summaryrefslogtreecommitdiff
path: root/hosts/surtr/dns
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2022-07-10 11:51:34 +0200
committerGregor Kleen <gkleen@yggdrasil.li>2022-07-10 11:51:34 +0200
commitffac1727b92167ca6847b7ae3adc71f091d8048f (patch)
tree7ff9c375782d347d6ef3da3a3d02b7e39aad3c44 /hosts/surtr/dns
parent20e7a2a2544afd682f487327aa42d1899784db98 (diff)
downloadnixos-ffac1727b92167ca6847b7ae3adc71f091d8048f.tar
nixos-ffac1727b92167ca6847b7ae3adc71f091d8048f.tar.gz
nixos-ffac1727b92167ca6847b7ae3adc71f091d8048f.tar.bz2
nixos-ffac1727b92167ca6847b7ae3adc71f091d8048f.tar.xz
nixos-ffac1727b92167ca6847b7ae3adc71f091d8048f.zip
...
Diffstat (limited to 'hosts/surtr/dns')
-rw-r--r--hosts/surtr/dns/default.nix2
-rw-r--r--hosts/surtr/dns/keys/mta-sts.bouncy.email_acme.yaml26
-rw-r--r--hosts/surtr/dns/zones/email.bouncy.soa10
3 files changed, 36 insertions, 2 deletions
diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix
index 5b439a8f..808c56da 100644
--- a/hosts/surtr/dns/default.nix
+++ b/hosts/surtr/dns/default.nix
@@ -184,7 +184,7 @@ in {
184 addACLs = { "rheperire.org" = ["ymir_acme_acl"]; }; 184 addACLs = { "rheperire.org" = ["ymir_acme_acl"]; };
185 } 185 }
186 { domain = "bouncy.email"; 186 { domain = "bouncy.email";
187 acmeDomains = ["mailin.bouncy.email" "mailsub.bouncy.email" "imap.bouncy.email" "spm.bouncy.email" "bouncy.email"]; 187 acmeDomains = ["mailin.bouncy.email" "mailsub.bouncy.email" "imap.bouncy.email" "spm.bouncy.email" "mta-sts.bouncy.email" "bouncy.email"];
188 } 188 }
189 ]} 189 ]}
190 ''; 190 '';
diff --git a/hosts/surtr/dns/keys/mta-sts.bouncy.email_acme.yaml b/hosts/surtr/dns/keys/mta-sts.bouncy.email_acme.yaml
new file mode 100644
index 00000000..ee78810d
--- /dev/null
+++ b/hosts/surtr/dns/keys/mta-sts.bouncy.email_acme.yaml
@@ -0,0 +1,26 @@
1{
2 "data": "ENC[AES256_GCM,data:MKHoCzI9odlwPov5Ci9r2IaFCCT7DhOB8EJIFNdgG8xLwdk67SkTQ3kMGXM52EDPWdZ6a90HyKVDgL3O2vl8wbRu49jAIxCYr4t3QhLserNpMikxvAqItivtJKvBL0ah8B4mbjEH1KLou8DZgpDPdL8s+MxTOuYuLBvu/LPGRyabhKVSXmSRIL1iYx7RShe6r2PxiHN6wPmISj9YcwuuWygQRxkEqpybjUQzJe8tYFzuJ19rIUCZ26hI+k3khtFVET4TnouQAdTYXx6I/t/8Q8P7oILPFq4c,iv:w85RawhDWoLtTpWcbHo8W7bXCMa6apQNa4pQLd/whZc=,tag:z3WELFieEDeP9Zrna5brfQ==,type:str]",
3 "sops": {
4 "kms": null,
5 "gcp_kms": null,
6 "azure_kv": null,
7 "hc_vault": null,
8 "age": null,
9 "lastmodified": "2022-07-10T09:38:55Z",
10 "mac": "ENC[AES256_GCM,data:w2Ir2YQgkH0+5jNFW7mHyFVW2VEh98ADI99v6e55U7jKdEn70oF8cv787kMHNqpbwYamO9pSAz14is5Po+n11MH0UxESuU0cE7tfvoaUDIDgHNFVENB9dlKrKmnzXyEbN0+p33EP+/QmKYu4yLGc8t33NqoeD7Mc2McnmXJUvm0=,iv:7N480RaBLjIBXWJZG76VzIEyxm2eIxOi9GoZbGm2H50=,tag:JceWZoMQMwqxTYBRMPRnzA==,type:str]",
11 "pgp": [
12 {
13 "created_at": "2022-07-10T09:38:54Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAYwPoDNsPVr3pUAih0sMWoebzWi8KQk6nthYKrBvc5mAw\nnuAjBhLc6Tzr8/vf5JbYcPiopd4qgIbPwqW8KAK28EdAz1+VrfM/mpI3wy0lO2YT\n0l4BQBjlvteoUfgV3nYDVbma7hh78Ip7vn0ebzeYCXbGqfCmhZXuZVG9k9rQ+v5t\nenIL1aLxLOBZSbcuDF415MZvKndU5LoQdciVfsFrex8TVzrYKQ62dBr00uysEgTz\n=TPo8\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-07-10T09:38:54Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAxFqsAJsqWvEmwQiLdSmcVP29dwQF9uLgGCwQCTtjuQYw\njFRrmwCYoCAMM0J7jExm6h7bVwy3pyGeIuya8X1sf6ZRJczGXvGwByK16kVdfgN2\n0l4BAlEaxS/5F6pMNJ0TMdYBMMGJWEa4H0xSE8DkF4Ep5bdxjaY3Pz09m8HWzJRA\nelshtXB8QcFLRG9BQRcPYd4ZEM+HqUCWF1C+7hBJ2SytDSHNZlXtxfd7ey3Jxg8+\n=oqf0\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 }
22 ],
23 "unencrypted_suffix": "_unencrypted",
24 "version": "3.7.3"
25 }
26} \ No newline at end of file
diff --git a/hosts/surtr/dns/zones/email.bouncy.soa b/hosts/surtr/dns/zones/email.bouncy.soa
index 77acee8b..271a061e 100644
--- a/hosts/surtr/dns/zones/email.bouncy.soa
+++ b/hosts/surtr/dns/zones/email.bouncy.soa
@@ -1,7 +1,7 @@
1$ORIGIN bouncy.email. 1$ORIGIN bouncy.email.
2$TTL 3600 2$TTL 3600
3@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( 3@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. (
4 2022051500 ; serial 4 2022071000 ; serial
5 10800 ; refresh 5 10800 ; refresh
6 3600 ; retry 6 3600 ; retry
7 604800 ; expire 7 604800 ; expire
@@ -63,3 +63,11 @@ spm IN AAAA 2a03:4000:52:ada::
63spm IN MX 0 mailin.bouncy.email. 63spm IN MX 0 mailin.bouncy.email.
64spm IN TXT "v=spf1 redirect=bouncy.email" 64spm IN TXT "v=spf1 redirect=bouncy.email"
65_acme-challenge.spm IN NS ns.yggdrasil.li. 65_acme-challenge.spm IN NS ns.yggdrasil.li.
66
67_mta-sts IN TXT "v=STSv1; id=2022071000"
68_smtp._tls IN TXT "v=TLSRPTv1; rua=mailto:postmaster@bouncy.email"
69mta-sts IN A 202.61.241.61
70mta-sts IN AAAA 2a03:4000:52:ada::
71mta-sts IN MX 0 mailin.bouncy.email.
72mta-sts IN TXT "v=spf1 redirect=bouncy.email"
73_acme-challenge.mta-sts IN NS ns.yggdrasil.li.