diff options
| author | Gregor Kleen <gkleen@yggdrasil.li> | 2022-01-31 16:57:39 +0100 |
|---|---|---|
| committer | Gregor Kleen <gkleen@yggdrasil.li> | 2022-01-31 16:57:39 +0100 |
| commit | b3c4357df217f0d455846c6f98243b97a3e310b1 (patch) | |
| tree | d18dffd73a766bf99e0772598780a494f2718f1a | |
| parent | 79c5b22aab148af419788ad8cf3fd0ebb93c8f5a (diff) | |
| download | nixos-b3c4357df217f0d455846c6f98243b97a3e310b1.tar nixos-b3c4357df217f0d455846c6f98243b97a3e310b1.tar.gz nixos-b3c4357df217f0d455846c6f98243b97a3e310b1.tar.bz2 nixos-b3c4357df217f0d455846c6f98243b97a3e310b1.tar.xz nixos-b3c4357df217f0d455846c6f98243b97a3e310b1.zip | |
...
| -rw-r--r-- | hosts/surtr/http.nix | 4 | ||||
| -rw-r--r-- | hosts/surtr/tls.nix | 63 |
2 files changed, 38 insertions, 29 deletions
diff --git a/hosts/surtr/http.nix b/hosts/surtr/http.nix index a5f08dfe..bca89a4c 100644 --- a/hosts/surtr/http.nix +++ b/hosts/surtr/http.nix | |||
| @@ -58,6 +58,8 @@ | |||
| 58 | }; | 58 | }; |
| 59 | }; | 59 | }; |
| 60 | }; | 60 | }; |
| 61 | security.acme.domains."webdav.141.li" = {}; | 61 | security.acme.domains."webdav.141.li" = { |
| 62 | zone = "141.li"; | ||
| 63 | }; | ||
| 62 | }; | 64 | }; |
| 63 | } | 65 | } |
diff --git a/hosts/surtr/tls.nix b/hosts/surtr/tls.nix index 704941e2..97a9649d 100644 --- a/hosts/surtr/tls.nix +++ b/hosts/surtr/tls.nix | |||
| @@ -11,40 +11,43 @@ let | |||
| 11 | EXEC_PROPAGATION_TIMEOUT=300 | 11 | EXEC_PROPAGATION_TIMEOUT=300 |
| 12 | EXEC_POLLING_INTERVAL=5 | 12 | EXEC_POLLING_INTERVAL=5 |
| 13 | ''; | 13 | ''; |
| 14 | knotDNSExec = zone: pkgs.writeScriptBin "update-dns.sh" '' | 14 | knotDNSExec = domain: |
| 15 | #!${pkgs.zsh}/bin/zsh -xe | 15 | let |
| 16 | zone = if cfg.domains.${domain}.zone == null then domain else cfg.domains.${domain}.zone; | ||
| 17 | in pkgs.writeScriptBin "update-dns.sh" '' | ||
| 18 | #!${pkgs.zsh}/bin/zsh -xe | ||
| 16 | 19 | ||
| 17 | mode=$1 | 20 | mode=$1 |
| 18 | fqdn=$2 | 21 | fqdn=$2 |
| 19 | challenge=$3 | 22 | challenge=$3 |
| 20 | 23 | ||
| 21 | owner=''${fqdn%".${zone}."} | 24 | owner=''${fqdn%".${domain}."} |
| 22 | 25 | ||
| 23 | commited= | 26 | commited= |
| 24 | function abort() { | 27 | function abort() { |
| 25 | [[ -n "''${commited}" ]] || ${knotCfg.cliWrappers}/bin/knotc zone-abort "${zone}" | 28 | [[ -n "''${commited}" ]] || ${knotCfg.cliWrappers}/bin/knotc zone-abort "${zone}" |
| 26 | } | 29 | } |
| 27 | 30 | ||
| 28 | ${knotCfg.cliWrappers}/bin/knotc zone-begin "${zone}" | 31 | ${knotCfg.cliWrappers}/bin/knotc zone-begin "${zone}" |
| 29 | trap abort EXIT | 32 | trap abort EXIT |
| 30 | 33 | ||
| 31 | case "''${mode}" in | 34 | case "''${mode}" in |
| 32 | present) | 35 | present) |
| 33 | ${knotCfg.cliWrappers}/bin/knotc zone-unset ${zone} "''${owner}" TXT '""' | 36 | ${knotCfg.cliWrappers}/bin/knotc zone-unset ${zone} "''${owner}" TXT '""' |
| 34 | ${knotCfg.cliWrappers}/bin/knotc zone-set ${zone} "''${owner}" 30 TXT "''${challenge}" | 37 | ${knotCfg.cliWrappers}/bin/knotc zone-set ${zone} "''${owner}" 30 TXT "''${challenge}" |
| 35 | ;; | 38 | ;; |
| 36 | cleanup) | 39 | cleanup) |
| 37 | ${knotCfg.cliWrappers}/bin/knotc zone-unset ${zone} "''${owner}" TXT "''${challenge}" | 40 | ${knotCfg.cliWrappers}/bin/knotc zone-unset ${zone} "''${owner}" TXT "''${challenge}" |
| 38 | ${knotCfg.cliWrappers}/bin/knotc zone-set ${zone} "''${owner}" 30 TXT '""' | 41 | ${knotCfg.cliWrappers}/bin/knotc zone-set ${zone} "''${owner}" 30 TXT '""' |
| 39 | ;; | 42 | ;; |
| 40 | *) | 43 | *) |
| 41 | exit 2 | 44 | exit 2 |
| 42 | ;; | 45 | ;; |
| 43 | esac | 46 | esac |
| 44 | 47 | ||
| 45 | ${knotCfg.cliWrappers}/bin/knotc zone-commit "${zone}" | 48 | ${knotCfg.cliWrappers}/bin/knotc zone-commit "${zone}" |
| 46 | commited=yes | 49 | commited=yes |
| 47 | ''; | 50 | ''; |
| 48 | 51 | ||
| 49 | domainOptions = { | 52 | domainOptions = { |
| 50 | options = { | 53 | options = { |
| @@ -52,6 +55,10 @@ let | |||
| 52 | type = types.bool; | 55 | type = types.bool; |
| 53 | default = false; | 56 | default = false; |
| 54 | }; | 57 | }; |
| 58 | zone = mkOption { | ||
| 59 | type = types.nullOr types.str; | ||
| 60 | default = null; | ||
| 61 | }; | ||
| 55 | }; | 62 | }; |
| 56 | }; | 63 | }; |
| 57 | in { | 64 | in { |