diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2022-07-10 11:51:34 +0200 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2022-07-10 11:51:34 +0200 |
commit | ffac1727b92167ca6847b7ae3adc71f091d8048f (patch) | |
tree | 7ff9c375782d347d6ef3da3a3d02b7e39aad3c44 /hosts/surtr/dns | |
parent | 20e7a2a2544afd682f487327aa42d1899784db98 (diff) | |
download | nixos-ffac1727b92167ca6847b7ae3adc71f091d8048f.tar nixos-ffac1727b92167ca6847b7ae3adc71f091d8048f.tar.gz nixos-ffac1727b92167ca6847b7ae3adc71f091d8048f.tar.bz2 nixos-ffac1727b92167ca6847b7ae3adc71f091d8048f.tar.xz nixos-ffac1727b92167ca6847b7ae3adc71f091d8048f.zip |
...
Diffstat (limited to 'hosts/surtr/dns')
-rw-r--r-- | hosts/surtr/dns/default.nix | 2 | ||||
-rw-r--r-- | hosts/surtr/dns/keys/mta-sts.bouncy.email_acme.yaml | 26 | ||||
-rw-r--r-- | hosts/surtr/dns/zones/email.bouncy.soa | 10 |
3 files changed, 36 insertions, 2 deletions
diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix index 5b439a8f..808c56da 100644 --- a/hosts/surtr/dns/default.nix +++ b/hosts/surtr/dns/default.nix | |||
@@ -184,7 +184,7 @@ in { | |||
184 | addACLs = { "rheperire.org" = ["ymir_acme_acl"]; }; | 184 | addACLs = { "rheperire.org" = ["ymir_acme_acl"]; }; |
185 | } | 185 | } |
186 | { domain = "bouncy.email"; | 186 | { domain = "bouncy.email"; |
187 | acmeDomains = ["mailin.bouncy.email" "mailsub.bouncy.email" "imap.bouncy.email" "spm.bouncy.email" "bouncy.email"]; | 187 | acmeDomains = ["mailin.bouncy.email" "mailsub.bouncy.email" "imap.bouncy.email" "spm.bouncy.email" "mta-sts.bouncy.email" "bouncy.email"]; |
188 | } | 188 | } |
189 | ]} | 189 | ]} |
190 | ''; | 190 | ''; |
diff --git a/hosts/surtr/dns/keys/mta-sts.bouncy.email_acme.yaml b/hosts/surtr/dns/keys/mta-sts.bouncy.email_acme.yaml new file mode 100644 index 00000000..ee78810d --- /dev/null +++ b/hosts/surtr/dns/keys/mta-sts.bouncy.email_acme.yaml | |||
@@ -0,0 +1,26 @@ | |||
1 | { | ||
2 | "data": "ENC[AES256_GCM,data:MKHoCzI9odlwPov5Ci9r2IaFCCT7DhOB8EJIFNdgG8xLwdk67SkTQ3kMGXM52EDPWdZ6a90HyKVDgL3O2vl8wbRu49jAIxCYr4t3QhLserNpMikxvAqItivtJKvBL0ah8B4mbjEH1KLou8DZgpDPdL8s+MxTOuYuLBvu/LPGRyabhKVSXmSRIL1iYx7RShe6r2PxiHN6wPmISj9YcwuuWygQRxkEqpybjUQzJe8tYFzuJ19rIUCZ26hI+k3khtFVET4TnouQAdTYXx6I/t/8Q8P7oILPFq4c,iv:w85RawhDWoLtTpWcbHo8W7bXCMa6apQNa4pQLd/whZc=,tag:z3WELFieEDeP9Zrna5brfQ==,type:str]", | ||
3 | "sops": { | ||
4 | "kms": null, | ||
5 | "gcp_kms": null, | ||
6 | "azure_kv": null, | ||
7 | "hc_vault": null, | ||
8 | "age": null, | ||
9 | "lastmodified": "2022-07-10T09:38:55Z", | ||
