diff options
| author | Gregor Kleen <gkleen@yggdrasil.li> | 2022-02-22 15:48:59 +0100 |
|---|---|---|
| committer | Gregor Kleen <gkleen@yggdrasil.li> | 2022-02-22 15:48:59 +0100 |
| commit | a7255ba16633d70c22e8bed75ae52c49f08e1c18 (patch) | |
| tree | 71f1cdc442efef13fe239e8694b4fe9bcc58b923 /hosts/surtr/dns | |
| parent | ef600c518e5fdb4962fdd4d4851413a024fa52f7 (diff) | |
| download | nixos-a7255ba16633d70c22e8bed75ae52c49f08e1c18.tar nixos-a7255ba16633d70c22e8bed75ae52c49f08e1c18.tar.gz nixos-a7255ba16633d70c22e8bed75ae52c49f08e1c18.tar.bz2 nixos-a7255ba16633d70c22e8bed75ae52c49f08e1c18.tar.xz nixos-a7255ba16633d70c22e8bed75ae52c49f08e1c18.zip | |
surtr: dns/tls: rfc2136
Diffstat (limited to 'hosts/surtr/dns')
| -rw-r--r-- | hosts/surtr/dns/Gupfile | 2 | ||||
| -rw-r--r-- | hosts/surtr/dns/default.nix | 137 | ||||
| -rw-r--r-- | hosts/surtr/dns/key.gup | 6 | ||||
| -rw-r--r-- | hosts/surtr/dns/keys/141.li_acme.yaml | 26 | ||||
| -rw-r--r-- | hosts/surtr/dns/keys/dirty-haskell.org_acme.yaml | 26 | ||||
| -rw-r--r-- | hosts/surtr/dns/keys/kleen.li_acme.yaml | 26 | ||||
| -rw-r--r-- | hosts/surtr/dns/keys/knot_local.yaml (renamed from hosts/surtr/dns/keys/local_key.yaml) | 0 | ||||
| -rw-r--r-- | hosts/surtr/dns/keys/nights.email_acme.yaml | 26 | ||||
| -rw-r--r-- | hosts/surtr/dns/keys/praseodym.org_acme.yaml | 26 | ||||
| -rw-r--r-- | hosts/surtr/dns/keys/xmpp.li_acme.yaml | 26 | ||||
| -rw-r--r-- | hosts/surtr/dns/keys/yggdrasil.li_acme.yaml | 26 | ||||
| -rw-r--r-- | hosts/surtr/dns/zones/email.nights.soa | 4 | ||||
| -rw-r--r-- | hosts/surtr/dns/zones/li.141.soa | 4 | ||||
| -rw-r--r-- | hosts/surtr/dns/zones/li.kleen.soa | 4 | ||||
| -rw-r--r-- | hosts/surtr/dns/zones/li.xmpp.soa | 4 | ||||
| -rw-r--r-- | hosts/surtr/dns/zones/li.yggdrasil.soa | 4 | ||||
| -rw-r--r-- | hosts/surtr/dns/zones/org.dirty-haskell.soa | 4 | ||||
| -rw-r--r-- | hosts/surtr/dns/zones/org.praseodym.soa | 4 |
18 files changed, 275 insertions, 80 deletions
diff --git a/hosts/surtr/dns/Gupfile b/hosts/surtr/dns/Gupfile new file mode 100644 index 00000000..ac96f620 --- /dev/null +++ b/hosts/surtr/dns/Gupfile | |||
| @@ -0,0 +1,2 @@ | |||
| 1 | key.gup: | ||
| 2 | keys/*.yaml \ No newline at end of file | ||
diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix index 5d55c815..57146d67 100644 --- a/hosts/surtr/dns/default.nix +++ b/hosts/surtr/dns/default.nix | |||
| @@ -3,15 +3,38 @@ | |||
| 3 | with lib; | 3 | with lib; |
| 4 | 4 | ||
| 5 | let | 5 | let |
| 6 | acmeChallengeZonefile = domain: let | 6 | reverseDomain = domain: concatStringsSep "." (reverseList (splitString "." domain)); |
| 7 | reverseDomain = concatStringsSep "." (reverseList (["_acme-challenge"] ++ splitString "." domain)); | 7 | |
| 8 | in pkgs.writeText "${reverseDomain}.zone" '' | 8 | acmeChallengeZonefile = domain: pkgs.writeText "${reverseDomain "_acme-challenge.${domain}"}.soa" '' |
| 9 | $ORIGIN _acme-challenge.${domain}. | 9 | $ORIGIN _acme-challenge.${domain}. |
| 10 | $TTL 3600 | 10 | $TTL 3600 |
| 11 | @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. 2022022103 10800 3600 604800 30 | 11 | @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. 2022022103 10800 3600 604800 30 |
| 12 | 12 | ||
| 13 | IN NS ns.yggdrasil.li. | 13 | IN NS ns.yggdrasil.li. |
| 14 | ''; | 14 | ''; |
| 15 | |||
| 16 | knotKeys = let | ||
| 17 | dir = ./keys; | ||
| 18 | toKeyInfo = name: v: | ||
| 19 | if v == "regular" || v == "symlink" | ||
| 20 | then { path = dir + "/${name}"; inherit name; } | ||
| 21 | else null; | ||
| 22 | in filter (v: v != null) (mapAttrsToList toKeyInfo (builtins.readDir dir)); | ||
| 23 | |||
| 24 | indentString = indentation: str: concatMapStringsSep "\n" (str: " ${str}") (splitString "\n" (removeSuffix "\n" str)); | ||
| 25 | |||
| 26 | mkZone = {domain, path ? (./zones + "/${reverseDomain domain}.soa"), acmeDomains ? [domain]}: indentString " " '' | ||
| 27 | - domain: ${domain} | ||
| 28 | template: inwx_zone | ||
| 29 | ${optionalString (acmeDomains != []) "acl: [local_acl, inwx_acl]"} | ||
| 30 | file: ${path} | ||
| 31 | ${concatMapStringsSep "\n" (acmeDomain: '' | ||
| 32 | - domain: _acme-challenge.${acmeDomain} | ||
| 33 | template: acme_zone | ||
| 34 | acl: [${assert (config.sops.secrets ? "${acmeDomain}_acme.yaml"); "${acmeDomain}_acme_acl"}] | ||
| 35 | file: ${acmeChallengeZonefile acmeDomain} | ||
| 36 | '') acmeDomains} | ||
| 37 | ''; | ||
| 15 | in { | 38 | in { |
| 16 | config = { | 39 | config = { |
| 17 | fileSystems."/var/lib/knot" = | 40 | fileSystems."/var/lib/knot" = |
| @@ -23,11 +46,7 @@ in { | |||
| 23 | 46 | ||
| 24 | services.knot = { | 47 | services.knot = { |
| 25 | enable = true; | 48 | enable = true; |
