a809ccfd42f79fb02445bf288a4a42aac Mon Sep 17 00:00:00 2001
From: Miraty <miraty+git@antopie.org>
Date: Tue, 1 Nov 2022 00:18:06 +0100
Subject: [PATCH] Add config examples for zone transferts with Knot

---
 mkosi.extra/etc/knot/knot-primary.conf   | 53 ++++++++++++++++++++++++
 mkosi.extra/etc/knot/knot-secondary.conf | 37 +++++++++++++++++
 2 files changed, 90 insertions(+)
 create mode 100644 mkosi.extra/etc/knot/knot-primary.conf
 create mode 100644 mkosi.extra/etc/knot/knot-secondary.conf

diff --git a/mkosi.extra/etc/knot/knot-primary.conf b/mkosi.extra/etc/knot/knot-primary.conf
new file mode 100644
index 0000000..62fbad7
--- /dev/null
+++ b/mkosi.extra/etc/knot/knot-primary.conf
@@ -0,0 +1,53 @@
+server:
+    version: "Knot"
+    nsid: ""
+    rundir: "/run/knot"
+    user: "knot:knot"
+    automatic-acl: "on"
+    listen: [ "2001:db8::1@42053", "203.0.113.1@42053" ]
+
+log:
+  - target: "/var/log/knot/knot.log"
+    any: "debug"
+
+database:
+    storage: "/var/lib/knot"
+
+key:
+  - id: "primary-to-secondary."
+    algorithm: "hmac-sha256"
+    secret: "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGH" # keymgr -t primary-to-secondary hmac-sha256
+
+remote:
+  - id: "secondary"
+    address: [ "2001:db8::2@53", "203.0.113.2@53" ]
+    key: "primary-to-secondary."
+
+policy:
+  - id: "niver"
+    algorithm: "ed25519"
+    nsec3: "on"
+    nsec3-iterations: 10
+
+template:
+  - id: "niver-ns"
+    storage: "/srv/niver/ns"
+    file: "%s.zone"
+    zonefile-load: "difference"
+    dnssec-signing: "on"
+    dnssec-policy: "niver"
+    catalog-role: "member"
+    catalog-zone: "niver.test.invalid."
+
+zone:
+  - domain: "niver.test."
+    storage: "/srv/niver/reg"
+    file: "%s.zone"
+    zonefile-load: "difference"
+    dnssec-signing: "on"
+    dnssec-policy: "niver"
+
+  - domain: "niver.test.invalid."
+    notify: "secondary"
+    zonefile-load: "difference"
+    catalog-role: "generate"
diff --git a/mkosi.extra/etc/knot/knot-secondary.conf b/mkosi.extra/etc/knot/knot-secondary.conf
new file mode 100644
index 0000000..5e818d1
--- /dev/null
+++ b/mkosi.extra/etc/knot/knot-secondary.conf
@@ -0,0 +1,37 @@
+server:
+    version: "Knot"
+    nsid: ""
+    rundir: "/run/knot"
+    user: "knot:knot"
+    automatic-acl: "on"
+    listen: [ "2001:db8::2@53", "203.0.113.2@53" ]
+
+log:
+  - target: "/var/log/knot/knot.log"
+    any: "debug"
+
+database:
+    storage: "/var/lib/knot"
+
+key:
+  - id: "primary-to-secondary."
+    algorithm: "hmac-sha256"
+    secret: "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGH"
+
+remote:
+  - id: "primary"
+    address: [ "2001:db8::1@53", "203.0.113.1@53" ]
+    key: "primary-to-secondary."
+
+template:
+  - id: "niver"
+    storage: "/var/lib/knot"
+    file: "%s.zone"
+    master: "primary"
+
+zone:
+  - domain: "niver.test.invalid."
+    master: "primary"
+    catalog-role: interpret
+    catalog-template: "niver"
+