summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2022-05-05 11:26:19 +0200
committerGregor Kleen <gkleen@yggdrasil.li>2022-05-05 11:26:19 +0200
commit910fd2059e7e95a12702695a4991ea133f7a37a7 (patch)
tree0804a07599ae219ea76a0e03caf4e25c7aedc167
parent074d24c8feaa986966d9deffd8f6414f9649093c (diff)
downloadnixos-910fd2059e7e95a12702695a4991ea133f7a37a7.tar
nixos-910fd2059e7e95a12702695a4991ea133f7a37a7.tar.gz
nixos-910fd2059e7e95a12702695a4991ea133f7a37a7.tar.bz2
nixos-910fd2059e7e95a12702695a4991ea133f7a37a7.tar.xz
nixos-910fd2059e7e95a12702695a4991ea133f7a37a7.zip
surtr: bouncy.email
-rw-r--r--hosts/surtr/dns/default.nix2
-rw-r--r--hosts/surtr/dns/keys/bouncy.email_acme.yaml26
-rw-r--r--hosts/surtr/dns/zones/email.bouncy.soa52
-rw-r--r--hosts/surtr/tls/default.nix2
-rw-r--r--hosts/surtr/tls/tsig_keys/bouncy.email26
5 files changed, 107 insertions, 1 deletions
diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix
index e1c24936..aff6e6f3 100644
--- a/hosts/surtr/dns/default.nix
+++ b/hosts/surtr/dns/default.nix
@@ -182,6 +182,8 @@ in {
182 { domain = "rheperire.org"; 182 { domain = "rheperire.org";
183 addACLs = { "rheperire.org" = ["ymir_acme_acl"]; }; 183 addACLs = { "rheperire.org" = ["ymir_acme_acl"]; };
184 } 184 }
185 { domain = "bouncy.email";
186 }
185 ]} 187 ]}
186 ''; 188 '';
187 }; 189 };
diff --git a/hosts/surtr/dns/keys/bouncy.email_acme.yaml b/hosts/surtr/dns/keys/bouncy.email_acme.yaml
new file mode 100644
index 00000000..ef900376
--- /dev/null
+++ b/hosts/surtr/dns/keys/bouncy.email_acme.yaml
@@ -0,0 +1,26 @@
1{
2 "data": "ENC[AES256_GCM,data:+wtxY9yDbNOOorVS7Aur1hJjoRSEygv8kyaMT+9zb4hQ0hhaoLMnkKfB4qR56wOvAy7wvW1OhFhICe5Ii1GDEEHWiRXGGm4mICt+DG4xvqYD1uNUWGdwRNWyv1PPfpjV33/rALanlGqvD6K2hMQAKDzWgrI0oIh13N6v+8R13sC+YtcoaKmt+i6w4Pby3w5TmaxZD0Rfm7PcYz+ZOR+552E6y5OZ+69Kb1wFrDWhYrPBHy8zsV2VcQYgzsB0MUgwjpRtz5j1sbA=,iv:5axeSwNOy/Mbk2cLXCb2hyIhhMmufWMmGIBseIoAq8U=,tag:L3qS4esYwH6rLTHclRk0VQ==,type:str]",
3 "sops": {
4 "kms": null,
5 "gcp_kms": null,
6 "azure_kv": null,
7 "hc_vault": null,
8 "age": null,
9 "lastmodified": "2022-05-05T09:11:47Z",
10 "mac": "ENC[AES256_GCM,data:BeR4eZ9AR8YGYy7eulvod4QwmFlstjS/ic3EIOpNaqDdeHCz5QCWM2+kR47ZQanSmVP1bFrIrnqIbL0lQXhX5a3mclFla61piC1oUELWXcn6jj6kd9QOZx9ZU/VlcKJEtt82nEXb7y8SEbiEHSs3btmAY9pHtYgLB/5grhBVnm8=,iv:3TEVp5wgtem43WEdh7LpMF77cSoP/+FjcH3oHnmmS4o=,tag:JceRss6y1lUbyem3Rqmd/w==,type:str]",
11 "pgp": [
12 {