| 26 | keyFiles = [ | 49 | keyFiles = map ({name, ...}: config.sops.secrets.${name}.path) knotKeys; |
| 27 | config.sops.secrets."rheperire.org_acme_key.yaml".path | ||
| 28 | config.sops.secrets."webdav.141.li_acme_key.yaml".path | ||
| 29 | config.sops.secrets."knot_local_key.yaml".path | ||
| 30 | ]; | ||
| 31 | extraConfig = '' | 50 | extraConfig = '' |
| 32 | server: | 51 | server: |
| 33 | listen: 127.0.0.1@53 | 52 | listen: 127.0.0.1@53 |
| @@ -48,16 +67,23 @@ in { | |||
| 48 | - id: inwx_acl | 67 | - id: inwx_acl |
| 49 | address: 185.181.104.96 | 68 | address: 185.181.104.96 |
| 50 | action: transfer | 69 | action: transfer |
| 51 | - id: rheperire.org_acme_acl | ||
| 52 | key: rheperire.org_acme_key | ||
| 53 | action: update | ||
| 54 | - id: webdav.141.li_acme_acl | ||
| 55 | key: webdav.141.li_acme_key | ||
| 56 | action: update | ||
| 57 | - id: local_acl | 70 | - id: local_acl |
| 58 | key: local_key | 71 | key: local_key |
| 59 | action: update | 72 | action: update |
| 60 | update-type: DS | 73 | update-type: DS |
| 74 | ${let | ||
| 75 | toACMEACL = { name, ... }: | ||
| 76 | if hasSuffix "_acme.yaml" name | ||
| 77 | then | ||
| 78 | let | ||
| 79 | base = removeSuffix ".yaml" name; | ||
| 80 | in indentString " " '' | ||
| 81 | - id: ${base}_acl | ||
| 82 | key: ${base}_key | ||
| 83 | action: update | ||
| 84 | '' | ||
| 85 | else null; | ||
| 86 | in concatStringsSep "\n" (filter (v: v != null) (map toACMEACL knotKeys))} | ||
| 61 | 87 | ||
| 62 | mod-rrl: | 88 | mod-rrl: |
| 63 | - id: default | 89 | - id: default |
| @@ -124,68 +150,33 @@ in { | |||
| 124 | dnssec-policy: ed25519_local-push | 150 | dnssec-policy: ed25519_local-push |
| 125 | 151 | ||
| 126 | zone: | 152 | zone: |
| 127 | - domain: yggdrasil.li | 153 | ${concatMapStringsSep "\n" mkZone [ |
| 128 | template: inwx_zone | 154 | { domain = "yggdrasil.li"; |
| 129 | file: ${./zones/li.yggdrasil.soa} | 155 | } |
| 130 | 156 | { domain = "nights.email"; | |
| 131 | - domain: nights.email | 157 | } |
| 132 | template: inwx_zone | 158 | { domain = "141.li"; |
| 133 | file: ${./zones/email.nights.soa} | 159 | acmeDomains = ["webdav.141.li" "141.li"]; |
| 134 | 160 | } | |
| 135 | - domain: 141.li | 161 | { domain = "kleen.li"; |
| 136 | template: inwx_zone | 162 | } |
| 137 | acl: [local_acl, inwx_acl] | 163 | { domain = "xmpp.li"; |
| 138 | file: ${./zones/li.141.soa} | 164 | } |
| 139 | - domain: _acme-challenge.webdav.141.li | 165 | { domain = "dirty-haskell.org"; |
| 140 | template: acme_zone | 166 | } |
| 141 | acl: [webdav.141.li_acme_acl] | 167 | { domain = "praseodym.org"; |
| 142 | file: ${acmeChallengeZonefile "webdav.141.li"} | 168 | } |
| 143 | 169 | { domain = "rheperire.org"; | |
| 144 | - domain: kleen.li | 170 | } |
| 145 | template: inwx_zone | 171 | ]} |
| 146 | file: ${./zones/li.kleen.soa} | ||
| 147 | |||
| 148 | - domain: xmpp.li | ||
| 149 | template: inwx_zone | ||
| 150 | file: ${./zones/li.xmpp.soa} | ||
| 151 | |||
| 152 | - domain: dirty-haskell.org | ||
| 153 | template: inwx_zone | ||
| 154 | file: ${./zones/org.dirty-haskell.soa} | ||
| 155 | |||
| 156 | - domain: praseodym.org | ||
| 157 | template: inwx_zone | ||
| 158 | file: ${./zones/org.praseodym.soa} | ||
| 159 | |||
| 160 | - domain: rheperire.org | ||
| 161 | template: inwx_zone | ||
| 162 | acl: [local_acl, inwx_acl] | ||
| 163 | file: ${./zones/org.rheperire.soa} | ||
| 164 | - domain: _acme-challenge.rheperire.org | ||
| 165 | template: acme_zone | ||
| 166 | acl: [rheperire.org_acme_acl] | ||
| 167 | file: ${acmeChallengeZonefile "rheperire.org"} | ||
| 168 | ''; | 172 | ''; |
| 169 | }; | 173 | }; |
| 170 | 174 | ||
| 171 | sops.secrets = { | 175 | sops.secrets = listToAttrs (map ({name, path}: nameValuePair name { |
| 172 | "rheperire.org_acme_key.yaml" = { | 176 | format = "binary"; |
| 173 | format = "binary"; | 177 | owner = "knot"; |
| 174 | owner = "knot"; | 178 | sopsFile = path; |
| 175 | sopsFile = ./keys/rheperire.org_acme.yaml; | 179 | }) knotKeys); |
| 176 | }; | ||
| 177 | "webdav.141.li_acme_key.yaml" = { | ||
| 178 | format = "binary"; | ||
| 179 | owner = "knot"; | ||
| 180 | sopsFile = ./keys/webdav.141.li_acme.yaml; | ||
| 181 | }; | ||
| 182 | "knot_local_key.yaml" = { | ||
| 183 | format = "binary"; | ||
| 184 | owner = "knot"; | ||
| 185 | sopsFile = ./keys/local_key.yaml; | ||
| 186 | }; | ||
| 187 | }; | ||
| 188 | |||
| 189 | 180 | ||
| 190 | fileSystems."/var/lib/unbound" = | 181 | fileSystems."/var/lib/unbound" = |
| 191 | { device = "surtr/local/var-lib-unbound"; | 182 | { device = "surtr/local/var-lib-unbound"; |
diff --git a/hosts/surtr/dns/key.gup b/hosts/surtr/dns/key.gup new file mode 100644 index 00000000..32d4f7d6 --- /dev/null +++ b/hosts/surtr/dns/key.gup | |||