10 | "mac": "ENC[AES256_GCM,data:w2Ir2YQgkH0+5jNFW7mHyFVW2VEh98ADI99v6e55U7jKdEn70oF8cv787kMHNqpbwYamO9pSAz14is5Po+n11MH0UxESuU0cE7tfvoaUDIDgHNFVENB9dlKrKmnzXyEbN0+p33EP+/QmKYu4yLGc8t33NqoeD7Mc2McnmXJUvm0=,iv:7N480RaBLjIBXWJZG76VzIEyxm2eIxOi9GoZbGm2H50=,tag:JceWZoMQMwqxTYBRMPRnzA==,type:str]", | ||
11 | "pgp": [ | ||
12 | { | ||
13 | "created_at": "2022-07-10T09:38:54Z", | ||
14 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAYwPoDNsPVr3pUAih0sMWoebzWi8KQk6nthYKrBvc5mAw\nnuAjBhLc6Tzr8/vf5JbYcPiopd4qgIbPwqW8KAK28EdAz1+VrfM/mpI3wy0lO2YT\n0l4BQBjlvteoUfgV3nYDVbma7hh78Ip7vn0ebzeYCXbGqfCmhZXuZVG9k9rQ+v5t\nenIL1aLxLOBZSbcuDF415MZvKndU5LoQdciVfsFrex8TVzrYKQ62dBr00uysEgTz\n=TPo8\n-----END PGP MESSAGE-----\n", | ||
15 | "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" | ||
16 | }, | ||
17 | { | ||
18 | "created_at": "2022-07-10T09:38:54Z", | ||
19 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAxFqsAJsqWvEmwQiLdSmcVP29dwQF9uLgGCwQCTtjuQYw\njFRrmwCYoCAMM0J7jExm6h7bVwy3pyGeIuya8X1sf6ZRJczGXvGwByK16kVdfgN2\n0l4BAlEaxS/5F6pMNJ0TMdYBMMGJWEa4H0xSE8DkF4Ep5bdxjaY3Pz09m8HWzJRA\nelshtXB8QcFLRG9BQRcPYd4ZEM+HqUCWF1C+7hBJ2SytDSHNZlXtxfd7ey3Jxg8+\n=oqf0\n-----END PGP MESSAGE-----\n", | ||
20 | "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" | ||
21 | } | ||
22 | ], | ||
23 | "unencrypted_suffix": "_unencrypted", | ||
24 | "version": "3.7.3" | ||
25 | } | ||
26 | } \ No newline at end of file | ||
diff --git a/hosts/surtr/dns/zones/email.bouncy.soa b/hosts/surtr/dns/zones/email.bouncy.soa index 77acee8b..271a061e 100644 --- a/hosts/surtr/dns/zones/email.bouncy.soa +++ b/hosts/surtr/dns/zones/email.bouncy.soa | |||
@@ -1,7 +1,7 @@ | |||
1 | $ORIGIN bouncy.email. | 1 | $ORIGIN bouncy.email. |
2 | $TTL 3600 | 2 | $TTL 3600 |
3 | @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( | 3 | @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( |
4 | 2022051500 ; serial | 4 | 2022071000 ; serial |
5 | 10800 ; refresh | 5 | 10800 ; refresh |
6 | 3600 ; retry | 6 | 3600 ; retry |
7 | 604800 ; expire | 7 | 604800 ; expire |
@@ -63,3 +63,11 @@ spm IN AAAA 2a03:4000:52:ada:: | |||
63 | spm IN MX 0 mailin.bouncy.email. | 63 | spm IN MX 0 mailin.bouncy.email. |
64 | spm IN TXT "v=spf1 redirect=bouncy.email" | 64 | spm IN TXT "v=spf1 redirect=bouncy.email" |
65 | _acme-challenge.spm IN NS ns.yggdrasil.li. | 65 | _acme-challenge.spm IN NS ns.yggdrasil.li. |
66 | |||
67 | _mta-sts IN TXT "v=STSv1; id=2022071000" | ||
68 | _smtp._tls IN TXT "v=TLSRPTv1; rua=mailto:postmaster@bouncy.email" | ||
69 | mta-sts IN A 202.61.241.61 | ||
70 | mta-sts IN AAAA 2a03:4000:52:ada:: | ||
71 | mta-sts IN MX 0 mailin.bouncy.email. | ||
72 | mta-sts IN TXT "v=spf1 redirect=bouncy.email" | ||
73 | _acme-challenge.mta-sts IN NS ns.yggdrasil.li. | ||