diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2022-02-22 15:48:59 +0100 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2022-02-22 15:48:59 +0100 |
commit | a7255ba16633d70c22e8bed75ae52c49f08e1c18 (patch) | |
tree | 71f1cdc442efef13fe239e8694b4fe9bcc58b923 /hosts | |
parent | ef600c518e5fdb4962fdd4d4851413a024fa52f7 (diff) | |
download | nixos-a7255ba16633d70c22e8bed75ae52c49f08e1c18.tar nixos-a7255ba16633d70c22e8bed75ae52c49f08e1c18.tar.gz nixos-a7255ba16633d70c22e8bed75ae52c49f08e1c18.tar.bz2 nixos-a7255ba16633d70c22e8bed75ae52c49f08e1c18.tar.xz nixos-a7255ba16633d70c22e8bed75ae52c49f08e1c18.zip |
surtr: dns/tls: rfc2136
Diffstat (limited to 'hosts')
28 files changed, 466 insertions, 130 deletions
diff --git a/hosts/surtr/dns/Gupfile b/hosts/surtr/dns/Gupfile new file mode 100644 index 00000000..ac96f620 --- /dev/null +++ b/hosts/surtr/dns/Gupfile | |||
@@ -0,0 +1,2 @@ | |||
1 | key.gup: | ||
2 | keys/*.yaml \ No newline at end of file | ||
diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix index 5d55c815..57146d67 100644 --- a/hosts/surtr/dns/default.nix +++ b/hosts/surtr/dns/default.nix | |||
@@ -3,15 +3,38 @@ | |||
3 | with lib; | 3 | with lib; |
4 | 4 | ||
5 | let | 5 | let |
6 | acmeChallengeZonefile = domain: let | 6 | reverseDomain = domain: concatStringsSep "." (reverseList (splitString "." domain)); |
7 | reverseDomain = concatStringsSep "." (reverseList (["_acme-challenge"] ++ splitString "." domain)); | 7 | |
8 | in pkgs.writeText "${reverseDomain}.zone" '' | 8 | acmeChallengeZonefile = domain: pkgs.writeText "${reverseDomain "_acme-challenge.${domain}"}.soa" '' |
9 | $ORIGIN _acme-challenge.${domain}. | 9 | $ORIGIN _acme-challenge.${domain}. |
10 | $TTL 3600 | 10 | $TTL 3600 |
11 | @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. 2022022103 10800 3600 604800 30 | 11 | @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. 2022022103 10800 3600 604800 30 |
12 | 12 | ||
13 | IN NS ns.yggdrasil.li. | 13 | IN NS ns.yggdrasil.li. |
14 | ''; | 14 | ''; |
15 | |||
16 | knotKeys = let | ||
17 | dir = ./keys; | ||
18 | toKeyInfo = name: v: | ||
19 | if v == "regular" || v == "symlink" | ||
20 | then { path = dir + "/${name}"; inherit name; } | ||
21 | else null; | ||
22 | in filter (v: v != null) (mapAttrsToList toKeyInfo (builtins.readDir dir)); | ||
23 | |||
24 | indentString = indentation: str: concatMapStringsSep "\n" (str: " ${str}") (splitString "\n" (removeSuffix "\n" str)); | ||
25 | |||
26 | mkZone = {domain, path ? (./zones + "/${reverseDomain domain}.soa"), acmeDomains ? [domain]}: indentString " " '' | ||
27 | - domain: ${domain} | ||
28 | template: inwx_zone | ||
29 | ${optionalString (acmeDomains != []) "acl: [local_acl, inwx_acl]"} | ||
30 | file: ${path} | ||
31 | ${concatMapStringsSep "\n" (acmeDomain: '' | ||
32 | - domain: _acme-challenge.${acmeDomain} | ||
33 | template: acme_zone | ||
34 | acl: [${assert (config.sops.secrets ? "${acmeDomain}_acme.yaml"); "${acmeDomain}_acme_acl"}] | ||
35 | file: ${acmeChallengeZonefile acmeDomain} | ||
36 | '') acmeDomains} | ||
37 | ''; | ||
15 | in { | 38 | in { |
16 | config = { | 39 | config = { |
17 | fileSystems."/var/lib/knot" = | 40 | fileSystems."/var/lib/knot" = |
@@ -23,11 +46,7 @@ in { | |||
23 | 46 | ||
24 | services.knot = { | 47 | services.knot = { |
25 | enable = true; | 48 | enable = true; |
26 | keyFiles = [ | 49 | keyFiles = map ({name, ...}: config.sops.secrets.${name}.path) knotKeys; |
27 | config.sops.secrets."rheperire.org_acme_key.yaml".path | ||
28 | config.sops.secrets."webdav.141.li_acme_key.yaml".path | ||
29 | config.sops.secrets."knot_local_key.yaml".path | ||
30 | ]; | ||
31 | extraConfig = '' | 50 | extraConfig = '' |
32 | server: | 51 | server: |
33 | listen: 127.0.0.1@53 | 52 | listen: 127.0.0.1@53 |
@@ -48,16 +67,23 @@ in { | |||
48 | - id: inwx_acl | 67 | - id: inwx_acl |
49 | address: 185.181.104.96 | 68 | address: 185.181.104.96 |
50 | action: transfer | 69 | action: transfer |
51 | - id: rheperire.org_acme_acl | ||
52 | key: rheperire.org_acme_key | ||
53 | action: update | ||
54 | - id: webdav.141.li_acme_acl | ||
55 | key: webdav.141.li_acme_key | ||
56 | action: update | ||
57 | - id: local_acl | 70 | - id: local_acl |
58 | key: local_key | 71 | key: local_key |
59 | action: update | 72 | action: update |
60 | update-type: DS | 73 | update-type: DS |
74 | ${let | ||
75 | toACMEACL = { name, ... }: | ||
76 | if hasSuffix "_acme.yaml" name | ||
77 | then | ||
78 | let | ||
79 | base = removeSuffix ".yaml" name; | ||
80 | in indentString " " '' | ||
81 | - id: ${base}_acl | ||
82 | key: ${base}_key | ||
83 | action: update | ||
84 | '' | ||
85 | else null; | ||
86 | in concatStringsSep "\n" (filter (v: v != null) (map toACMEACL knotKeys))} | ||
61 | 87 | ||
62 | mod-rrl: | 88 | mod-rrl: |
63 | - id: default | 89 | - id: default |
@@ -124,68 +150,33 @@ in { | |||
124 | dnssec-policy: ed25519_local-push | 150 | dnssec-policy: ed25519_local-push |
125 | 151 | ||
126 | zone: | 152 | zone: |
127 | - domain: yggdrasil.li | 153 | ${concatMapStringsSep "\n" mkZone [ |
128 | template: inwx_zone | 154 | { domain = "yggdrasil.li"; |