| @@ -0,0 +1,6 @@ | |||
| 1 | #!/usr/bin/env zsh | ||
| 2 | |||
| 3 | keyName=${${2:t}%.yaml}_key | ||
| 4 | |||
| 5 | keymgr -t ${keyName} > $1 | ||
| 6 | sops -p '7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8,30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51' --input-type=binary --output-type=binary -e -i $1 \ No newline at end of file | ||
diff --git a/hosts/surtr/dns/keys/141.li_acme.yaml b/hosts/surtr/dns/keys/141.li_acme.yaml new file mode 100644 index 00000000..77fbc4b2 --- /dev/null +++ b/hosts/surtr/dns/keys/141.li_acme.yaml | |||
| @@ -0,0 +1,26 @@ | |||
| 1 | { | ||
| 2 | "data": "ENC[AES256_GCM,data:2y3A/KCH2X8T/g9gVhNQuAHvorebyKnfAZc+kJE5hL06l7xieJsxpj7DBbWjh5y7Ae2fBNMFA1tU9Ig6S3qvjzxlCNQWSpq05GBTiU2AdUDWwn52gztEvNLEpFsdUDyUYZSPLy82dFckyegWuoBQbGe6vOPdXyM4aPCIuj3fp18A6cNSRp4YyERL/JoveLRQYFJUpV5Xr9JyNHj/4hDfikJJMG1OeKqCyeK5BTs6XbLN+70UO7R+orlh2F0=,iv:04N7t7lf0CG6Qbj3VqHmL9l+hl4PK6vahEHq8qJmjOs=,tag:x4H/oiDjvE/NzMKSeMO2NQ==,type:str]", | ||
| 3 | "sops": { | ||
| 4 | "kms": null, | ||
| 5 | "gcp_kms": null, | ||
| 6 | "azure_kv": null, | ||
| 7 | "hc_vault": null, | ||
| 8 | "age": null, | ||
| 9 | "lastmodified": "2022-02-22T14:12:08Z", | ||
| 10 | "mac": "ENC[AES256_GCM,data:At6rzhjC4EbtTjMaw44WKYNuT2XRniZpDAXGskxi9HW/xIQFghcWlgzXaddev5BUMkitz93gFCFD02YJOzOC12GXjDksoHGtvHKbxmodIgHTbhkXFYLe1JoFPrF14NsiIOmmoqcbrn03+iinNehkbJ2wXEkGyev4IMacQGqV7q0=,iv:7j26jeRvgBrnJRVHYay+3wug+IjOIpjFWLiccXD6Z8A=,tag:esnZH7MLQnqkxNVPdwmx8Q==,type:str]", | ||
| 11 | "pgp": [ | ||
| 12 | { | ||
| 13 | "created_at": "2022-02-22T14:12:08Z", | ||
| 14 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAvU6MNSb8ky78bJfnRRx14o4rA7Ezylbtc6cFUG+eGAow\nPvRGLI3qm36sDYXo6OHKS9A5DTxIQlQHQqj9U4CHGU/w4X8pCN2ulHkAh767DXV9\n0l4BHa/JTXNklF78vY3zUkySrIueA0QZXvmda2pcd3mO3M78J7812X9jCZ8LwrXz\nR3Wp77iQXW/0Tq83DMEkFwYmueFfZsCtRxQBL5f4NlyuLZizDb2s8YZzeRICz5w3\n=X6zh\n-----END PGP MESSAGE-----\n", | ||
| 15 | "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" | ||
| 16 | }, | ||
| 17 | { | ||
| 18 | "created_at": "2022-02-22T14:12:08Z", | ||
| 19 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAIbKybblH4bBEhKyup4r+KzKdHLZhBmR79o5A2DdD1mAw\n4KVInlvs+LAFksp1oCqSLd3r1foM3/QOrDdB1ExwTXrxlTgk/qM9eTXT4gIdXwt3\n0l4B5rqrDzCwp3DE2dC+UuBFB9g9YtF77xpfOFfcGLB3fKsPYEvrK6MwGMJqUtoI\nq19d8Cf/mir0mlYHBN+Vez/8jFi0HmrLlphhf4m0l0/6XNLdRbuSpb5T20ecJM2L\n=nRup\n-----END PGP MESSAGE-----\n", | ||
| 20 | "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" | ||
| 21 | } | ||
| 22 | ], | ||
| 23 | "unencrypted_suffix": "_unencrypted", | ||
| 24 | "version": "3.7.1" | ||
| 25 | } | ||
| 26 | } \ No newline at end of file | ||
diff --git a/hosts/surtr/dns/keys/dirty-haskell.org_acme.yaml b/hosts/surtr/dns/keys/dirty-haskell.org_acme.yaml new file mode 100644 index 00000000..0037910f --- /dev/null +++ b/hosts/surtr/dns/keys/dirty-haskell.org_acme.yaml | |||
| @@ -0,0 +1,26 @@ | |||
| 1 | { | ||
| 2 | "data": "ENC[AES256_GCM,data:Jxsg5dW3bhJKRHvigf9F5xkp+KdOd8OKibc1rKrqzwUPZcdebpzijFQMA5hRHwTJKdoqmk/aWosmqfBgmrUr9lrDQH2g1IzLoLYxLc8ssUuH9T4lLDMkSRa3PjL0jpW5ezDSb2omhE4EAJvRZF2nn1VC/IhKNCpY4oI/bLCt6unPiVYMi1ot+9JAl+9eRJS5UIYWp1DC/0oi8Uv6Ci3VwLmOFg1I/YcvXDkNdi0QpcGH3Ok241/O0HiOSboOfqCIwTy5v4P+Poko3dl9t3SkZK65,iv:HC+PzqqLgLWGijHYDC6MvIaB8T/sI1c6vTCf10DApFg=,tag:75fmY73TKw6bNz/xJp8q0A==,type:str]", | ||
| 3 | "sops": { | ||
| 4 | "kms": null, | ||
| 5 | "gcp_kms": null, | ||
| 6 | "azure_kv": null, | ||
| 7 | "hc_vault": null, | ||
| 8 | "age": null, | ||
| 9 | "lastmodified": "2022-02-22T14:20:35Z", | ||
| 10 | "mac": "ENC[AES256_GCM,data:pbKzZIor1lRxI20O4yi+h2Vk6yOL1MtTstx5A4Byul06uZiGMrNMFyBaVvGbb8evch9ptYm4TNiWZ3T8xHYTwy4HGV5HgOOqY2vJNwTSJ6Yi0F34UCQMIPnXHT/sqL+T1/etV5zY1eQhH6L7lXPtIh7TiYhV8o5y7tpSwhq2RUY=,iv:ZYhhncJv4AOkKDon/DIAYJUgDN4C/iVyukMDaqzu3k8=,tag:v2U/hTaRxk47UG+E6D4ExQ==,type:str]", | ||
| 11 | "pgp": [ | ||
| 12 | { | ||
| 13 | "created_at": "2022-02-22T14:20:35Z", | ||
| 14 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdA/I9pk6iikcFckUsUigf3MJSL1JN6HHUIG/PKeOoEMx4w\n6MoYrjveZeXJbQLJHEVwkanElOfmb7jNFfDQntu6VIEwxvb2vdFDY43JgX6SAuLf\n0l4BvsQcSIPm/3jZu14kLjZgK/S6wrQKbUmymLVQSADwYP2sq+u710bYnRk/QxGG\nRwo82yKyBAZ+EK4DWxB6VtAry8LBYlKY8uhJ17f1/95tc+GeuHEEqzcllz+le67l\n=AxIv\n-----END PGP MESSAGE-----\n", | ||
| 15 | "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" | ||
| 16 | }, | ||
| 17 | { | ||
| 18 | "created_at": "2022-02-22T14:20:35Z", | ||
| 19 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdACQne60rRG40kMku2GFVQhsrpa3RLAgjJGt2oPKrkgQ0w\nVWHpGyfpg0urSkS7+qecfhqeKAkaQ6CF2F6w2fCgn6Xdw28vs4pro1lHWhwYD+XT\n0l4BtxoVpKHysoL4qO9dQLjwAjHAcYnMPaNONIQMvU8DNrJ9ZiHkzJZPNQOeYL97\nEJCWUkR7V0OP8syMIKy37ii3l2aJd58w1DUd90BwvBrv5JBbNxIPalhZKULWI96U\n=dovS\n-----END PGP MESSAGE-----\n", | ||