13 "created_at": "2022-05-05T09:11:46Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAN7OICwH4WzjRMo9QTW242OioK0RQufqkN/KbUQUDPyQw\nXvLmJlDZeNKDDw6KWkbb7ZNZuNF1i43BkrwfOQmYAhDDH4Y+vPYhWK6x6umxULko\n0lwB1J0TOLS17TkTO8atGrGo++hu705cokSQ84mpcercl66d7OzpI5N7I0MhM1A2\nfVdlvj7QNM/AnwXYOpxLeoUJl7D3gL/c/LA9/+5WDOMvNQLDgZI8h72J3q10Aw==\n=EdX/\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-05-05T09:11:46Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAmsryLbhFP1Ac3Y5+ROeDOfiNS1E7veMwxHf9S1sZflEw\nQ4/524tpAa8rgikNV5gmVKE4UVxYrLqwJItskzOML8OMqW5QGVKtHweSvPcMhv3E\n0lwB3pOk770dv0wiyxDl4wEWH/NvK+PWwpvcP4hT7PkLRbaUpov63sj41QOxCQMj\npV/Uvzo5/bKN9ZmF5WfPRmRPRsL8CuZoXEV1F9ZxGFyuRHS4pb4TFLHv+rnbhg==\n=xLXq\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 }
22 ],
23 "unencrypted_suffix": "_unencrypted",
24 "version": "3.7.2"
25 }
26} \ No newline at end of file
diff --git a/hosts/surtr/dns/zones/email.bouncy.soa b/hosts/surtr/dns/zones/email.bouncy.soa
new file mode 100644
index 00000000..d6fdab9b
--- /dev/null
+++ b/hosts/surtr/dns/zones/email.bouncy.soa
@@ -0,0 +1,52 @@
1$ORIGIN bouncy.email.
2$TTL 3600
3@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. (
4 2022050501 ; serial
5 10800 ; refresh
6 3600 ; retry
7 604800 ; expire
8 3600 ; min TTL
9)
10 IN NS ns.yggdrasil.li.
11 IN NS ns.inwx.de.
12 IN NS ns2.inwx.de.
13 IN NS ns3.inwx.eu.
14
15@ IN CAA 128 issue "letsencrypt.org; validationmethods=dns-01"
16@ IN CAA 128 iodef "mailto:caa@yggdrasil.li"
17
18@ IN A 202.61.241.61
19@ IN AAAA 2a03:4000:52:ada::
20@ IN MX 0 mailin.bouncy.email.
21@ IN TXT "v=spf1 a:mailout.bouncy.email -all"
22
23* IN A 202.61.241.61
24* IN AAAA 2a03:4000:52:ada::
25* IN MX 0 mailin.bouncy.email.
26* IN TXT "v=spf1 redirect=bouncy.email"
27
28mailout IN A 202.61.241.61
29mailout IN AAAA 2a03:4000:52:ada::
30mailout IN MX 0 mailin.bouncy.email.
31mailout IN TXT "v=spf1 redirect=bouncy.email"
32
33mailin IN A 202.61.241.61
34mailin IN AAAA 2a03:4000:52:ada::
35mailin IN MX 0 mailin.bouncy.email.
36mailin IN TXT "v=spf1 redirect=bouncy.email"
37
38mailsub IN A 202.61.241.61
39mailsub IN AAAA 2a03:4000:52:ada::
40mailsub IN MX 0 mailin.bouncy.email.
41mailsub IN TXT "v=spf1 redirect=bouncy.email"
42
43_submissions._tcp IN SRV 5 0 465 mailsub.bouncy.email.
44
45imap IN A 202.61.241.61
46imap IN AAAA 2a03:4000:52:ada::
47imap IN MX 0 mailin.bouncy.email.
48imap IN TXT "v=spf1 redirect=bouncy.email"
49
50_imaps._tcp IN SRV 5 0 993 imap.bouncy.email.