129 | file: ${./zones/li.yggdrasil.soa} | 155 | } |
130 | 156 | { domain = "nights.email"; | |
131 | - domain: nights.email | 157 | } |
132 | template: inwx_zone | 158 | { domain = "141.li"; |
133 | file: ${./zones/email.nights.soa} | 159 | acmeDomains = ["webdav.141.li" "141.li"]; |
134 | 160 | } | |
135 | - domain: 141.li | 161 | { domain = "kleen.li"; |
136 | template: inwx_zone | 162 | } |
137 | acl: [local_acl, inwx_acl] | 163 | { domain = "xmpp.li"; |
138 | file: ${./zones/li.141.soa} | 164 | } |
139 | - domain: _acme-challenge.webdav.141.li | 165 | { domain = "dirty-haskell.org"; |
140 | template: acme_zone | 166 | } |
141 | acl: [webdav.141.li_acme_acl] | 167 | { domain = "praseodym.org"; |
142 | file: ${acmeChallengeZonefile "webdav.141.li"} | 168 | } |
143 | 169 | { domain = "rheperire.org"; | |
144 | - domain: kleen.li | 170 | } |
145 | template: inwx_zone | 171 | ]} |
146 | file: ${./zones/li.kleen.soa} | ||
147 | |||
148 | - domain: xmpp.li | ||
149 | template: inwx_zone | ||
150 | file: ${./zones/li.xmpp.soa} | ||
151 | |||
152 | - domain: dirty-haskell.org | ||
153 | template: inwx_zone | ||
154 | file: ${./zones/org.dirty-haskell.soa} | ||
155 | |||
156 | - domain: praseodym.org | ||
157 | template: inwx_zone | ||
158 | file: ${./zones/org.praseodym.soa} | ||
159 | |||
160 | - domain: rheperire.org | ||
161 | template: inwx_zone | ||
162 | acl: [local_acl, inwx_acl] | ||
163 | file: ${./zones/org.rheperire.soa} | ||
164 | - domain: _acme-challenge.rheperire.org | ||
165 | template: acme_zone | ||
166 | acl: [rheperire.org_acme_acl] | ||
167 | file: ${acmeChallengeZonefile "rheperire.org"} | ||
168 | ''; | 172 | ''; |
169 | }; | 173 | }; |
170 | 174 | ||
171 | sops.secrets = { | 175 | sops.secrets = listToAttrs (map ({name, path}: nameValuePair name { |
172 | "rheperire.org_acme_key.yaml" = { | 176 | format = "binary"; |
173 | format = "binary"; | 177 | owner = "knot"; |
174 | owner = "knot"; | 178 | sopsFile = path; |
175 | sopsFile = ./keys/rheperire.org_acme.yaml; | 179 | }) knotKeys); |
176 | }; | ||
177 | "webdav.141.li_acme_key.yaml" = { | ||
178 | format = "binary"; | ||
179 | owner = "knot"; | ||
180 | sopsFile = ./keys/webdav.141.li_acme.yaml; | ||
181 | }; | ||
182 | "knot_local_key.yaml" = { | ||
183 | format = "binary"; | ||
184 | owner = "knot"; | ||
185 | sopsFile = ./keys/local_key.yaml; | ||
186 | }; | ||
187 | }; | ||
188 | |||
189 | 180 | ||
190 | fileSystems."/var/lib/unbound" = | 181 | fileSystems."/var/lib/unbound" = |
191 | { device = "surtr/local/var-lib-unbound"; | 182 | { device = "surtr/local/var-lib-unbound"; |
diff --git a/hosts/surtr/dns/key.gup b/hosts/surtr/dns/key.gup new file mode 100644 index 00000000..32d4f7d6 --- /dev/null +++ b/hosts/surtr/dns/key.gup | |||
@@ -0,0 +1,6 @@ | |||
1 | #!/usr/bin/env zsh | ||
2 | |||
3 | keyName=${${2:t}%.yaml}_key | ||
4 | |||
5 | keymgr -t ${keyName} > $1 | ||
6 | sops -p '7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8,30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51' --input-type=binary --output-type=binary -e -i $1 \ No newline at end of file | ||
diff --git a/hosts/surtr/dns/keys/141.li_acme.yaml b/hosts/surtr/dns/keys/141.li_acme.yaml new file mode 100644 index 00000000..77fbc4b2 --- /dev/null +++ b/hosts/surtr/dns/keys/141.li_acme.yaml | |||
@@ -0,0 +1,26 @@ | |||
1 | { | ||
2 | "data": "ENC[AES256_GCM,data:2y3A/KCH2X8T/g9gVhNQuAHvorebyKnfAZc+kJE5hL06l7xieJsxpj7DBbWjh5y7Ae2fBNMFA1tU9Ig6S3qvjzxlCNQWSpq05GBTiU2AdUDWwn52gztEvNLEpFsdUDyUYZSPLy82dFckyegWuoBQbGe6vOPdXyM4aPCIuj3fp18A6cNSRp4YyERL/JoveLRQYFJUpV5Xr9JyNHj/4hDfikJJMG1OeKqCyeK5BTs6XbLN+70UO7R+orlh2F0=,iv:04N7t7lf0CG6Qbj3VqHmL9l+hl4PK6vahEHq8qJmjOs=,tag:x4H/oiDjvE/NzMKSeMO2NQ==,type:str]", | ||
3 | "sops": { | ||
4 | "kms": null, | ||
5 | "gcp_kms": null, | ||
6 | "azure_kv": null, | ||
7 | "hc_vault": null, | ||
8 | "age": null, | ||
9 | "lastmodified": "2022-02-22T14:12:08Z", | ||
10 | "mac": "ENC[AES256_GCM,data:At6rzhjC4EbtTjMaw44WKYNuT2XRniZpDAXGskxi9HW/xIQFghcWlgzXaddev5BUMkitz93gFCFD02YJOzOC12GXjDksoHGtvHKbxmodIgHTbhkXFYLe1JoFPrF14NsiIOmmoqcbrn03+iinNehkbJ2wXEkGyev4IMacQGqV7q0=,iv:7j26jeRvgBrnJRVHYay+3wug+IjOIpjFWLiccXD6Z8A=,tag:esnZH7MLQnqkxNVPdwmx8Q==,type:str]", | ||
11 | "pgp": [ | ||
12 | { | ||
13 | "created_at": "2022-02-22T14:12:08Z", | ||
14 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAvU6MNSb8ky78bJfnRRx14o4rA7Ezylbtc6cFUG+eGAow\nPvRGLI3qm36sDYXo6OHKS9A5DTxIQlQHQqj9U4CHGU/w4X8pCN2ulHkAh767DXV9\n0l4BHa/JTXNklF78vY3zUkySrIueA0QZXvmda2pcd3mO3M78J7812X9jCZ8LwrXz\nR3Wp77iQXW/0Tq83DMEkFwYmueFfZsCtRxQBL5f4NlyuLZizDb2s8YZzeRICz5w3\n=X6zh\n-----END PGP MESSAGE-----\n", | ||
15 | "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" | ||
16 | }, | ||
17 | { | ||
18 | "created_at": "2022-02-22T14:12:08Z", | ||
19 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAIbKybblH4bBEhKyup4r+KzKdHLZhBmR79o5A2DdD1mAw\n4KVInlvs+LAFksp1oCqSLd3r1foM3/QOrDdB1ExwTXrxlTgk/qM9eTXT4gIdXwt3\n0l4B5rqrDzCwp3DE2dC+UuBFB9g9YtF77xpfOFfcGLB3fKsPYEvrK6MwGMJqUtoI\nq19d8Cf/mir0mlYHBN+Vez/8jFi0HmrLlphhf4m0l0/6XNLdRbuSpb5T20ecJM2L\n=nRup\n-----END PGP MESSAGE-----\n", | ||
20 | "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" | ||
21 | } | ||