| 20 | "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" | ||
| 21 | } | ||
| 22 | ], | ||
| 23 | "unencrypted_suffix": "_unencrypted", | ||
| 24 | "version": "3.7.1" | ||
| 25 | } | ||
| 26 | } \ No newline at end of file | ||
diff --git a/hosts/surtr/dns/keys/kleen.li_acme.yaml b/hosts/surtr/dns/keys/kleen.li_acme.yaml new file mode 100644 index 00000000..18122f48 --- /dev/null +++ b/hosts/surtr/dns/keys/kleen.li_acme.yaml | |||
| @@ -0,0 +1,26 @@ | |||
| 1 | { | ||
| 2 | "data": "ENC[AES256_GCM,data:ClN4TVWJoCYh6Rl/Vp+x+jPlIDkkz9SV7qzLBenjPDviIzkBqGmNwySsV5Dy/uxbrmNkc+C4sYkv+5H+3O7R1fWwTDlZuiWpd+lAJrco9f8CjyZku2RQi1UfP31z+/nAKo4wSy22++UfLmYR5NGWWB6pbfm/KL27vC75RNOvPZXhOBxxl5imObdY6i3cJ7A5e9PsbR7qZq+gFBtq7IisSHD1sDvpiOAcstKo8ITsZ5bXCYmrFiJ41LJNSINN+/mE,iv:a/T6pQGuDW3qBzr2y0GrPyeoMRlCI0VvKUZJQFGYTew=,tag:2rL3o/L+xYAsP/vWbWFsOw==,type:str]", | ||
| 3 | "sops": { | ||
| 4 | "kms": null, | ||
| 5 | "gcp_kms": null, | ||
| 6 | "azure_kv": null, | ||
| 7 | "hc_vault": null, | ||
| 8 | "age": null, | ||
| 9 | "lastmodified": "2022-02-22T14:43:57Z", | ||
| 10 | "mac": "ENC[AES256_GCM,data:KGOS17/BCjGbzBXOAJav9aAs1d0ymAISoAu14nGCVdxLrhySM+sRgoo7XO3kG5xCfIn7dJGMhC5vIyLoHLl7il0FuSjhFztr1AvSAvmb09CaQksj/KTSXk3N+Tp2++Lvn8xPtNGcYTu/pK+0WLC2jt52KcbsXTVRSMtZO59+ekg=,iv:l2tcVM8c1HkJ5W4rc8ZPffx5fzAKcn7IjgjU3zxSpdE=,tag:KRabrd9nNhqmN/2YtzzPig==,type:str]", | ||
| 11 | "pgp": [ | ||
| 12 | { | ||
| 13 | "created_at": "2022-02-22T14:43:57Z", | ||
| 14 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAyCmRdezTNHo04OWMJRfeOfkNwA8iN5ORlR4MSnxHvi8w\n5qxpEl+NtPyGunAOm58zc6Ai8+2yuXsCGoTVDar5jL1poNgYMecwCHkMopYBOreC\n0l4BcGGs4AkKTzqEU/tBe4YKqp/6QBZ3N0giPeGWedA248Vnz9Lq9eHynhCkCB1O\n8y0wUf6159s+00MEaMlAHODPKetBTve2xa8W+6OvQqIYSxaaTJ01cI9n1deYSa1e\n=ke67\n-----END PGP MESSAGE-----\n", | ||
| 15 | "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" | ||
| 16 | }, | ||
| 17 | { | ||
| 18 | "created_at": "2022-02-22T14:43:57Z", | ||
| 19 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAPlaZrCGl5FDZ3v+RG62I/FfyPA+qTepdegSTFo6m+lgw\nyEacJxkCO28hMsFgHhLXRveP7tKrWt7WAi91rU8j1LFrTLGV6PogA+jLGbAJeBQI\n0l4B8UDf/vNK7d1cWeScOO7a4HPsJ9jQDxEk3JB1c5funVqbK3h8HUMmbtbBABXF\n9ga0Ra4UC9s3pLUz8ykMQ5C/GCCd446HDHLbi9daXVTTGMnlkXhSgyA7VvCWUjnL\n=mwTD\n-----END PGP MESSAGE-----\n", | ||
| 20 | "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" | ||
| 21 | } | ||
| 22 | ], | ||
| 23 | "unencrypted_suffix": "_unencrypted", | ||
| 24 | "version": "3.7.1" | ||
| 25 | } | ||
| 26 | } \ No newline at end of file | ||
diff --git a/hosts/surtr/dns/keys/local_key.yaml b/hosts/surtr/dns/keys/knot_local.yaml index a170ff72..a170ff72 100644 --- a/hosts/surtr/dns/keys/local_key.yaml +++ b/hosts/surtr/dns/keys/knot_local.yaml | |||
diff --git a/hosts/surtr/dns/keys/nights.email_acme.yaml b/hosts/surtr/dns/keys/nights.email_acme.yaml new file mode 100644 index 00000000..5bf19aa9 --- /dev/null +++ b/hosts/surtr/dns/keys/nights.email_acme.yaml | |||
| @@ -0,0 +1,26 @@ | |||
| 1 | { | ||
| 2 | "data": "ENC[AES256_GCM,data:HAAFVb+g52gyAhYLsuqsVI4rPyl+jRTGm41Pf+AOykWK9cythHSTiUeCJGKQMvmSqjsCFqwswJWaFwz9qbSzGcrcI3CVLpjbi++x9sv5xhV+bSX9ROqpNSOtgHp08irgCST+rFXtwj7VX3SYZnV8NyEPzyk8ztPBZpn0VHIt7tS+t/oT7GHqhe0c4Ct8FXVzEkfBC28CQdJaJw4m1ZSE00Lm/sFj0On2y2BZfMhq4a3SnE1ktZNVHyBbCdVrMs83Zjq09DBSLDo=,iv:iRR3JPrl0sGij4WUNRaFna9ijKfeIPZusAiCYuS/faw=,tag:+txhhwlBbzncdUhRd0b2Ew==,type:str]", | ||
| 3 | "sops": { | ||
| 4 | "kms": null, | ||
| 5 | "gcp_kms": null, | ||
| 6 | "azure_kv": null, | ||
| 7 | "hc_vault": null, | ||
| 8 | "age": null, | ||
| 9 | "lastmodified": "2022-02-22T14:44:08Z", | ||
| 10 | "mac": "ENC[AES256_GCM,data:zsV4ZC/+H0d5EVRsGy7niGAXjhw9iEJ2IIT3ED8OaYd/TNDu/pCyCH5YvSnCGfi8/d4caaCUhUUKMCz8SG46lmvVPqHz516MfS2/lp21py8LhGuHReeAa6/xFrbBDmuECiY7RHv8tm8VnwQHOlZNFUpCIJufeZQUoAcYPXW+L7s=,iv:1wq8YlBhnzV6fofpA1QfX4mDcxJyzQUv+HphyjsvzcA=,tag:CEZIlqv0VfyKkFLxH3VK+A==,type:str]", | ||
| 11 | "pgp": [ | ||
| 12 | { | ||
| 13 | "created_at": "2022-02-22T14:44:08Z", | ||
| 14 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdA4RV9j0rSlCLozIMcNjo3GokziWshqVqu1WWuPDPpimMw\nZs/OH5ejj7cLMl/BddTZ8AAUrjAskRj3aqwYAt+BBc8dZYFVcuRuZzSGGSkMy6VN\n0l4BCBTyyU21D0uv6EEzqG4yiiOfs5JZmny3B7wMc0qh1vK4qClF4IUPmEvEpGuR\nTBOICnfuenUaDktMHixqgXFKx7SSF+8Qs0anlSP6OG8s2G82I2f2cN7lozdgGppG\n=WZxx\n-----END PGP MESSAGE-----\n", | ||
| 15 | "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" | ||
| 16 | }, | ||
| 17 | { | ||
| 18 | "created_at": "2022-02-22T14:44:08Z", | ||
| 19 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAAgoEDDUeIWqxm64kZ3DLaki5V5MFF3c7Kl/TbbmoKSww\nlZyHJtSACTrwfGBMAN+1NSKkTLTlE/q2FN7CtjfTyAWC0JLU9r3u5FVpQAXbBlht\n0l4BN8jltnkwlgw/CkKoq9rDHxfavDjfNBuSp4+8gzHj5XAvrKZKRWu0/T9LCr2A\nEon5f4kkjm99fiZVbojhjMM9drUrpaiofzMGvZeYgESRSmhTeLa1Qu6u7wb9ARkl\n=fqR3\n-----END PGP MESSAGE-----\n", | ||
