summaryrefslogtreecommitdiff
path: root/hosts/surtr/dns
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2022-02-22 13:24:29 +0100
committerGregor Kleen <gkleen@yggdrasil.li>2022-02-22 13:24:29 +0100
commitf6e32c687607fbc666a41eda574ff1e10a630ece (patch)
treeb6f65088fac4cde37a45be249fa5b6033f390e24 /hosts/surtr/dns
parent579c228bb7fa946f778fd805eefaff02e1e5b6e9 (diff)
downloadnixos-f6e32c687607fbc666a41eda574ff1e10a630ece.tar
nixos-f6e32c687607fbc666a41eda574ff1e10a630ece.tar.gz
nixos-f6e32c687607fbc666a41eda574ff1e10a630ece.tar.bz2
nixos-f6e32c687607fbc666a41eda574ff1e10a630ece.tar.xz
nixos-f6e32c687607fbc666a41eda574ff1e10a630ece.zip
...
Diffstat (limited to 'hosts/surtr/dns')
-rw-r--r--hosts/surtr/dns/default.nix16
-rw-r--r--hosts/surtr/dns/keys/webdav.141.li_acme.yaml26
-rw-r--r--hosts/surtr/dns/zones/li.141.soa3
3 files changed, 43 insertions, 2 deletions
diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix
index 2079585c..971de5e8 100644
--- a/hosts/surtr/dns/default.nix
+++ b/hosts/surtr/dns/default.nix
@@ -25,6 +25,7 @@ in {
25 enable = true; 25 enable = true;
26 keyFiles = [ 26 keyFiles = [
27 config.sops.secrets."rheperire.org_acme_key.yaml".path 27 config.sops.secrets."rheperire.org_acme_key.yaml".path
28 config.sops.secrets."webdav.141.li_acme_key.yaml".path
28 config.sops.secrets."knot_local_key.yaml".path 29 config.sops.secrets."knot_local_key.yaml".path
29 ]; 30 ];
30 extraConfig = '' 31 extraConfig = ''
@@ -50,6 +51,9 @@ in {
50 - id: rheperire.org_acme_acl 51 - id: rheperire.org_acme_acl
51 key: rheperire.org_acme_key 52 key: rheperire.org_acme_key
52 action: update 53 action: update
54 - id: webdav.141.li_acme_acl
55 key: webdav.141.li_acme_key
56 action: update
53 - id: local_acl 57 - id: local_acl
54 key: local_key 58 key: local_key
55 action: update 59 action: update
@@ -130,7 +134,12 @@ in {
130 134
131 - domain: 141.li 135 - domain: 141.li
132 template: inwx_zone 136 template: inwx_zone
137 acl: [local_acl, inwx_acl]
133 file: ${./zones/li.141.soa} 138 file: ${./zones/li.141.soa}
139 - domain: _acme-challenge.webdav.141.li
140 template: acme_zone
141 acl: [webdav.141.li_acme_acl]
142 file: ${acmeChallengeZonefile "webdav.141.li"}
134 143
135 - domain: kleen.li 144 - domain: kleen.li
136 template: inwx_zone 145 template: inwx_zone
@@ -150,8 +159,8 @@ in {
150 159
151 - domain: rheperire.org 160 - domain: rheperire.org
152 template: inwx_zone 161 template: inwx_zone
153 file: ${./zones/org.rheperire.soa}
154 acl: [local_acl, inwx_acl] 162 acl: [local_acl, inwx_acl]
163 file: ${./zones/org.rheperire.soa}
155 - domain: _acme-challenge.rheperire.org 164 - domain: _acme-challenge.rheperire.org
156 template: acme_zone 165 template: acme_zone
157 acl: [rheperire.org_acme_acl] 166 acl: [rheperire.org_acme_acl]
@@ -165,6 +174,11 @@ in {
165 owner = "knot"; 174 owner = "knot";
166 sopsFile = ./keys/rheperire.org_acme.yaml; 175 sopsFile = ./keys/rheperire.org_acme.yaml;
167 }; 176 };
177 "webdav.141.li_acme_key.yaml" = {
178 format = "binary";
179 owner = "knot";