22 | ], | ||
23 | "unencrypted_suffix": "_unencrypted", | ||
24 | "version": "3.7.1" | ||
25 | } | ||
26 | } \ No newline at end of file | ||
diff --git a/hosts/surtr/dns/keys/dirty-haskell.org_acme.yaml b/hosts/surtr/dns/keys/dirty-haskell.org_acme.yaml new file mode 100644 index 00000000..0037910f --- /dev/null +++ b/hosts/surtr/dns/keys/dirty-haskell.org_acme.yaml | |||
@@ -0,0 +1,26 @@ | |||
1 | { | ||
2 | "data": "ENC[AES256_GCM,data:Jxsg5dW3bhJKRHvigf9F5xkp+KdOd8OKibc1rKrqzwUPZcdebpzijFQMA5hRHwTJKdoqmk/aWosmqfBgmrUr9lrDQH2g1IzLoLYxLc8ssUuH9T4lLDMkSRa3PjL0jpW5ezDSb2omhE4EAJvRZF2nn1VC/IhKNCpY4oI/bLCt6unPiVYMi1ot+9JAl+9eRJS5UIYWp1DC/0oi8Uv6Ci3VwLmOFg1I/YcvXDkNdi0QpcGH3Ok241/O0HiOSboOfqCIwTy5v4P+Poko3dl9t3SkZK65,iv:HC+PzqqLgLWGijHYDC6MvIaB8T/sI1c6vTCf10DApFg=,tag:75fmY73TKw6bNz/xJp8q0A==,type:str]", | ||
3 | "sops": { | ||
4 | "kms": null, | ||
5 | "gcp_kms": null, | ||
6 | "azure_kv": null, | ||
7 | "hc_vault": null, | ||
8 | "age": null, | ||
9 | "lastmodified": "2022-02-22T14:20:35Z", | ||
10 | "mac": "ENC[AES256_GCM,data:pbKzZIor1lRxI20O4yi+h2Vk6yOL1MtTstx5A4Byul06uZiGMrNMFyBaVvGbb8evch9ptYm4TNiWZ3T8xHYTwy4HGV5HgOOqY2vJNwTSJ6Yi0F34UCQMIPnXHT/sqL+T1/etV5zY1eQhH6L7lXPtIh7TiYhV8o5y7tpSwhq2RUY=,iv:ZYhhncJv4AOkKDon/DIAYJUgDN4C/iVyukMDaqzu3k8=,tag:v2U/hTaRxk47UG+E6D4ExQ==,type:str]", | ||
11 | "pgp": [ | ||
12 | { | ||
13 | "created_at": "2022-02-22T14:20:35Z", | ||
14 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdA/I9pk6iikcFckUsUigf3MJSL1JN6HHUIG/PKeOoEMx4w\n6MoYrjveZeXJbQLJHEVwkanElOfmb7jNFfDQntu6VIEwxvb2vdFDY43JgX6SAuLf\n0l4BvsQcSIPm/3jZu14kLjZgK/S6wrQKbUmymLVQSADwYP2sq+u710bYnRk/QxGG\nRwo82yKyBAZ+EK4DWxB6VtAry8LBYlKY8uhJ17f1/95tc+GeuHEEqzcllz+le67l\n=AxIv\n-----END PGP MESSAGE-----\n", | ||
15 | "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" | ||
16 | }, | ||
17 | { | ||
18 | "created_at": "2022-02-22T14:20:35Z", | ||
19 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdACQne60rRG40kMku2GFVQhsrpa3RLAgjJGt2oPKrkgQ0w\nVWHpGyfpg0urSkS7+qecfhqeKAkaQ6CF2F6w2fCgn6Xdw28vs4pro1lHWhwYD+XT\n0l4BtxoVpKHysoL4qO9dQLjwAjHAcYnMPaNONIQMvU8DNrJ9ZiHkzJZPNQOeYL97\nEJCWUkR7V0OP8syMIKy37ii3l2aJd58w1DUd90BwvBrv5JBbNxIPalhZKULWI96U\n=dovS\n-----END PGP MESSAGE-----\n", | ||
20 | "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" | ||
21 | } | ||
22 | ], | ||
23 | "unencrypted_suffix": "_unencrypted", | ||
24 | "version": "3.7.1" | ||
25 | } | ||
26 | } \ No newline at end of file | ||
diff --git a/hosts/surtr/dns/keys/kleen.li_acme.yaml b/hosts/surtr/dns/keys/kleen.li_acme.yaml new file mode 100644 index 00000000..18122f48 --- /dev/null +++ b/hosts/surtr/dns/keys/kleen.li_acme.yaml | |||
@@ -0,0 +1,26 @@ | |||
1 | { | ||
2 | "data": "ENC[AES256_GCM,data:ClN4TVWJoCYh6Rl/Vp+x+jPlIDkkz9SV7qzLBenjPDviIzkBqGmNwySsV5Dy/uxbrmNkc+C4sYkv+5H+3O7R1fWwTDlZuiWpd+lAJrco9f8CjyZku2RQi1UfP31z+/nAKo4wSy22++UfLmYR5NGWWB6pbfm/KL27vC75RNOvPZXhOBxxl5imObdY6i3cJ7A5e9PsbR7qZq+gFBtq7IisSHD1sDvpiOAcstKo8ITsZ5bXCYmrFiJ41LJNSINN+/mE,iv:a/T6pQGuDW3qBzr2y0GrPyeoMRlCI0VvKUZJQFGYTew=,tag:2rL3o/L+xYAsP/vWbWFsOw==,type:str]", | ||
3 | "sops": { | ||
4 | "kms": null, | ||
5 | "gcp_kms": null, | ||
6 | "azure_kv": null, | ||
7 | "hc_vault": null, | ||
8 | "age": null, | ||
9 | "lastmodified": "2022-02-22T14:43:57Z", | ||
10 | "mac": "ENC[AES256_GCM,data:KGOS17/BCjGbzBXOAJav9aAs1d0ymAISoAu14nGCVdxLrhySM+sRgoo7XO3kG5xCfIn7dJGMhC5vIyLoHLl7il0FuSjhFztr1AvSAvmb09CaQksj/KTSXk3N+Tp2++Lvn8xPtNGcYTu/pK+0WLC2jt52KcbsXTVRSMtZO59+ekg=,iv:l2tcVM8c1HkJ5W4rc8ZPffx5fzAKcn7IjgjU3zxSpdE=,tag:KRabrd9nNhqmN/2YtzzPig==,type:str]", | ||
11 | "pgp": [ | ||
12 | { | ||
13 | "created_at": "2022-02-22T14:43:57Z", | ||
14 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAyCmRdezTNHo04OWMJRfeOfkNwA8iN5ORlR4MSnxHvi8w\n5qxpEl+NtPyGunAOm58zc6Ai8+2yuXsCGoTVDar5jL1poNgYMecwCHkMopYBOreC\n0l4BcGGs4AkKTzqEU/tBe4YKqp/6QBZ3N0giPeGWedA248Vnz9Lq9eHynhCkCB1O\n8y0wUf6159s+00MEaMlAHODPKetBTve2xa8W+6OvQqIYSxaaTJ01cI9n1deYSa1e\n=ke67\n-----END PGP MESSAGE-----\n", | ||
15 | "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" | ||
16 | }, | ||
17 | { | ||
18 | "created_at": "2022-02-22T14:43:57Z", | ||
19 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAPlaZrCGl5FDZ3v+RG62I/FfyPA+qTepdegSTFo6m+lgw\nyEacJxkCO28hMsFgHhLXRveP7tKrWt7WAi91rU8j1LFrTLGV6PogA+jLGbAJeBQI\n0l4B8UDf/vNK7d1cWeScOO7a4HPsJ9jQDxEk3JB1c5funVqbK3h8HUMmbtbBABXF\n9ga0Ra4UC9s3pLUz8ykMQ5C/GCCd446HDHLbi9daXVTTGMnlkXhSgyA7VvCWUjnL\n=mwTD\n-----END PGP MESSAGE-----\n", | ||
20 | "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" | ||
21 | } | ||
22 | ], | ||
23 | "unencrypted_suffix": "_unencrypted", | ||
24 | "version": "3.7.1" | ||
25 | } | ||
26 | } \ No newline at end of file | ||
diff --git a/hosts/surtr/dns/keys/local_key.yaml b/hosts/surtr/dns/keys/knot_local.yaml index a170ff72..a170ff72 100644 --- a/hosts/surtr/dns/keys/local_key.yaml +++ b/hosts/surtr/dns/keys/knot_local.yaml | |||
diff --git a/hosts/surtr/dns/keys/nights.email_acme.yaml b/hosts/surtr/dns/keys/nights.email_acme.yaml new file mode 100644 index 00000000..5bf19aa9 --- /dev/null +++ b/hosts/surtr/dns/keys/nights.email_acme.yaml | |||
@@ -0,0 +1,26 @@ | |||
1 | { | ||