| 20 | "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" | ||
| 21 | } | ||
| 22 | ], | ||
| 23 | "unencrypted_suffix": "_unencrypted", | ||
| 24 | "version": "3.7.1" | ||
| 25 | } | ||
| 26 | } \ No newline at end of file | ||
diff --git a/hosts/surtr/dns/keys/praseodym.org_acme.yaml b/hosts/surtr/dns/keys/praseodym.org_acme.yaml new file mode 100644 index 00000000..ab0000c9 --- /dev/null +++ b/hosts/surtr/dns/keys/praseodym.org_acme.yaml | |||
| @@ -0,0 +1,26 @@ | |||
| 1 | { | ||
| 2 | "data": "ENC[AES256_GCM,data:c2hvYDv13AuxudKvGtbSYngACzJroxw9P98N/a8p9wB3K98vPY60JTVMxZkPQTbJGGCbi+FfqnezVSHNiSYtrD7RMeoh+BbOXfrWCkPUQ8vKP0P0F6CO3K3orFSckeSgi/NrkO9OD+8m2y19QGkgxd+BNs8KjCSYWruyt3kCuDvDN26vQY9AWD6HcPr/trDEY5uepQwjJFL4mT9JGGB5/B7G0d6VA61soJxVTdxp8oCzRGcSjaVoPlr77A8GDOJfFYviVfniLqZc6Q==,iv:MqhPxouSV5nQWXptSlINyW+AB5pwUVnSFT6R0+VZO0c=,tag:4p0wypyqWRk+ussoi9OXPw==,type:str]", | ||
| 3 | "sops": { | ||
| 4 | "kms": null, | ||
| 5 | "gcp_kms": null, | ||
| 6 | "azure_kv": null, | ||
| 7 | "hc_vault": null, | ||
| 8 | "age": null, | ||
| 9 | "lastmodified": "2022-02-22T14:43:36Z", | ||
| 10 | "mac": "ENC[AES256_GCM,data:YqS+uQXyBP0BMdz9R/SxjidSo7pVUFW78M8cPX6z55+j1gGKfDhEwQMUNZaGly1bvoma+a63NjUi4O4iEYR46fC3PUsVaf8S3Uqk0KYWIedDr9XqAxPBnb6wWFrNo4wwgq2mhaIitziK1QC6pdAgS/iNlGNNbCCbYmjzMLzQc8Q=,iv:BraowcHMeSQfImK1sONbefGIn2VWVGzLBBFLDwYGf10=,tag:oXvnGalny9kvvQpKMx8OcA==,type:str]", | ||
| 11 | "pgp": [ | ||
| 12 | { | ||
| 13 | "created_at": "2022-02-22T14:43:36Z", | ||
| 14 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAWVg759WL5YeSVLnx4g7PlD0DKo1+zBiZUOgnf9RHnl4w\n5wLTfTaYvXhd8j8y359dbvDER4r9isbpBfVZP+MGP4d3FdLgJCKm5WV6K5ES0bFN\n0l4BUX/KQeh0t/Phy2GZkmFyKu+3nr5Jl+veKIWJLZEfUCILX8c+X3e/4bZr8++n\nR2u5ZrFBENtaGxIdUpkxemQhGtd7BGtXyy/aCjRKY3MbCj4pmnAyushPaMC1+igp\n=LMQ4\n-----END PGP MESSAGE-----\n", | ||
| 15 | "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" | ||
| 16 | }, | ||
| 17 | { | ||
| 18 | "created_at": "2022-02-22T14:43:36Z", | ||
| 19 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAxpKmbaTfh5aDBOZWebVK/eA3T5sxS5fbW+cE/I54zF0w\ne0QDeamgTVrMQaDH1zCqoJcFNNkWnTErQVaOMSDBlwuFQ7KaoghONl8qCbY60MuI\n0l4Bt++Iu5e3bOLOkdl+RugclmGHpdpHAuJxbcnw88BKV/gYX1ntNEGgMHGcOl4R\nC8JjHYFdOtohPAUEbWf1ogkllwxxkCttWGFa01hL6W+ogJxGFhRcOm/zcjBE/3Vm\n=MKMA\n-----END PGP MESSAGE-----\n", | ||
| 20 | "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" | ||
| 21 | } | ||
| 22 | ], | ||
| 23 | "unencrypted_suffix": "_unencrypted", | ||
| 24 | "version": "3.7.1" | ||
| 25 | } | ||
| 26 | } \ No newline at end of file | ||
diff --git a/hosts/surtr/dns/keys/xmpp.li_acme.yaml b/hosts/surtr/dns/keys/xmpp.li_acme.yaml new file mode 100644 index 00000000..7d85bd25 --- /dev/null +++ b/hosts/surtr/dns/keys/xmpp.li_acme.yaml | |||
| @@ -0,0 +1,26 @@ | |||
| 1 | { | ||
| 2 | "data": "ENC[AES256_GCM,data:kivOcI972j/fbloZCjH+nD9mBnk5s25NA+WDud3Hhfk3C70GhGKQaTHgnNIH11z9Pst4DX4liAvFjCzGP/sUGQuJmEfIHKckAOMrz8m5796fUIAZjrH36/NwB7Ytk2pYKy3lGZgO+CAxDvH/pzxD6WQPoVrgnyM3rjw7rgKLTMr94mp8ui9j4DdIwScwyWhOit8WrivDVwnNOz8GpxI45qogyeYMRESfeka3brzXVJ871nLjhbokcrKsja7Yiw==,iv:HkS/b5YjJ7iS4hYIOl5DACf9g2zoTO7cEIKdocKzWpo=,tag:HFLzoTJu+i6nmT9NNC6NAg==,type:str]", | ||
| 3 | "sops": { | ||
| 4 | "kms": null, | ||
| 5 | "gcp_kms": null, | ||
| 6 | "azure_kv": null, | ||
| 7 | "hc_vault": null, | ||
| 8 | "age": null, | ||
| 9 | "lastmodified": "2022-02-22T14:43:10Z", | ||
| 10 | "mac": "ENC[AES256_GCM,data:RQ9MBn/V8k41ax6KKlCmtCwlVMBsSzYtsG1zpwIutmuWRb39n2v/1oolW3hRkagSS7Q2Nu03d7L09KntAv77yjFKRYwMI3CFqU1JTsKYmW8c3ggTMS9RXFme+tAk85Wl33QzCnIYgI071tgmnlzct8yimh/oR2XyvMrMXm6IsbI=,iv:I6Dxhv0Up7LVUZ7j7SD3gCsiqsCYh3N0GtMuxnMcctg=,tag:I5OqFU1WPBM/m/6OPpUdow==,type:str]", | ||
| 11 | "pgp": [ | ||
| 12 | { | ||
| 13 | "created_at": "2022-02-22T14:43:10Z", | ||
| 14 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdANreqp4K9J56f70slxXnpJfHu5evjcVByLbHVYav0FlMw\n17qsPAAo4F0mj0zatV5EfnfYuNSsXR3j/9YocSHcMvBVzLsYdtV61fVtSrHiLt2a\n0lwBTfysYjor4J5h7G6ew7f1zicup3t9/ZPT2Q5fneRukpKExyM8o2ldjjRW7bq3\nt9kbihbTtB2t6k4iZUQRoYsfBKcM3hHeszv2W0xN9yOa/C5M8mOGNDJi48dEDQ==\n=3MEN\n-----END PGP MESSAGE-----\n", | ||
| 15 | "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" | ||
| 16 | }, | ||
| 17 | { | ||
| 18 | "created_at": "2022-02-22T14:43:10Z", | ||
| 19 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdARVdKf6ppaqBQnaJ7WhwBPcdnbmjom9aNrXtymThq3TEw\nnjH6Emd1QLBaXGr1Eb7RNzrWkrU1P+n3ihLEvW0easkceRv8T3+xID1E/+6R06JK\n0lwBw53C9ExWPpy8CUGs6HeOK901cRRV6XWErHXF4QVSoqhNXjjJTzUmf+7zxKnR\npCZL0HOykPazHmkZHcKvkGSKoEiDmK/wStQwHoO+pLGbUvbsCX+GMlYV6ySljw==\n=RPEC\n-----END PGP MESSAGE-----\n", | ||
