summaryrefslogtreecommitdiff
path: root/hosts/surtr/tls.nix
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2022-01-31 16:58:50 +0100
committerGregor Kleen <gkleen@yggdrasil.li>2022-01-31 16:58:50 +0100
commit6562b2c5793c7329f08b1c6d14cf732cb6d41bb4 (patch)
tree525cae6d28aafca290ff889c9792203708036ade /hosts/surtr/tls.nix
parentb3c4357df217f0d455846c6f98243b97a3e310b1 (diff)
downloadnixos-6562b2c5793c7329f08b1c6d14cf732cb6d41bb4.tar
nixos-6562b2c5793c7329f08b1c6d14cf732cb6d41bb4.tar.gz
nixos-6562b2c5793c7329f08b1c6d14cf732cb6d41bb4.tar.bz2
nixos-6562b2c5793c7329f08b1c6d14cf732cb6d41bb4.tar.xz
nixos-6562b2c5793c7329f08b1c6d14cf732cb6d41bb4.zip
...
Diffstat (limited to 'hosts/surtr/tls.nix')
-rw-r--r--hosts/surtr/tls.nix63
1 files changed, 31 insertions, 32 deletions
diff --git a/hosts/surtr/tls.nix b/hosts/surtr/tls.nix
index 97a9649d..d99e832c 100644
--- a/hosts/surtr/tls.nix
+++ b/hosts/surtr/tls.nix
@@ -6,48 +6,47 @@ let
6 cfg = config.security.acme; 6 cfg = config.security.acme;
7 knotCfg = config.services.knot; 7 knotCfg = config.services.knot;
8 8
9 knotDNSCredentials = zone: pkgs.writeText "lego-credentials" '' 9 knotDNSCredentials = domain: let
10 zone = if cfg.domains.${domain}.zone == null then domain else cfg.domains.${domain}.zone;
11 in pkgs.writeText "lego-credentials" ''
10 EXEC_PATH=${knotDNSExec zone}/bin/update-dns.sh 12 EXEC_PATH=${knotDNSExec zone}/bin/update-dns.sh
11 EXEC_PROPAGATION_TIMEOUT=300 13 EXEC_PROPAGATION_TIMEOUT=300
12 EXEC_POLLING_INTERVAL=5 14 EXEC_POLLING_INTERVAL=5
13 ''; 15 '';
14 knotDNSExec = domain: 16 knotDNSExec = zone: pkgs.writeScriptBin "update-dns.sh" ''
15 let 17 #!${pkgs.zsh}/bin/zsh -xe
16 zone = if cfg.domains.${domain}.zone == null then domain else cfg.domains.${domain}.zone;
17 in pkgs.writeScriptBin "update-dns.sh" ''
18 #!${pkgs.zsh}/bin/zsh -xe
19 18
20 mode=$1 19 mode=$1
21 fqdn=$2 20 fqdn=$2
22 challenge=$3 21 challenge=$3
23 22
24 owner=''${fqdn%".${domain}."} 23 owner=''${fqdn%".${zone}."}
25 24
26 commited= 25 commited=
27 function abort() { 26 function abort() {
28 [[ -n "''${commited}" ]] || ${knotCfg.cliWrappers}/bin/knotc zone-abort "${zone}" 27 [[ -n "''${commited}" ]] || ${knotCfg.cliWrappers}/bin/knotc zone-abort "${zone}"
29 } 28 }
30 29
31 ${knotCfg.cliWrappers}/bin/knotc zone-begin "${zone}" 30 ${knotCfg.cliWrappers}/bin/knotc zone-begin "${zone}"
32 trap abort EXIT 31 trap abort EXIT
33 32
34 case "''${mode}" in 33 case "''${mode}" in
35 present) 34 present)
36 ${knotCfg.cliWrappers}/bin/knotc zone-unset ${zone} "''${owner}" TXT '""' 35 ${knotCfg.cliWrappers}/bin/knotc zone-unset ${zone} "''${owner}" TXT '""'
37 ${knotCfg.cliWrappers}/bin/knotc zone-set ${zone} "''${owner}" 30 TXT "''${challenge}" 36 ${knotCfg.cliWrappers}/bin/knotc zone-set ${zone} "''${owner}" 30 TXT "''${challenge}"
38 ;; 37 ;;
39 cleanup) 38 cleanup)
40 ${knotCfg.cliWrappers}/bin/knotc zone-unset ${zone} "''${owner}" TXT "''${challenge}" 39 ${knotCfg.cliWrappers}/bin/knotc zone-unset ${zone} "''${owner}" TXT "''${challenge}"
41 ${knotCfg.cliWrappers}/bin/knotc zone-set ${zone} "''${owner}" 30 TXT '""' 40 ${knotCfg.cliWrappers}/bin/knotc zone-set ${zone} "''${owner}" 30 TXT '""'
42 ;; 41 ;;
43 *) 42 *)
44 exit 2 43 exit 2
45 ;; 44 ;;
46 esac 45 esac
47 46
48 ${knotCfg.cliWrappers}/bin/knotc zone-commit "${zone}" 47 ${knotCfg.cliWrappers}/bin/knotc zone-commit "${zone}"
49 commited=yes 48 commited=yes
50 ''; 49 '';
51 50
52 domainOptions = { 51 domainOptions = {
53 options = { 52 options = {