2 | "data": "ENC[AES256_GCM,data:HAAFVb+g52gyAhYLsuqsVI4rPyl+jRTGm41Pf+AOykWK9cythHSTiUeCJGKQMvmSqjsCFqwswJWaFwz9qbSzGcrcI3CVLpjbi++x9sv5xhV+bSX9ROqpNSOtgHp08irgCST+rFXtwj7VX3SYZnV8NyEPzyk8ztPBZpn0VHIt7tS+t/oT7GHqhe0c4Ct8FXVzEkfBC28CQdJaJw4m1ZSE00Lm/sFj0On2y2BZfMhq4a3SnE1ktZNVHyBbCdVrMs83Zjq09DBSLDo=,iv:iRR3JPrl0sGij4WUNRaFna9ijKfeIPZusAiCYuS/faw=,tag:+txhhwlBbzncdUhRd0b2Ew==,type:str]", | ||
3 | "sops": { | ||
4 | "kms": null, | ||
5 | "gcp_kms": null, | ||
6 | "azure_kv": null, | ||
7 | "hc_vault": null, | ||
8 | "age": null, | ||
9 | "lastmodified": "2022-02-22T14:44:08Z", | ||
10 | "mac": "ENC[AES256_GCM,data:zsV4ZC/+H0d5EVRsGy7niGAXjhw9iEJ2IIT3ED8OaYd/TNDu/pCyCH5YvSnCGfi8/d4caaCUhUUKMCz8SG46lmvVPqHz516MfS2/lp21py8LhGuHReeAa6/xFrbBDmuECiY7RHv8tm8VnwQHOlZNFUpCIJufeZQUoAcYPXW+L7s=,iv:1wq8YlBhnzV6fofpA1QfX4mDcxJyzQUv+HphyjsvzcA=,tag:CEZIlqv0VfyKkFLxH3VK+A==,type:str]", | ||
11 | "pgp": [ | ||
12 | { | ||
13 | "created_at": "2022-02-22T14:44:08Z", | ||
14 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdA4RV9j0rSlCLozIMcNjo3GokziWshqVqu1WWuPDPpimMw\nZs/OH5ejj7cLMl/BddTZ8AAUrjAskRj3aqwYAt+BBc8dZYFVcuRuZzSGGSkMy6VN\n0l4BCBTyyU21D0uv6EEzqG4yiiOfs5JZmny3B7wMc0qh1vK4qClF4IUPmEvEpGuR\nTBOICnfuenUaDktMHixqgXFKx7SSF+8Qs0anlSP6OG8s2G82I2f2cN7lozdgGppG\n=WZxx\n-----END PGP MESSAGE-----\n", | ||
15 | "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" | ||
16 | }, | ||
17 | { | ||
18 | "created_at": "2022-02-22T14:44:08Z", | ||
19 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAAgoEDDUeIWqxm64kZ3DLaki5V5MFF3c7Kl/TbbmoKSww\nlZyHJtSACTrwfGBMAN+1NSKkTLTlE/q2FN7CtjfTyAWC0JLU9r3u5FVpQAXbBlht\n0l4BN8jltnkwlgw/CkKoq9rDHxfavDjfNBuSp4+8gzHj5XAvrKZKRWu0/T9LCr2A\nEon5f4kkjm99fiZVbojhjMM9drUrpaiofzMGvZeYgESRSmhTeLa1Qu6u7wb9ARkl\n=fqR3\n-----END PGP MESSAGE-----\n", | ||
20 | "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" | ||
21 | } | ||
22 | ], | ||
23 | "unencrypted_suffix": "_unencrypted", | ||
24 | "version": "3.7.1" | ||
25 | } | ||
26 | } \ No newline at end of file | ||
diff --git a/hosts/surtr/dns/keys/praseodym.org_acme.yaml b/hosts/surtr/dns/keys/praseodym.org_acme.yaml new file mode 100644 index 00000000..ab0000c9 --- /dev/null +++ b/hosts/surtr/dns/keys/praseodym.org_acme.yaml | |||
@@ -0,0 +1,26 @@ | |||
1 | { | ||
2 | "data": "ENC[AES256_GCM,data:c2hvYDv13AuxudKvGtbSYngACzJroxw9P98N/a8p9wB3K98vPY60JTVMxZkPQTbJGGCbi+FfqnezVSHNiSYtrD7RMeoh+BbOXfrWCkPUQ8vKP0P0F6CO3K3orFSckeSgi/NrkO9OD+8m2y19QGkgxd+BNs8KjCSYWruyt3kCuDvDN26vQY9AWD6HcPr/trDEY5uepQwjJFL4mT9JGGB5/B7G0d6VA61soJxVTdxp8oCzRGcSjaVoPlr77A8GDOJfFYviVfniLqZc6Q==,iv:MqhPxouSV5nQWXptSlINyW+AB5pwUVnSFT6R0+VZO0c=,tag:4p0wypyqWRk+ussoi9OXPw==,type:str]", | ||
3 | "sops": { | ||
4 | "kms": null, | ||
5 | "gcp_kms": null, | ||
6 | "azure_kv": null, | ||
7 | "hc_vault": null, | ||
8 | "age": null, | ||
9 | "lastmodified": "2022-02-22T14:43:36Z", | ||
10 | "mac": "ENC[AES256_GCM,data:YqS+uQXyBP0BMdz9R/SxjidSo7pVUFW78M8cPX6z55+j1gGKfDhEwQMUNZaGly1bvoma+a63NjUi4O4iEYR46fC3PUsVaf8S3Uqk0KYWIedDr9XqAxPBnb6wWFrNo4wwgq2mhaIitziK1QC6pdAgS/iNlGNNbCCbYmjzMLzQc8Q=,iv:BraowcHMeSQfImK1sONbefGIn2VWVGzLBBFLDwYGf10=,tag:oXvnGalny9kvvQpKMx8OcA==,type:str]", | ||
11 | "pgp": [ | ||
12 | { | ||
13 | "created_at": "2022-02-22T14:43:36Z", | ||
14 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAWVg759WL5YeSVLnx4g7PlD0DKo1+zBiZUOgnf9RHnl4w\n5wLTfTaYvXhd8j8y359dbvDER4r9isbpBfVZP+MGP4d3FdLgJCKm5WV6K5ES0bFN\n0l4BUX/KQeh0t/Phy2GZkmFyKu+3nr5Jl+veKIWJLZEfUCILX8c+X3e/4bZr8++n\nR2u5ZrFBENtaGxIdUpkxemQhGtd7BGtXyy/aCjRKY3MbCj4pmnAyushPaMC1+igp\n=LMQ4\n-----END PGP MESSAGE-----\n", | ||
15 | "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" | ||
16 | }, | ||
17 | { | ||
18 | "created_at": "2022-02-22T14:43:36Z", | ||
19 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAxpKmbaTfh5aDBOZWebVK/eA3T5sxS5fbW+cE/I54zF0w\ne0QDeamgTVrMQaDH1zCqoJcFNNkWnTErQVaOMSDBlwuFQ7KaoghONl8qCbY60MuI\n0l4Bt++Iu5e3bOLOkdl+RugclmGHpdpHAuJxbcnw88BKV/gYX1ntNEGgMHGcOl4R\nC8JjHYFdOtohPAUEbWf1ogkllwxxkCttWGFa01hL6W+ogJxGFhRcOm/zcjBE/3Vm\n=MKMA\n-----END PGP MESSAGE-----\n", | ||
20 | "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" | ||
21 | } | ||
22 | ], | ||
23 | "unencrypted_suffix": "_unencrypted", | ||
24 | "version": "3.7.1" | ||
25 | } | ||
26 | } \ No newline at end of file | ||
diff --git a/hosts/surtr/dns/keys/xmpp.li_acme.yaml b/hosts/surtr/dns/keys/xmpp.li_acme.yaml new file mode 100644 index 00000000..7d85bd25 --- /dev/null +++ b/hosts/surtr/dns/keys/xmpp.li_acme.yaml | |||
@@ -0,0 +1,26 @@ | |||
1 | { | ||
2 | "data": "ENC[AES256_GCM,data:kivOcI972j/fbloZCjH+nD9mBnk5s25NA+WDud3Hhfk3C70GhGKQaTHgnNIH11z9Pst4DX4liAvFjCzGP/sUGQuJmEfIHKckAOMrz8m5796fUIAZjrH36/NwB7Ytk2pYKy3lGZgO+CAxDvH/pzxD6WQPoVrgnyM3rjw7rgKLTMr94mp8ui9j4DdIwScwyWhOit8WrivDVwnNOz8GpxI45qogyeYMRESfeka3brzXVJ871nLjhbokcrKsja7Yiw==,iv:HkS/b5YjJ7iS4hYIOl5DACf9g2zoTO7cEIKdocKzWpo=,tag:HFLzoTJu+i6nmT9NNC6NAg==,type:str]", | ||
3 | "sops": { | ||
4 | "kms": null, | ||
5 | "gcp_kms": null, | ||
6 | "azure_kv": null, | ||
7 | "hc_vault": null, | ||
8 | "age": null, | ||
9 | "lastmodified": "2022-02-22T14:43:10Z", | ||