| 20 | "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" | ||
| 21 | } | ||
| 22 | ], | ||
| 23 | "unencrypted_suffix": "_unencrypted", | ||
| 24 | "version": "3.7.1" | ||
| 25 | } | ||
| 26 | } \ No newline at end of file | ||
diff --git a/hosts/surtr/dns/keys/yggdrasil.li_acme.yaml b/hosts/surtr/dns/keys/yggdrasil.li_acme.yaml new file mode 100644 index 00000000..0eb8f2f4 --- /dev/null +++ b/hosts/surtr/dns/keys/yggdrasil.li_acme.yaml | |||
| @@ -0,0 +1,26 @@ | |||
| 1 | { | ||
| 2 | "data": "ENC[AES256_GCM,data:QhWlBM7VZOagGaQICX31aaC69E00xUcVMvusxLLSz4mNy2B0l1Ngp7XGONI5+viq+nq/P9KytxoFybGwxjnxEcu++efsc+BjbKuylzq93rspQOoI/WjRxE/DoZCWQzK/UKWd1x1L3a/1+9IfKswkBEesgWx0Ug/bLlbr7GfQ3cpI6EwRGMba4VzfdmWPYAqAsfJmmOIY/WTShUEVbAmYQuUMhmZ9geWfjHonX42w7G8ICtlPcMc68ApK0nuhgKpzKisfHC/ddg8=,iv:rOePsUqnm0SSxHm4lc4Ikq9tbOnIgunIw3tqeFsEFTs=,tag:ESzqhFRmTUBvZQBzISQ2Qg==,type:str]", | ||
| 3 | "sops": { | ||
| 4 | "kms": null, | ||
| 5 | "gcp_kms": null, | ||
| 6 | "azure_kv": null, | ||
| 7 | "hc_vault": null, | ||
| 8 | "age": null, | ||
| 9 | "lastmodified": "2022-02-22T14:43:23Z", | ||
| 10 | "mac": "ENC[AES256_GCM,data:g2DNekY/VbytxwTxxIgXH+RldXCab3wtx5cOYriKxC6MDr3/E1A/rZm6nWqRI6lvD/dsmLsYmfvwEpfkTMvSi3/kFJZSr2y0wUBHMsZSs2cqtmZ7i+9YHMLrb//KTbkZHFw/NiH2pra29oFN1vdVrHwMvf0uVazBXyHABSb+DJE=,iv:jc+4u9sgWfBpF4lJtv2T6vxN5xhG/z7Vf3eADI37rKo=,tag:hhaDRwsOgCUoTDHdr8y9DQ==,type:str]", | ||
| 11 | "pgp": [ | ||
| 12 | { | ||
| 13 | "created_at": "2022-02-22T14:43:23Z", | ||
| 14 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAzEmCD9ROaiWV0ludmvPP0qGXznkk2J6bQQr0rWCZv2Yw\nF9JbGeiFyqnlPJKDs6rQyIzqmK/1IDjLNJ7KArQaJX5Htua64Iyb1M+Rxc8ugG52\n0l4BPxSJ76HAI0iHLM0UdGRfeyyYuwnShaqM5X4qEQu7Mh7L83s8Ym8a4tJpv+Zq\nGh1Uz7G+MyevcAT4J+bZY5VDyk6rwuMpS4mrzIMl30gkoiorQMyoSmji4ymLJ8NS\n=tRMa\n-----END PGP MESSAGE-----\n", | ||
| 15 | "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" | ||
| 16 | }, | ||
| 17 | { | ||
| 18 | "created_at": "2022-02-22T14:43:23Z", | ||
| 19 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAmy1AUOAkS9tkTu+GbDAS7SD+cT83CnRYd1O1ZG+eYwcw\nou88Nz3AGUcSa99om+yVY22nvztrIDOmqMih27ArB1Ruqhh4l4cm4mMrt35Jgezv\n0l4BiKZMHk6cwYGDopEfGU9m1l7lWZJofYIJZ8W0WSUtbHBXzZjwh5N7rh6EF2Te\njRJ72f6+/IaVeyhQjZocwQvFr0mfezontWlJb8hTOGBiWt16UPZ2UUgWMNIhepcy\n=AlJs\n-----END PGP MESSAGE-----\n", | ||
| 20 | "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" | ||
| 21 | } | ||
| 22 | ], | ||
| 23 | "unencrypted_suffix": "_unencrypted", | ||
| 24 | "version": "3.7.1" | ||
| 25 | } | ||
| 26 | } \ No newline at end of file | ||
diff --git a/hosts/surtr/dns/zones/email.nights.soa b/hosts/surtr/dns/zones/email.nights.soa index 0beba77a..84ea61cc 100644 --- a/hosts/surtr/dns/zones/email.nights.soa +++ b/hosts/surtr/dns/zones/email.nights.soa | |||
| @@ -1,7 +1,7 @@ | |||
| 1 | $ORIGIN nights.email. | 1 | $ORIGIN nights.email. |
| 2 | $TTL 3600 | 2 | $TTL 3600 |
| 3 | @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( | 3 | @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( |
| 4 | 2022022102 ; serial | 4 | 2022022200 ; serial |
| 5 | 10800 ; refresh | 5 | 10800 ; refresh |
| 6 | 3600 ; retry | 6 | 3600 ; retry |
| 7 | 604800 ; expire | 7 | 604800 ; expire |
| @@ -25,6 +25,8 @@ $TTL 3600 | |||
| 25 | * IN MX 0 ymir.yggdrasil.li. | 25 | * IN MX 0 ymir.yggdrasil.li. |
| 26 | * IN TXT "v=spf1 redirect=yggdrasil.li" | 26 | * IN TXT "v=spf1 redirect=yggdrasil.li" |
| 27 | 27 | ||
| 28 | _acme-challenge IN NS ns.yggdrasil.li. | ||
| 29 | |||
| 28 | ymir._domainkey IN TXT ( | 30 | ymir._domainkey IN TXT ( |
| 29 | "v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq3cCKlk+VPhyAanLZTM0BCzUT/+fmxHioZcFk0uJk1akBYj7BRofR7eVNcLKpm3rwYMQgE+9vJH9p8SV6tws9EcWc8SMCqqGZlREYM7PmLDiTSK/vjCzkygfgFCb0EBNsY2A/fpP4rTeoxrbcBSvMkq97iY5rwyw4wXZVZXLiDaCj23s8POoxTk1ClqUJZJQ5x2" | 31 | "v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq3cCKlk+VPhyAanLZTM0BCzUT/+fmxHioZcFk0uJk1akBYj7BRofR7eVNcLKpm3rwYMQgE+9vJH9p8SV6tws9EcWc8SMCqqGZlREYM7PmLDiTSK/vjCzkygfgFCb0EBNsY2A/fpP4rTeoxrbcBSvMkq97iY5rwyw4wXZVZXLiDaCj23s8POoxTk1ClqUJZJQ5x2" |
| 30 | "qzrC0RfN5kLZ9A7Gq2jB09vNxpXHYqABA0bJv88JiZM7hfkp9IafJZ+yCVMaBcJs4DAxnTjNAuFD9gm+qSFVY8+yeXqL6Qjo5PbruhyZRBW8RgRYT8t5n07XRglMGKKGMwOGLanrltcyXqB+GsDZBD36RAAwjFadnxdpDyRv4SgRP7ff2tKRrORYpmpN+mKdqw5j3J/nP6bXV1oAkyh9XQkPEIDi81WT87EZziTElDzVp6A2qFOxqucAovoRk24" | 32 | "qzrC0RfN5kLZ9A7Gq2jB09vNxpXHYqABA0bJv88JiZM7hfkp9IafJZ+yCVMaBcJs4DAxnTjNAuFD9gm+qSFVY8+yeXqL6Qjo5PbruhyZRBW8RgRYT8t5n07XRglMGKKGMwOGLanrltcyXqB+GsDZBD36RAAwjFadnxdpDyRv4SgRP7ff2tKRrORYpmpN+mKdqw5j3J/nP6bXV1oAkyh9XQkPEIDi81WT87EZziTElDzVp6A2qFOxqucAovoRk24" |
diff --git a/hosts/surtr/dns/zones/li.141.soa b/hosts/surtr/dns/zones/li.141.soa index fbff1cad..9419a4ad 100644 --- a/hosts/surtr/dns/zones/li.141.soa +++ b/hosts/surtr/dns/zones/li.141.soa | |||
