From 52c0b6770beb0a9ba0847a8336dfa77b33244ab0 Mon Sep 17 00:00:00 2001
From: Noratrieb <48135649+Noratrieb@users.noreply.github.com>
Date: Sat, 17 Aug 2024 01:35:40 +0200
Subject: [PATCH] CAA DNS

---
 newinfra/nix/modules/dns/nilstrieb.dev.nix | 7 ++++++-
 newinfra/nix/modules/dns/noratrieb.dev.nix | 5 +++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/newinfra/nix/modules/dns/nilstrieb.dev.nix b/newinfra/nix/modules/dns/nilstrieb.dev.nix
index b5a4ca4..fecea2e 100644
--- a/newinfra/nix/modules/dns/nilstrieb.dev.nix
+++ b/newinfra/nix/modules/dns/nilstrieb.dev.nix
@@ -27,6 +27,11 @@ let
         "v=spf1 include:_spf.protonmail.ch ~all"
       ];
 
+      CAA = [
+        { issuerCritical = false; tag = "issue"; value = "letsencrypt.org"; }
+        { issuerCritical = false; tag = "issue"; value = "sectigo.com"; }
+      ];
+
       NS = [
         "ns1.nilstrieb.dev."
         "ns2.nilstrieb.dev."
@@ -45,7 +50,6 @@ let
         cors-school = vps2 // {
           subdomains.api = vps2;
         };
-        docker = vps2;
         olat = vps2;
 
         localhost.A = [ (a "127.0.0.1") ];
@@ -53,6 +57,7 @@ let
         # --- retired:
         bisect-rustc = vps1;
         blog = vps1;
+        docker = vps1;
         www = vps1;
         uptime = vps1;
         hugo-chat = vps1 // {
diff --git a/newinfra/nix/modules/dns/noratrieb.dev.nix b/newinfra/nix/modules/dns/noratrieb.dev.nix
index e4aadac..02e094e 100644
--- a/newinfra/nix/modules/dns/noratrieb.dev.nix
+++ b/newinfra/nix/modules/dns/noratrieb.dev.nix
@@ -32,6 +32,11 @@ let
         "ns2.noratrieb.dev."
       ];
 
+      CAA = [
+        { issuerCritical = false; tag = "issue"; value = "letsencrypt.org"; }
+        { issuerCritical = false; tag = "issue"; value = "sectigo.com"; }
+      ];
+
       subdomains = {
         # --- NS records
         ns1 = dns1;