10 | "mac": "ENC[AES256_GCM,data:RQ9MBn/V8k41ax6KKlCmtCwlVMBsSzYtsG1zpwIutmuWRb39n2v/1oolW3hRkagSS7Q2Nu03d7L09KntAv77yjFKRYwMI3CFqU1JTsKYmW8c3ggTMS9RXFme+tAk85Wl33QzCnIYgI071tgmnlzct8yimh/oR2XyvMrMXm6IsbI=,iv:I6Dxhv0Up7LVUZ7j7SD3gCsiqsCYh3N0GtMuxnMcctg=,tag:I5OqFU1WPBM/m/6OPpUdow==,type:str]", | ||
11 | "pgp": [ | ||
12 | { | ||
13 | "created_at": "2022-02-22T14:43:10Z", | ||
14 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdANreqp4K9J56f70slxXnpJfHu5evjcVByLbHVYav0FlMw\n17qsPAAo4F0mj0zatV5EfnfYuNSsXR3j/9YocSHcMvBVzLsYdtV61fVtSrHiLt2a\n0lwBTfysYjor4J5h7G6ew7f1zicup3t9/ZPT2Q5fneRukpKExyM8o2ldjjRW7bq3\nt9kbihbTtB2t6k4iZUQRoYsfBKcM3hHeszv2W0xN9yOa/C5M8mOGNDJi48dEDQ==\n=3MEN\n-----END PGP MESSAGE-----\n", | ||
15 | "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" | ||
16 | }, | ||
17 | { | ||
18 | "created_at": "2022-02-22T14:43:10Z", | ||
19 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdARVdKf6ppaqBQnaJ7WhwBPcdnbmjom9aNrXtymThq3TEw\nnjH6Emd1QLBaXGr1Eb7RNzrWkrU1P+n3ihLEvW0easkceRv8T3+xID1E/+6R06JK\n0lwBw53C9ExWPpy8CUGs6HeOK901cRRV6XWErHXF4QVSoqhNXjjJTzUmf+7zxKnR\npCZL0HOykPazHmkZHcKvkGSKoEiDmK/wStQwHoO+pLGbUvbsCX+GMlYV6ySljw==\n=RPEC\n-----END PGP MESSAGE-----\n", | ||
20 | "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" | ||
21 | } | ||
22 | ], | ||
23 | "unencrypted_suffix": "_unencrypted", | ||
24 | "version": "3.7.1" | ||
25 | } | ||
26 | } \ No newline at end of file | ||
diff --git a/hosts/surtr/dns/keys/yggdrasil.li_acme.yaml b/hosts/surtr/dns/keys/yggdrasil.li_acme.yaml new file mode 100644 index 00000000..0eb8f2f4 --- /dev/null +++ b/hosts/surtr/dns/keys/yggdrasil.li_acme.yaml | |||
@@ -0,0 +1,26 @@ | |||
1 | { | ||
2 | "data": "ENC[AES256_GCM,data:QhWlBM7VZOagGaQICX31aaC69E00xUcVMvusxLLSz4mNy2B0l1Ngp7XGONI5+viq+nq/P9KytxoFybGwxjnxEcu++efsc+BjbKuylzq93rspQOoI/WjRxE/DoZCWQzK/UKWd1x1L3a/1+9IfKswkBEesgWx0Ug/bLlbr7GfQ3cpI6EwRGMba4VzfdmWPYAqAsfJmmOIY/WTShUEVbAmYQuUMhmZ9geWfjHonX42w7G8ICtlPcMc68ApK0nuhgKpzKisfHC/ddg8=,iv:rOePsUqnm0SSxHm4lc4Ikq9tbOnIgunIw3tqeFsEFTs=,tag:ESzqhFRmTUBvZQBzISQ2Qg==,type:str]", | ||
3 | "sops": { | ||
4 | "kms": null, | ||
5 | "gcp_kms": null, | ||
6 | "azure_kv": null, | ||
7 | "hc_vault": null, | ||
8 | "age": null, | ||
9 | "lastmodified": "2022-02-22T14:43:23Z", | ||
10 | "mac": "ENC[AES256_GCM,data:g2DNekY/VbytxwTxxIgXH+RldXCab3wtx5cOYriKxC6MDr3/E1A/rZm6nWqRI6lvD/dsmLsYmfvwEpfkTMvSi3/kFJZSr2y0wUBHMsZSs2cqtmZ7i+9YHMLrb//KTbkZHFw/NiH2pra29oFN1vdVrHwMvf0uVazBXyHABSb+DJE=,iv:jc+4u9sgWfBpF4lJtv2T6vxN5xhG/z7Vf3eADI37rKo=,tag:hhaDRwsOgCUoTDHdr8y9DQ==,type:str]", | ||
11 | "pgp": [ | ||
12 | { | ||
13 | "created_at": "2022-02-22T14:43:23Z", | ||
14 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAzEmCD9ROaiWV0ludmvPP0qGXznkk2J6bQQr0rWCZv2Yw\nF9JbGeiFyqnlPJKDs6rQyIzqmK/1IDjLNJ7KArQaJX5Htua64Iyb1M+Rxc8ugG52\n0l4BPxSJ76HAI0iHLM0UdGRfeyyYuwnShaqM5X4qEQu7Mh7L83s8Ym8a4tJpv+Zq\nGh1Uz7G+MyevcAT4J+bZY5VDyk6rwuMpS4mrzIMl30gkoiorQMyoSmji4ymLJ8NS\n=tRMa\n-----END PGP MESSAGE-----\n", | ||
15 | "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" | ||
16 | }, | ||
17 | { | ||
18 | "created_at": "2022-02-22T14:43:23Z", | ||
19 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAmy1AUOAkS9tkTu+GbDAS7SD+cT83CnRYd1O1ZG+eYwcw\nou88Nz3AGUcSa99om+yVY22nvztrIDOmqMih27ArB1Ruqhh4l4cm4mMrt35Jgezv\n0l4BiKZMHk6cwYGDopEfGU9m1l7lWZJofYIJZ8W0WSUtbHBXzZjwh5N7rh6EF2Te\njRJ72f6+/IaVeyhQjZocwQvFr0mfezontWlJb8hTOGBiWt16UPZ2UUgWMNIhepcy\n=AlJs\n-----END PGP MESSAGE-----\n", | ||
20 | "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" | ||
21 | } | ||
22 | ], | ||
23 | "unencrypted_suffix": "_unencrypted", | ||
24 | "version": "3.7.1" | ||
25 | } | ||
26 | } \ No newline at end of file | ||
diff --git a/hosts/surtr/dns/zones/email.nights.soa b/hosts/surtr/dns/zones/email.nights.soa index 0beba77a..84ea61cc 100644 --- a/hosts/surtr/dns/zones/email.nights.soa +++ b/hosts/surtr/dns/zones/email.nights.soa | |||
@@ -1,7 +1,7 @@ | |||
1 | $ORIGIN nights.email. | 1 | $ORIGIN nights.email. |
2 | $TTL 3600 | 2 | $TTL 3600 |
3 | @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( | 3 | @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( |
4 | 2022022102 ; serial | 4 | 2022022200 ; serial |
5 | 10800 ; refresh | 5 | 10800 ; refresh |
6 | 3600 ; retry | 6 | 3600 ; retry |
7 | 604800 ; expire | 7 | 604800 ; expire |
@@ -25,6 +25,8 @@ $TTL 3600 | |||
25 | * IN MX 0 ymir.yggdrasil.li. | 25 | * IN MX 0 ymir.yggdrasil.li. |
26 | * IN TXT "v=spf1 redirect=yggdrasil.li" | 26 | * IN TXT "v=spf1 redirect=yggdrasil.li" |
27 | 27 | ||
28 | _acme-challenge IN NS ns.yggdrasil.li. | ||
29 | |||
28 | ymir._domainkey IN TXT ( | 30 | ymir._domainkey IN TXT ( |
29 | "v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq3cCKlk+VPhyAanLZTM0BCzUT/+fmxHioZcFk0uJk1akBYj7BRofR7eVNcLKpm3rwYMQgE+9vJH9p8SV6tws9EcWc8SMCqqGZlREYM7PmLDiTSK/vjCzkygfgFCb0EBNsY2A/fpP4rTeoxrbcBSvMkq97iY5rwyw4wXZVZXLiDaCj23s8POoxTk1ClqUJZJQ5x2" | 31 | "v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq3cCKlk+VPhyAanLZTM0BCzUT/+fmxHioZcFk0uJk1akBYj7BRofR7eVNcLKpm3rwYMQgE+9vJH9p8SV6tws9EcWc8SMCqqGZlREYM7PmLDiTSK/vjCzkygfgFCb0EBNsY2A/fpP4rTeoxrbcBSvMkq97iY5rwyw4wXZVZXLiDaCj23s8POoxTk1ClqUJZJQ5x2" |