| @@ -1,7 +1,7 @@ | |||
| 1 | $ORIGIN 141.li. | 1 | $ORIGIN 141.li. |
| 2 | $TTL 3600 | 2 | $TTL 3600 |
| 3 | @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( | 3 | @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( |
| 4 | 2022022200 ; serial | 4 | 2022022201 ; serial |
| 5 | 10800 ; refresh | 5 | 10800 ; refresh |
| 6 | 3600 ; retry | 6 | 3600 ; retry |
| 7 | 604800 ; expire | 7 | 604800 ; expire |
| @@ -25,6 +25,8 @@ $TTL 3600 | |||
| 25 | * IN MX 0 ymir.yggdrasil.li. | 25 | * IN MX 0 ymir.yggdrasil.li. |
| 26 | * IN TXT "v=spf1 redirect=yggdrasil.li" | 26 | * IN TXT "v=spf1 redirect=yggdrasil.li" |
| 27 | 27 | ||
| 28 | _acme-challenge IN NS ns.yggdrasil.li. | ||
| 29 | |||
| 28 | surtr IN A 202.61.241.61 | 30 | surtr IN A 202.61.241.61 |
| 29 | surtr IN AAAA 2a03:4000:52:ada:: | 31 | surtr IN AAAA 2a03:4000:52:ada:: |
| 30 | surtr IN MX 0 ymir.yggdrasil.li | 32 | surtr IN MX 0 ymir.yggdrasil.li |
diff --git a/hosts/surtr/dns/zones/li.kleen.soa b/hosts/surtr/dns/zones/li.kleen.soa index eb998795..2e6326a4 100644 --- a/hosts/surtr/dns/zones/li.kleen.soa +++ b/hosts/surtr/dns/zones/li.kleen.soa | |||
| @@ -1,7 +1,7 @@ | |||
| 1 | $ORIGIN kleen.li. | 1 | $ORIGIN kleen.li. |
| 2 | $TTL 3600 | 2 | $TTL 3600 |
| 3 | @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( | 3 | @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( |
| 4 | 2022022102 ; serial | 4 | 2022022200 ; serial |
| 5 | 10800 ; refresh | 5 | 10800 ; refresh |
| 6 | 3600 ; retry | 6 | 3600 ; retry |
| 7 | 604800 ; expire | 7 | 604800 ; expire |
| @@ -25,6 +25,8 @@ $TTL 3600 | |||
| 25 | * IN MX 0 ymir.yggdrasil.li. | 25 | * IN MX 0 ymir.yggdrasil.li. |
| 26 | * IN TXT "v=spf1 redirect=yggdrasil.li" | 26 | * IN TXT "v=spf1 redirect=yggdrasil.li" |
| 27 | 27 | ||
| 28 | _acme-challenge IN NS ns.yggdrasil.li. | ||
| 29 | |||
| 28 | ymir._domainkey IN TXT ( | 30 | ymir._domainkey IN TXT ( |
| 29 | "v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq3cCKlk+VPhyAanLZTM0BCzUT/+fmxHioZcFk0uJk1akBYj7BRofR7eVNcLKpm3rwYMQgE+9vJH9p8SV6tws9EcWc8SMCqqGZlREYM7PmLDiTSK/vjCzkygfgFCb0EBNsY2A/fpP4rTeoxrbcBSvMkq97iY5rwyw4wXZVZXLiDaCj23s8POoxTk1ClqUJZJQ5x2" | 31 | "v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq3cCKlk+VPhyAanLZTM0BCzUT/+fmxHioZcFk0uJk1akBYj7BRofR7eVNcLKpm3rwYMQgE+9vJH9p8SV6tws9EcWc8SMCqqGZlREYM7PmLDiTSK/vjCzkygfgFCb0EBNsY2A/fpP4rTeoxrbcBSvMkq97iY5rwyw4wXZVZXLiDaCj23s8POoxTk1ClqUJZJQ5x2" |
| 30 | "qzrC0RfN5kLZ9A7Gq2jB09vNxpXHYqABA0bJv88JiZM7hfkp9IafJZ+yCVMaBcJs4DAxnTjNAuFD9gm+qSFVY8+yeXqL6Qjo5PbruhyZRBW8RgRYT8t5n07XRglMGKKGMwOGLanrltcyXqB+GsDZBD36RAAwjFadnxdpDyRv4SgRP7ff2tKRrORYpmpN+mKdqw5j3J/nP6bXV1oAkyh9XQkPEIDi81WT87EZziTElDzVp6A2qFOxqucAovoRk24" | 32 | "qzrC0RfN5kLZ9A7Gq2jB09vNxpXHYqABA0bJv88JiZM7hfkp9IafJZ+yCVMaBcJs4DAxnTjNAuFD9gm+qSFVY8+yeXqL6Qjo5PbruhyZRBW8RgRYT8t5n07XRglMGKKGMwOGLanrltcyXqB+GsDZBD36RAAwjFadnxdpDyRv4SgRP7ff2tKRrORYpmpN+mKdqw5j3J/nP6bXV1oAkyh9XQkPEIDi81WT87EZziTElDzVp6A2qFOxqucAovoRk24" |
diff --git a/hosts/surtr/dns/zones/li.xmpp.soa b/hosts/surtr/dns/zones/li.xmpp.soa index 08c38bc4..7a10c957 100644 --- a/hosts/surtr/dns/zones/li.xmpp.soa +++ b/hosts/surtr/dns/zones/li.xmpp.soa | |||
| @@ -1,7 +1,7 @@ | |||
| 1 | $ORIGIN xmpp.li. | 1 | $ORIGIN xmpp.li. |
| 2 | $TTL 3600 | 2 | $TTL 3600 |
| 3 | @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( | 3 | @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( |
| 4 | 2022022102 ; serial | 4 | 2022022200 ; serial |
| 5 | 10800 ; refresh | 5 | 10800 ; refresh |
| 6 | 3600 ; retry | 6 | 3600 ; retry |
| 7 | 604800 ; expire | 7 | 604800 ; expire |
| @@ -25,6 +25,8 @@ $TTL 3600 | |||
| 25 | * IN MX 0 ymir.yggdrasil.li. | 25 | * IN MX 0 ymir.yggdrasil.li. |
| 26 | * IN TXT "v=spf1 redirect=yggdrasil.li" | 26 | * IN TXT "v=spf1 redirect=yggdrasil.li" |
| 27 | 27 | ||
| 28 | _acme-challenge IN NS ns.yggdrasil.li. | ||
| 29 | |||
| 28 | ymir._domainkey IN TXT ( | 30 | ymir._domainkey IN TXT ( |
| 29 | "v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq3cCKlk+VPhyAanLZTM0BCzUT/+fmxHioZcFk0uJk1akBYj7BRofR7eVNcLKpm3rwYMQgE+9vJH9p8SV6tws9EcWc8SMCqqGZlREYM7PmLDiTSK/vjCzkygfgFCb0EBNsY2A/fpP4rTeoxrbcBSvMkq97iY5rwyw4wXZVZXLiDaCj23s8POoxTk1ClqUJZJQ5x2" | 31 | "v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq3cCKlk+VPhyAanLZTM0BCzUT/+fmxHioZcFk0uJk1akBYj7BRofR7eVNcLKpm3rwYMQgE+9vJH9p8SV6tws9EcWc8SMCqqGZlREYM7PmLDiTSK/vjCzkygfgFCb0EBNsY2A/fpP4rTeoxrbcBSvMkq97iY5rwyw4wXZVZXLiDaCj23s8POoxTk1ClqUJZJQ5x2" |
