trust-dns: document SOA parameters

hosts/servo/services/ddns-afraid.nix

@@ -0,0 +1,29 @@
+{ config, pkgs, ... }:
+
+{
+  systemd.services.ddns-afraid = {
+    description = "update dynamic DNS entries for freedns.afraid.org";
+    serviceConfig = {
+      EnvironmentFile = config.sops.secrets.ddns_afraid.path;
+      # TODO: ProtectSystem = "strict";
+      # TODO: ProtectHome = "full";
+      # TODO: PrivateTmp = true;
+    };
+    script = let
+      crl = "${pkgs.curl}/bin/curl -4";
+    in ''
+      ${curl} "https://freedns.afraid.org/dynamic/update.php?$AFRAID_KEY"
+    '';
+  };
+  systemd.timers.ddns-afraid = {
+    wantedBy = [ "multi-user.target" ];
+    timerConfig = {
+      OnStartupSec = "2min";
+      OnUnitActiveSec = "10min";
+    };
+  };
+
+  sops.secrets."ddns_afraid" = {
+    sopsFile = ../../../secrets/servo.yaml;
+  };
+}

hosts/servo/services/trust-dns/uninsane.org.zone

@@ -1,5 +1,8 @@
 $TTL 900
 ; SOA record structure: <https://en.wikipedia.org/wiki/SOA_record#Structure>
+; SOA MNAME RNAME (... rest)
+; MNAME = Master name server for this zone. this is where update requests should be sent.
+; RNAME = admin contact (encoded email address)
 ; Serial = YYYYMMDDNN, where N is incremented every time this file changes, to trigger secondary NS to re-fetch it.
 ; Refresh = how frequently secondary NS should query master
 ; Retry = how long secondary NS should wait until re-querying master after a failure (must be < Refresh)