30 | "qzrC0RfN5kLZ9A7Gq2jB09vNxpXHYqABA0bJv88JiZM7hfkp9IafJZ+yCVMaBcJs4DAxnTjNAuFD9gm+qSFVY8+yeXqL6Qjo5PbruhyZRBW8RgRYT8t5n07XRglMGKKGMwOGLanrltcyXqB+GsDZBD36RAAwjFadnxdpDyRv4SgRP7ff2tKRrORYpmpN+mKdqw5j3J/nP6bXV1oAkyh9XQkPEIDi81WT87EZziTElDzVp6A2qFOxqucAovoRk24" | 32 | "qzrC0RfN5kLZ9A7Gq2jB09vNxpXHYqABA0bJv88JiZM7hfkp9IafJZ+yCVMaBcJs4DAxnTjNAuFD9gm+qSFVY8+yeXqL6Qjo5PbruhyZRBW8RgRYT8t5n07XRglMGKKGMwOGLanrltcyXqB+GsDZBD36RAAwjFadnxdpDyRv4SgRP7ff2tKRrORYpmpN+mKdqw5j3J/nP6bXV1oAkyh9XQkPEIDi81WT87EZziTElDzVp6A2qFOxqucAovoRk24" |
diff --git a/hosts/surtr/dns/zones/li.141.soa b/hosts/surtr/dns/zones/li.141.soa index fbff1cad..9419a4ad 100644 --- a/hosts/surtr/dns/zones/li.141.soa +++ b/hosts/surtr/dns/zones/li.141.soa | |||
@@ -1,7 +1,7 @@ | |||
1 | $ORIGIN 141.li. | 1 | $ORIGIN 141.li. |
2 | $TTL 3600 | 2 | $TTL 3600 |
3 | @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( | 3 | @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( |
4 | 2022022200 ; serial | 4 | 2022022201 ; serial |
5 | 10800 ; refresh | 5 | 10800 ; refresh |
6 | 3600 ; retry | 6 | 3600 ; retry |
7 | 604800 ; expire | 7 | 604800 ; expire |
@@ -25,6 +25,8 @@ $TTL 3600 | |||
25 | * IN MX 0 ymir.yggdrasil.li. | 25 | * IN MX 0 ymir.yggdrasil.li. |
26 | * IN TXT "v=spf1 redirect=yggdrasil.li" | 26 | * IN TXT "v=spf1 redirect=yggdrasil.li" |
27 | 27 | ||
28 | _acme-challenge IN NS ns.yggdrasil.li. | ||
29 | |||
28 | surtr IN A 202.61.241.61 | 30 | surtr IN A 202.61.241.61 |
29 | surtr IN AAAA 2a03:4000:52:ada:: | 31 | surtr IN AAAA 2a03:4000:52:ada:: |
30 | surtr IN MX 0 ymir.yggdrasil.li | 32 | surtr IN MX 0 ymir.yggdrasil.li |
diff --git a/hosts/surtr/dns/zones/li.kleen.soa b/hosts/surtr/dns/zones/li.kleen.soa index eb998795..2e6326a4 100644 --- a/hosts/surtr/dns/zones/li.kleen.soa +++ b/hosts/surtr/dns/zones/li.kleen.soa | |||
@@ -1,7 +1,7 @@ | |||
1 | $ORIGIN kleen.li. | 1 | $ORIGIN kleen.li. |
2 | $TTL 3600 | 2 | $TTL 3600 |
3 | @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( | 3 | @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( |
4 | 2022022102 ; serial | 4 | 2022022200 ; serial |
5 | 10800 ; refresh | 5 | 10800 ; refresh |
6 | 3600 ; retry | 6 | 3600 ; retry |
7 | 604800 ; expire | 7 | 604800 ; expire |
@@ -25,6 +25,8 @@ $TTL 3600 | |||
25 | * IN MX 0 ymir.yggdrasil.li. | 25 | * IN MX 0 ymir.yggdrasil.li. |
26 | * IN TXT "v=spf1 redirect=yggdrasil.li" | 26 | * IN TXT "v=spf1 redirect=yggdrasil.li" |
27 | 27 | ||
28 | _acme-challenge IN NS ns.yggdrasil.li. | ||
29 | |||
28 | ymir._domainkey IN TXT ( | 30 | ymir._domainkey IN TXT ( |
29 | "v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq3cCKlk+VPhyAanLZTM0BCzUT/+fmxHioZcFk0uJk1akBYj7BRofR7eVNcLKpm3rwYMQgE+9vJH9p8SV6tws9EcWc8SMCqqGZlREYM7PmLDiTSK/vjCzkygfgFCb0EBNsY2A/fpP4rTeoxrbcBSvMkq97iY5rwyw4wXZVZXLiDaCj23s8POoxTk1ClqUJZJQ5x2" | 31 | "v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq3cCKlk+VPhyAanLZTM0BCzUT/+fmxHioZcFk0uJk1akBYj7BRofR7eVNcLKpm3rwYMQgE+9vJH9p8SV6tws9EcWc8SMCqqGZlREYM7PmLDiTSK/vjCzkygfgFCb0EBNsY2A/fpP4rTeoxrbcBSvMkq97iY5rwyw4wXZVZXLiDaCj23s8POoxTk1ClqUJZJQ5x2" |
30 | "qzrC0RfN5kLZ9A7Gq2jB09vNxpXHYqABA0bJv88JiZM7hfkp9IafJZ+yCVMaBcJs4DAxnTjNAuFD9gm+qSFVY8+yeXqL6Qjo5PbruhyZRBW8RgRYT8t5n07XRglMGKKGMwOGLanrltcyXqB+GsDZBD36RAAwjFadnxdpDyRv4SgRP7ff2tKRrORYpmpN+mKdqw5j3J/nP6bXV1oAkyh9XQkPEIDi81WT87EZziTElDzVp6A2qFOxqucAovoRk24" | 32 | "qzrC0RfN5kLZ9A7Gq2jB09vNxpXHYqABA0bJv88JiZM7hfkp9IafJZ+yCVMaBcJs4DAxnTjNAuFD9gm+qSFVY8+yeXqL6Qjo5PbruhyZRBW8RgRYT8t5n07XRglMGKKGMwOGLanrltcyXqB+GsDZBD36RAAwjFadnxdpDyRv4SgRP7ff2tKRrORYpmpN+mKdqw5j3J/nP6bXV1oAkyh9XQkPEIDi81WT87EZziTElDzVp6A2qFOxqucAovoRk24" |
diff --git a/hosts/surtr/dns/zones/li.xmpp.soa b/hosts/surtr/dns/zones/li.xmpp.soa index 08c38bc4..7a10c957 100644 --- a/hosts/surtr/dns/zones/li.xmpp.soa +++ b/hosts/surtr/dns/zones/li.xmpp.soa | |||
@@ -1,7 +1,7 @@ | |||
1 | $ORIGIN xmpp.li. | 1 | $ORIGIN xmpp.li. |
2 | $TTL 3600 | 2 | $TTL 3600 |
3 | @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( | 3 | @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( |
4 | 2022022102 ; serial | 4 | 2022022200 ; serial |
5 | 10800 ; refresh | 5 | 10800 ; refresh |
6 | 3600 ; retry | 6 | 3600 ; retry |
7 | 604800 ; expire | 7 | 604800 ; expire |
@@ -25,6 +25,8 @@ $TTL 3600 | |||
25 | * IN MX 0 ymir.yggdrasil.li. | 25 | * IN MX 0 ymir.yggdrasil.li. |
26 | * IN TXT "v=spf1 redirect=yggdrasil.li" | 26 | * IN TXT "v=spf1 redirect=yggdrasil.li" |
27 | 27 | ||
28 | _acme-challenge IN NS ns.yggdrasil.li. | ||
29 | |||
28 | ymir._domainkey IN TXT ( | 30 | ymir._domainkey IN TXT ( |
29 | "v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq3cCKlk+VPhyAanLZTM0BCzUT/+fmxHioZcFk0uJk1akBYj7BRofR7eVNcLKpm3rwYMQgE+9vJH9p8SV6tws9EcWc8SMCqqGZlREYM7PmLDiTSK/vjCzkygfgFCb0EBNsY2A/fpP4rTeoxrbcBSvMkq97iY5rwyw4wXZVZXLiDaCj23s8POoxTk1ClqUJZJQ5x2" | 31 | "v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq3cCKlk+VPhyAanLZTM0BCzUT/+fmxHioZcFk0uJk1akBYj7BRofR7eVNcLKpm3rwYMQgE+9vJH9p8SV6tws9EcWc8SMCqqGZlREYM7PmLDiTSK/vjCzkygfgFCb0EBNsY2A/fpP4rTeoxrbcBSvMkq97iY5rwyw4wXZVZXLiDaCj23s8POoxTk1ClqUJZJQ5x2" |