| 30 | "qzrC0RfN5kLZ9A7Gq2jB09vNxpXHYqABA0bJv88JiZM7hfkp9IafJZ+yCVMaBcJs4DAxnTjNAuFD9gm+qSFVY8+yeXqL6Qjo5PbruhyZRBW8RgRYT8t5n07XRglMGKKGMwOGLanrltcyXqB+GsDZBD36RAAwjFadnxdpDyRv4SgRP7ff2tKRrORYpmpN+mKdqw5j3J/nP6bXV1oAkyh9XQkPEIDi81WT87EZziTElDzVp6A2qFOxqucAovoRk24" | 32 | "qzrC0RfN5kLZ9A7Gq2jB09vNxpXHYqABA0bJv88JiZM7hfkp9IafJZ+yCVMaBcJs4DAxnTjNAuFD9gm+qSFVY8+yeXqL6Qjo5PbruhyZRBW8RgRYT8t5n07XRglMGKKGMwOGLanrltcyXqB+GsDZBD36RAAwjFadnxdpDyRv4SgRP7ff2tKRrORYpmpN+mKdqw5j3J/nP6bXV1oAkyh9XQkPEIDi81WT87EZziTElDzVp6A2qFOxqucAovoRk24" |
diff --git a/hosts/surtr/dns/zones/li.yggdrasil.soa b/hosts/surtr/dns/zones/li.yggdrasil.soa index 0cd26ec1..8fbfd98f 100644 --- a/hosts/surtr/dns/zones/li.yggdrasil.soa +++ b/hosts/surtr/dns/zones/li.yggdrasil.soa | |||
| @@ -1,7 +1,7 @@ | |||
| 1 | $ORIGIN yggdrasil.li. | 1 | $ORIGIN yggdrasil.li. |
| 2 | $TTL 3600 | 2 | $TTL 3600 |
| 3 | @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( | 3 | @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( |
| 4 | 2022022102 ; serial | 4 | 2022022200 ; serial |
| 5 | 10800 ; refresh | 5 | 10800 ; refresh |
| 6 | 3600 ; retry | 6 | 3600 ; retry |
| 7 | 604800 ; expire | 7 | 604800 ; expire |
| @@ -28,6 +28,8 @@ ns IN AAAA 2a03:4000:52:ada:: | |||
| 28 | * IN MX 0 ymir.yggdrasil.li. | 28 | * IN MX 0 ymir.yggdrasil.li. |
| 29 | * IN TXT "v=spf1 redirect=yggdrasil.li" | 29 | * IN TXT "v=spf1 redirect=yggdrasil.li" |
| 30 | 30 | ||
| 31 | _acme-challenge IN NS ns.yggdrasil.li. | ||
| 32 | |||
| 31 | ymir IN A 188.68.51.254 | 33 | ymir IN A 188.68.51.254 |
| 32 | ymir IN AAAA 2a03:4000:6:d004:: | 34 | ymir IN AAAA 2a03:4000:6:d004:: |
| 33 | ymir IN MX 0 ymir.yggdrasil.li. | 35 | ymir IN MX 0 ymir.yggdrasil.li. |
diff --git a/hosts/surtr/dns/zones/org.dirty-haskell.soa b/hosts/surtr/dns/zones/org.dirty-haskell.soa index ea7e0010..558d9817 100644 --- a/hosts/surtr/dns/zones/org.dirty-haskell.soa +++ b/hosts/surtr/dns/zones/org.dirty-haskell.soa | |||
| @@ -1,7 +1,7 @@ | |||
| 1 | $ORIGIN dirty-haskell.org. | 1 | $ORIGIN dirty-haskell.org. |
| 2 | $TTL 3600 | 2 | $TTL 3600 |
| 3 | @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( | 3 | @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( |
| 4 | 2022022102 ; serial | 4 | 2022022200 ; serial |
| 5 | 10800 ; refresh | 5 | 10800 ; refresh |
| 6 | 3600 ; retry | 6 | 3600 ; retry |
| 7 | 604800 ; expire | 7 | 604800 ; expire |
| @@ -25,6 +25,8 @@ $TTL 3600 | |||
| 25 | * IN MX 0 ymir.yggdrasil.li. | 25 | * IN MX 0 ymir.yggdrasil.li. |
| 26 | * IN TXT "v=spf1 redirect=yggdrasil.li" | 26 | * IN TXT "v=spf1 redirect=yggdrasil.li" |
| 27 | 27 | ||
| 28 | _acme-challenge IN NS ns.yggdrasil.li. | ||
| 29 | |||
| 28 | ymir._domainkey IN TXT ( | 30 | ymir._domainkey IN TXT ( |
| 29 | "v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq3cCKlk+VPhyAanLZTM0BCzUT/+fmxHioZcFk0uJk1akBYj7BRofR7eVNcLKpm3rwYMQgE+9vJH9p8SV6tws9EcWc8SMCqqGZlREYM7PmLDiTSK/vjCzkygfgFCb0EBNsY2A/fpP4rTeoxrbcBSvMkq97iY5rwyw4wXZVZXLiDaCj23s8POoxTk1ClqUJZJQ5x2" | 31 | "v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq3cCKlk+VPhyAanLZTM0BCzUT/+fmxHioZcFk0uJk1akBYj7BRofR7eVNcLKpm3rwYMQgE+9vJH9p8SV6tws9EcWc8SMCqqGZlREYM7PmLDiTSK/vjCzkygfgFCb0EBNsY2A/fpP4rTeoxrbcBSvMkq97iY5rwyw4wXZVZXLiDaCj23s8POoxTk1ClqUJZJQ5x2" |
| 30 | "qzrC0RfN5kLZ9A7Gq2jB09vNxpXHYqABA0bJv88JiZM7hfkp9IafJZ+yCVMaBcJs4DAxnTjNAuFD9gm+qSFVY8+yeXqL6Qjo5PbruhyZRBW8RgRYT8t5n07XRglMGKKGMwOGLanrltcyXqB+GsDZBD36RAAwjFadnxdpDyRv4SgRP7ff2tKRrORYpmpN+mKdqw5j3J/nP6bXV1oAkyh9XQkPEIDi81WT87EZziTElDzVp6A2qFOxqucAovoRk24" | 32 | "qzrC0RfN5kLZ9A7Gq2jB09vNxpXHYqABA0bJv88JiZM7hfkp9IafJZ+yCVMaBcJs4DAxnTjNAuFD9gm+qSFVY8+yeXqL6Qjo5PbruhyZRBW8RgRYT8t5n07XRglMGKKGMwOGLanrltcyXqB+GsDZBD36RAAwjFadnxdpDyRv4SgRP7ff2tKRrORYpmpN+mKdqw5j3J/nP6bXV1oAkyh9XQkPEIDi81WT87EZziTElDzVp6A2qFOxqucAovoRk24" |
diff --git a/hosts/surtr/dns/zones/org.praseodym.soa b/hosts/surtr/dns/zones/org.praseodym.soa index 72f380bb..08f5d16d 100644 --- a/hosts/surtr/dns/zones/org.praseodym.soa +++ b/hosts/surtr/dns/zones/org.praseodym.soa | |||
| @@ -1,7 +1,7 @@ | |||
| 1 | $ORIGIN praseodym.org. | 1 | $ORIGIN praseodym.org. |
| 2 | $TTL 3600 | 2 | $TTL 3600 |
| 3 | @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( | 3 | @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( |
| 4 | 2022022102 ; serial | 4 | 2022022200 ; serial |
| 5 | 10800 ; refresh | 5 | 10800 ; refresh |
| 6 | 3600 ; retry | 6 | 3600 ; retry |
| 7 | 604800 ; expire | 7 | 604800 ; expire |
| @@ -25,6 +25,8 @@ $TTL 3600 | |||
| 25 | * IN MX 0 ymir.yggdrasil.li. | 25 | * IN MX 0 ymir.yggdrasil.li. |
| 26 | * IN TXT "v=spf1 redirect=yggdrasil.li" | 26 | * IN TXT "v=spf1 redirect=yggdrasil.li" |
| 27 | 27 | ||
| 28 | _acme-challenge IN NS ns.yggdrasil.li. | ||
| 29 | |||
| 28 | surtr IN A 202.61.241.61 | 30 | surtr IN A 202.61.241.61 |
| 29 | surtr IN AAAA 2a03:4000:52:ada:: | 31 | surtr IN AAAA 2a03:4000:52:ada:: |
| 30 | surtr IN MX 0 ymir.yggdrasil.li | 32 | surtr IN MX 0 ymir.yggdrasil.li |