180 sopsFile = ./keys/webdav.141.li_acme.yaml;
181 };
168 "knot_local_key.yaml" = { 182 "knot_local_key.yaml" = {
169 format = "binary"; 183 format = "binary";
170 owner = "knot"; 184 owner = "knot";
diff --git a/hosts/surtr/dns/keys/webdav.141.li_acme.yaml b/hosts/surtr/dns/keys/webdav.141.li_acme.yaml
new file mode 100644
index 00000000..b0f05df6
--- /dev/null
+++ b/hosts/surtr/dns/keys/webdav.141.li_acme.yaml
@@ -0,0 +1,26 @@
1{
2 "data": "ENC[AES256_GCM,data:WNZ6BAzz5b0mnr2XqVQM82NFuQJz3bBK76DmnA/xvFPLvAmN4tCDzcu4NrdihcpQZ9J5ZiiIynJH1RBB/hd9ut+e/ByHv954XW3o/Ml5gb1Nl6zkCSAb3uxnjTlf5dm9ROWzx+NBLvIt8DELMYuV/NRtRq6w3ZCWbEp/I3N/r/VPhIw7PkagI9QWNkXp0l2qBml/xwxO2HnZxE7WXtphpOfNZtBuWPF49gO2UeVHrsAfxVgtGNmY9IjBExSQDThDJmo8nFUvrLVydQ==,iv:MQHy1Hi2kASjm684tL3JT5xcdc4mrTWjJWCB4adl1Uk=,tag:IzUtLbMoeRu/Km7o3RTxbg==,type:str]",
3 "sops": {
4 "kms": null,
5 "gcp_kms": null,
6 "azure_kv": null,
7 "hc_vault": null,
8 "age": null,
9 "lastmodified": "2022-02-22T12:22:44Z",
10 "mac": "ENC[AES256_GCM,data:tGfEoG8C+zqkBRtfaCNrmuR6dG8kmaRexM6szkSmOsFVgzl3wGsPmVai4rFhgXsozOmt2Lchc01uRqERA+HIkkaMFdVDLWzMEGytEeE1s1JYCVNEc/RmjgeKqxwHuAv5cFGn8ZNZ9JKMF566wUFjjWM/AQffNYCdtSni8tV6eWg=,iv:qoyig97CBgl9X9Z6qbKunu8fvbiiW4uRtErM8nrb9MM=,tag:zFuAbP7ZsEgKGDOo9ACmrw==,type:str]",
11 "pgp": [
12 {
13 "created_at": "2022-02-22T12:22:44Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAEvqLWBZvD3I4xE6W7MKPD9eDGyKa3hpXracLRTHT4hYw\nqy+itvTL207VL0fU8Ve+rmxFjEaMvowFgwWk7+p98thgtbCcUNTxIF4gH2HjSOWS\n0l4Bb3G2vvDhUv1i0AR5WohSdfi5eyQjvt8HqJQ/0hBBwIL4IEcWjpBE+rX/460S\n4gigrXHpgSKZ/i/Aselm6XZhB0jNUf3pZ3pnCQPJpyrLGnFXwCSqB6EaREKU+6BK\n=dSPd\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-02-22T12:22:44Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAWXk1C46X8TTkWhHfTMhgo1KnKlCl8A8lzsAo7mqnpzcw\ncoae53lNWGeoCSfOl5E2oSVCgZzEu5R9kC9aLRJgDushXZ56XtTUUF4ggCHogJqE\n0l4B942HOIlWHSlbfOs1/0R5QPnXC1OQ0E6XEVJmBgnUNB3EG473eCTJeabwlaq8\nNgFlL09go4ISjnlKDIgfQZGI9u1j0PyDJ3MtQTnb2j8kzfbcsGcpSLQRn7kzSsjO\n=x5xi\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 }
22 ],
23 "unencrypted_suffix": "_unencrypted",
24 "version": "3.7.1"
25 }
26} \ No newline at end of file
diff --git a/hosts/surtr/dns/zones/li.141.soa b/hosts/surtr/dns/zones/li.141.soa
index 8c357b35..fbff1cad 100644
--- a/hosts/surtr/dns/zones/li.141.soa
+++ b/hosts/surtr/dns/zones/li.141.soa
@@ -1,7 +1,7 @@
1$ORIGIN 141.li. 1$ORIGIN 141.li.
2$TTL 3600 2$TTL 3600
3@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( 3@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. (
4 2022022102 ; serial 4 2022022200 ; serial
5 10800 ; refresh 5 10800 ; refresh
6 3600 ; retry 6 3600 ; retry
7 604800 ; expire 7 604800 ; expire
@@ -31,6 +31,7 @@ surtr IN MX 0 ymir.yggdrasil.li
31surtr IN TXT "v=spf1 redirect=yggdrasil.li" 31surtr IN TXT "v=spf1 redirect=yggdrasil.li"
32 32
33webdav IN CNAME surtr.yggdrasil.li. 33webdav IN CNAME surtr.yggdrasil.li.
34_acme-challenge.webdav IN NS ns.yggdrasil.li.
34 35
35ymir IN A 188.68.51.254 36ymir IN A 188.68.51.254
36ymir IN AAAA 2a03:4000:6:d004:: 37ymir IN AAAA 2a03:4000:6:d004::