30 | "qzrC0RfN5kLZ9A7Gq2jB09vNxpXHYqABA0bJv88JiZM7hfkp9IafJZ+yCVMaBcJs4DAxnTjNAuFD9gm+qSFVY8+yeXqL6Qjo5PbruhyZRBW8RgRYT8t5n07XRglMGKKGMwOGLanrltcyXqB+GsDZBD36RAAwjFadnxdpDyRv4SgRP7ff2tKRrORYpmpN+mKdqw5j3J/nP6bXV1oAkyh9XQkPEIDi81WT87EZziTElDzVp6A2qFOxqucAovoRk24" | 32 | "qzrC0RfN5kLZ9A7Gq2jB09vNxpXHYqABA0bJv88JiZM7hfkp9IafJZ+yCVMaBcJs4DAxnTjNAuFD9gm+qSFVY8+yeXqL6Qjo5PbruhyZRBW8RgRYT8t5n07XRglMGKKGMwOGLanrltcyXqB+GsDZBD36RAAwjFadnxdpDyRv4SgRP7ff2tKRrORYpmpN+mKdqw5j3J/nP6bXV1oAkyh9XQkPEIDi81WT87EZziTElDzVp6A2qFOxqucAovoRk24" |
diff --git a/hosts/surtr/dns/zones/li.yggdrasil.soa b/hosts/surtr/dns/zones/li.yggdrasil.soa index 0cd26ec1..8fbfd98f 100644 --- a/hosts/surtr/dns/zones/li.yggdrasil.soa +++ b/hosts/surtr/dns/zones/li.yggdrasil.soa | |||
@@ -1,7 +1,7 @@ | |||
1 | $ORIGIN yggdrasil.li. | 1 | $ORIGIN yggdrasil.li. |
2 | $TTL 3600 | 2 | $TTL 3600 |
3 | @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( | 3 | @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( |
4 | 2022022102 ; serial | 4 | 2022022200 ; serial |
5 | 10800 ; refresh | 5 | 10800 ; refresh |
6 | 3600 ; retry | 6 | 3600 ; retry |
7 | 604800 ; expire | 7 | 604800 ; expire |
@@ -28,6 +28,8 @@ ns IN AAAA 2a03:4000:52:ada:: | |||
28 | * IN MX 0 ymir.yggdrasil.li. | 28 | * IN MX 0 ymir.yggdrasil.li. |
29 | * IN TXT "v=spf1 redirect=yggdrasil.li" | 29 | * IN TXT "v=spf1 redirect=yggdrasil.li" |
30 | 30 | ||
31 | _acme-challenge IN NS ns.yggdrasil.li. | ||
32 | |||
31 | ymir IN A 188.68.51.254 | 33 | ymir IN A 188.68.51.254 |
32 | ymir IN AAAA 2a03:4000:6:d004:: | 34 | ymir IN AAAA 2a03:4000:6:d004:: |
33 | ymir IN MX 0 ymir.yggdrasil.li. | 35 | ymir IN MX 0 ymir.yggdrasil.li. |
diff --git a/hosts/surtr/dns/zones/org.dirty-haskell.soa b/hosts/surtr/dns/zones/org.dirty-haskell.soa index ea7e0010..558d9817 100644 --- a/hosts/surtr/dns/zones/org.dirty-haskell.soa +++ b/hosts/surtr/dns/zones/org.dirty-haskell.soa | |||
@@ -1,7 +1,7 @@ | |||
1 | $ORIGIN dirty-haskell.org. | 1 | $ORIGIN dirty-haskell.org. |
2 | $TTL 3600 | 2 | $TTL 3600 |
3 | @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( | 3 | @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( |
4 | 2022022102 ; serial | 4 | 2022022200 ; serial |
5 | 10800 ; refresh | 5 | 10800 ; refresh |
6 | 3600 ; retry | 6 | 3600 ; retry |
7 | 604800 ; expire | 7 | 604800 ; expire |
@@ -25,6 +25,8 @@ $TTL 3600 | |||
25 | * IN MX 0 ymir.yggdrasil.li. | 25 | * IN MX 0 ymir.yggdrasil.li. |
26 | * IN TXT "v=spf1 redirect=yggdrasil.li" | 26 | * IN TXT "v=spf1 redirect=yggdrasil.li" |
27 | 27 | ||
28 | _acme-challenge IN NS ns.yggdrasil.li. | ||
29 | |||
28 | ymir._domainkey IN TXT ( | 30 | ymir._domainkey IN TXT ( |
29 | "v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq3cCKlk+VPhyAanLZTM0BCzUT/+fmxHioZcFk0uJk1akBYj7BRofR7eVNcLKpm3rwYMQgE+9vJH9p8SV6tws9EcWc8SMCqqGZlREYM7PmLDiTSK/vjCzkygfgFCb0EBNsY2A/fpP4rTeoxrbcBSvMkq97iY5rwyw4wXZVZXLiDaCj23s8POoxTk1ClqUJZJQ5x2" | 31 | "v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq3cCKlk+VPhyAanLZTM0BCzUT/+fmxHioZcFk0uJk1akBYj7BRofR7eVNcLKpm3rwYMQgE+9vJH9p8SV6tws9EcWc8SMCqqGZlREYM7PmLDiTSK/vjCzkygfgFCb0EBNsY2A/fpP4rTeoxrbcBSvMkq97iY5rwyw4wXZVZXLiDaCj23s8POoxTk1ClqUJZJQ5x2" |
30 | "qzrC0RfN5kLZ9A7Gq2jB09vNxpXHYqABA0bJv88JiZM7hfkp9IafJZ+yCVMaBcJs4DAxnTjNAuFD9gm+qSFVY8+yeXqL6Qjo5PbruhyZRBW8RgRYT8t5n07XRglMGKKGMwOGLanrltcyXqB+GsDZBD36RAAwjFadnxdpDyRv4SgRP7ff2tKRrORYpmpN+mKdqw5j3J/nP6bXV1oAkyh9XQkPEIDi81WT87EZziTElDzVp6A2qFOxqucAovoRk24" | 32 | "qzrC0RfN5kLZ9A7Gq2jB09vNxpXHYqABA0bJv88JiZM7hfkp9IafJZ+yCVMaBcJs4DAxnTjNAuFD9gm+qSFVY8+yeXqL6Qjo5PbruhyZRBW8RgRYT8t5n07XRglMGKKGMwOGLanrltcyXqB+GsDZBD36RAAwjFadnxdpDyRv4SgRP7ff2tKRrORYpmpN+mKdqw5j3J/nP6bXV1oAkyh9XQkPEIDi81WT87EZziTElDzVp6A2qFOxqucAovoRk24" |
diff --git a/hosts/surtr/dns/zones/org.praseodym.soa b/hosts/surtr/dns/zones/org.praseodym.soa index 72f380bb..08f5d16d 100644 --- a/hosts/surtr/dns/zones/org.praseodym.soa +++ b/hosts/surtr/dns/zones/org.praseodym.soa | |||
@@ -1,7 +1,7 @@ | |||
1 | $ORIGIN praseodym.org. | 1 | $ORIGIN praseodym.org. |
2 | $TTL 3600 | 2 | $TTL 3600 |
3 | @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( | 3 | @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( |
4 | 2022022102 ; serial | 4 | 2022022200 ; serial |
5 | 10800 ; refresh | 5 | 10800 ; refresh |
6 | 3600 ; retry | 6 | 3600 ; retry |
7 | 604800 ; expire | 7 | 604800 ; expire |
@@ -25,6 +25,8 @@ $TTL 3600 | |||
25 | * IN MX 0 ymir.yggdrasil.li. | 25 | * IN MX 0 ymir.yggdrasil.li. |
26 | * IN TXT "v=spf1 redirect=yggdrasil.li" | 26 | * IN TXT "v=spf1 redirect=yggdrasil.li" |
27 | 27 | ||
28 | _acme-challenge IN NS ns.yggdrasil.li. | ||
29 | |||
28 | surtr IN A 202.61.241.61 | 30 | surtr IN A 202.61.241.61 |
29 | surtr IN AAAA 2a03:4000:52:ada:: | 31 | surtr IN AAAA 2a03:4000:52:ada:: |
30 | surtr IN MX 0 ymir.yggdrasil.li | 32 | surtr IN MX 0 ymir.yggdrasil.li |
diff --git a/hosts/surtr/tls/Gupfile b/hosts/surtr/tls/Gupfile new file mode 100644 index 00000000..13ba8cf6 --- /dev/null +++ b/hosts/surtr/tls/Gupfile | |||
@@ -0,0 +1,2 @@ | |||
1 | tsig_key.gup: | ||
2 | tsig_keys/* \ No newline at end of file | ||
diff --git a/hosts/surtr/tls/default.nix b/hosts/surtr/tls/default.nix index 01c9050e..b28d33e9 100644 --- a/hosts/surtr/tls/default.nix +++ b/hosts/surtr/tls/default.nix | |||
@@ -8,51 +8,6 @@ let | |||