51
52_acme-challenge IN NS ns.yggdrasil.li.
diff --git a/hosts/surtr/tls/default.nix b/hosts/surtr/tls/default.nix
index d1478a5b..0f3a7fec 100644
--- a/hosts/surtr/tls/default.nix
+++ b/hosts/surtr/tls/default.nix
@@ -36,7 +36,7 @@ in {
36 }; 36 };
37 37
38 config = { 38 config = {
39 security.acme.domains = genAttrs ["dirty-haskell.org" "141.li" "xmpp.li" "synapse.li" "yggdrasil.li" "praseodym.org" "rheperire.org" "kleen.li" "nights.email"] (domain: { wildcard = true; }); 39 security.acme.domains = genAttrs ["dirty-haskell.org" "141.li" "xmpp.li" "synapse.li" "yggdrasil.li" "praseodym.org" "rheperire.org" "kleen.li" "nights.email" "bouncy.email"] (domain: { wildcard = true; });
40 40
41 fileSystems."/var/lib/acme" = 41 fileSystems."/var/lib/acme" =
42 { device = "surtr/safe/var-lib-acme"; 42 { device = "surtr/safe/var-lib-acme";
diff --git a/hosts/surtr/tls/tsig_keys/bouncy.email b/hosts/surtr/tls/tsig_keys/bouncy.email
new file mode 100644
index 00000000..f6b8377b
--- /dev/null
+++ b/hosts/surtr/tls/tsig_keys/bouncy.email
@@ -0,0 +1,26 @@
1{
2 "data": "ENC[AES256_GCM,data:A9Z9+ZH8xL+ho8AHY68BPpDwccOCFe6kn6vTe+7xiAa2L4OeAQr6ht2Ps0FN,iv:inoeIthQ0qpV+Fgllhu/7AtTbemkx48dBUpw3B4jnmo=,tag:ST1upRnFaiQWQnhmuwSurQ==,type:str]",
3 "sops": {
4 "kms": null,
5 "gcp_kms": null,
6 "azure_kv": null,
7 "hc_vault": null,
8 "age": null,
9 "lastmodified": "2022-05-05T09:11:47Z",
10 "mac": "ENC[AES256_GCM,data:Rp9OZdZ83nXKJqZGq8bEgkrjdDzGIWD1SsaPSEzKdTmL5+N2aqv0hQhmlKqgINSipy3pPr27ojQgDUqSGXNkiOdxOMn1wwxBFL7DBAFOW294KxU1uCXhQMLcYwGHlaEVrzGrNvPE3SEfjgWFTJHyT7j+hI7dVUfPiGYxWJFHg6A=,iv:IQ5x4u8MeChI7Mf5vfUv4s9Y8EaUja8En5yzPP6Vz/U=,tag:64Xu995aal53KQLWl3UOgw==,type:str]",
11 "pgp": [
12 {
13 "created_at": "2022-05-05T09:11:47Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAAg2F1LygQ9z7q2KuTamS1ZyAlKrSsFXevqRRN9LZrzEw\n7JXermDoMQzMuTPdjMUL6E5Rlfk5j2UTHKqa1SoQyUDgmF1hCOny/8+gbVqQySLw\n0lwB2MNRJGOcLWSoxEXHU+bIRiwLX5QZ8MFFrtxkk1hd28RL8JozFio/ZwuNSFSK\nU3jNEajWwxX/Y1ct0KmcVvhhCOwKTinZCebCocB0I12V7ZRMbDzKUc1avLIoVA==\n=JlNZ\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-05-05T09:11:47Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAfoOzVooUt/RCvN/Gyzfg/Ci/6SPOavIFz6a1VY8RCTsw\nbdfL6HQaU+I14B6DdJYV3ThZTvchspexKCt/3tve4fQtLS4YP43Yc/cKyuvJjKhi\n0lwBdH92sKoNZCF8sC+AoH8fOP20jR6DvIXcvvnYrlpOPolQ2xJffrzpFnDmxSC5\n5tKMotnX5iPi0zNR4riAf+li0vboFYpOWyO1vJWtF97EaMdrIaqqC5i98/5qlg==\n=iFkv\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 }
22 ],
23 "unencrypted_suffix": "_unencrypted",
24 "version": "3.7.2"
25 }
26} \ No newline at end of file