8 | tsigSecretName = domain: "${domain}_tsig-secret"; | 8 | tsigSecretName = domain: "${domain}_tsig-secret"; |
9 | 9 | ||
10 | cfg = config.security.acme; | 10 | cfg = config.security.acme; |
11 | knotCfg = config.services.knot; | ||
12 | |||
13 | knotDNSCredentials = domain: let | ||
14 | zone = if cfg.domains.${domain}.zone == null then domain else cfg.domains.${domain}.zone; | ||
15 | in pkgs.writeText "lego-credentials" '' | ||
16 | EXEC_PATH=${knotDNSExec zone}/bin/update-dns.sh | ||
17 | EXEC_PROPAGATION_TIMEOUT=300 | ||
18 | EXEC_POLLING_INTERVAL=5 | ||
19 | ''; | ||
20 | knotDNSExec = zone: pkgs.writeScriptBin "update-dns.sh" '' | ||
21 | #!${pkgs.zsh}/bin/zsh -xe | ||
22 | |||
23 | mode=$1 | ||
24 | fqdn=$2 | ||
25 | challenge=$3 | ||
26 | |||
27 | owner=''${fqdn%".${zone}."} | ||
28 | |||
29 | commited= | ||
30 | function abort() { | ||
31 | [[ -n "''${commited}" ]] || ${knotCfg.cliWrappers}/bin/knotc zone-abort "${zone}" | ||
32 | } | ||
33 | |||
34 | ${knotCfg.cliWrappers}/bin/knotc zone-begin "${zone}" | ||
35 | trap abort EXIT | ||
36 | |||
37 | case "''${mode}" in | ||
38 | present) | ||
39 | if ${knotCfg.cliWrappers}/bin/knotc zone-get ${zone} "''${owner}" TXT; then | ||
40 | ${knotCfg.cliWrappers}/bin/knotc zone-unset ${zone} "''${owner}" TXT '""' | ||
41 | fi | ||
42 | ${knotCfg.cliWrappers}/bin/knotc zone-set ${zone} "''${owner}" 30 TXT "''${challenge}" | ||
43 | ;; | ||
44 | cleanup) | ||
45 | ${knotCfg.cliWrappers}/bin/knotc zone-unset ${zone} "''${owner}" TXT "''${challenge}" | ||
46 | ${knotCfg.cliWrappers}/bin/knotc zone-set ${zone} "''${owner}" 30 TXT '""' | ||
47 | ;; | ||
48 | *) | ||
49 | exit 2 | ||
50 | ;; | ||
51 | esac | ||
52 | |||
53 | ${knotCfg.cliWrappers}/bin/knotc zone-commit "${zone}" | ||
54 | commited=yes | ||
55 | ''; | ||
56 | 11 | ||
57 | domainOptions = { | 12 | domainOptions = { |
58 | options = { | 13 | options = { |
@@ -111,10 +66,6 @@ in { | |||
111 | extraDomainNames = optional cfg.domains.${domain}.wildcard "*.${domain}"; | 66 | extraDomainNames = optional cfg.domains.${domain}.wildcard "*.${domain}"; |
112 | dnsResolver = "127.0.0.1:5353"; | 67 | dnsResolver = "127.0.0.1:5353"; |
113 | }; | 68 | }; |
114 | mkKnotc = shared // { | ||
115 | dnsProvider = "exec"; | ||
116 | credentialsFile = knotDNSCredentials domain; | ||
117 | }; | ||
118 | mkRFC2136 = let | 69 | mkRFC2136 = let |
119 | tsigInfo = readYaml tsigPath; | 70 | tsigInfo = readYaml tsigPath; |
120 | in shared // { | 71 | in shared // { |
@@ -129,7 +80,7 @@ in { | |||
129 | RFC2136_POLLING_INTERVAL=2 | 80 | RFC2136_POLLING_INTERVAL=2 |
130 | ''; | 81 | ''; |
131 | }; | 82 | }; |
132 | in (if isTsig then mkRFC2136 else mkKnotc) // cfg.domains.${domain}.certCfg; | 83 | in assert isTsig; mkRFC2136 // cfg.domains.${domain}.certCfg; |
133 | in genAttrs (attrNames cfg.domains) domainAttrset; | 84 | in genAttrs (attrNames cfg.domains) domainAttrset; |
134 | }; | 85 | }; |
135 | 86 | ||
diff --git a/hosts/surtr/tls/tsig_key.gup b/hosts/surtr/tls/tsig_key.gup new file mode 100644 index 00000000..3d81b603 --- /dev/null +++ b/hosts/surtr/tls/tsig_key.gup | |||
@@ -0,0 +1,6 @@ | |||
1 | #!/usr/bin/env zsh | ||
2 | |||
3 | keyFile=../dns/keys/${2:t}_acme.yaml | ||
4 | gup -u $keyFile | ||
5 | sops -d --input-type=binary --output-type=binary ${keyFile} | yq -r '.key[0].secret' > $1 | ||
6 | sops -p '7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8,30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51' --input-type=binary -e -i $1 \ No newline at end of file | ||
diff --git a/hosts/surtr/tls/tsig_keys/141.li b/hosts/surtr/tls/tsig_keys/141.li new file mode 100644 index 00000000..f94b492f --- /dev/null +++ b/hosts/surtr/tls/tsig_keys/141.li | |||
@@ -0,0 +1,26 @@ | |||
1 | { | ||
2 | "data": "ENC[AES256_GCM,data:wjjG+kaLFnWG8vTKCMHRsTB2ksZEQV/lZON7OTGs4RGF2UGyzr7uFiaPEu69,iv:x29NlTSg48NuDZmNwQx7WFhKPanOLEziDF59GpAbYIU=,tag:U0jQimah+7dfJ8+rElb75w==,type:str]", | ||
3 | "sops": { | ||
4 | "kms": null, | ||
5 | "gcp_kms": null, | ||
6 | "azure_kv": null, | ||
7 | "hc_vault": null, | ||
8 | "age": null, | ||
9 | "lastmodified": "2022-02-22T14:15:30Z", | ||
10 | "mac": "ENC[AES256_GCM,data:NVzJqLoMPP1I322E002PPHB4hp6K2FpZTz1+E+eggsVnXtcU3da0zzRZTe+1JRRRLgTp1nFafxkDZbOF53byUgcuA+YVD0lIcX/Zk4JtkihS/AKBgCFSDXox+WFPulT+Jy8piRQuLFIj9m//FrPqbbZje4tT9MqtU8GFtQ/RZSA=,iv:ZXv5MXjUH939pbFZTHLICovdKgDxN3HkJWjzEBu0mIM=,tag:0h6XiH4oIeFEH3dFivHe2g==,type:str]", | ||
11 | "pgp": [ | ||
12 | { | ||
13 | "created_at": "2022-02-22T14:15:29Z", | ||
14 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdA3LvoKvgJIXhXYc5cnoUHE4k9EnJzrSokuwHX6vsXMF4w\nl/Am3E8SYCRLW6GH84v5nRogvRi4/njDTUMltRil4AreR8AKs6O22K/dotFDFpm8\n0l4BjzIFo5lin5t/fJQnam+Q9N0sRu6CKe74id93IEWn4fh8jnGm2z45VQf08edv\n5TT3atYJPXK3BoOGZqWLbYk1zZMxlj/yNDC/gsoNzkv7tFfQyd8Rk0pbGOELrvlq\n=QUbV\n-----END PGP MESSAGE-----\n", | ||
15 | "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" | ||
16 | }, | ||
17 | { | ||
18 | "created_at": "2022-02-22T14:15:29Z", | ||
19 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdApyLjA3a/6MiK3911+Dp7+GldIgztIqDfePqSVGQ9Tngw\n8ojc86qm6daCc2aceZGmmvt28kPX4XNmd5KOnFhF6B33o1tSI2duoVeYMOMY5sc0\n0l4BXL2CeNPvdX5To1I4OAUV6t3HEhgnW41/b6B3LqaGg34KBI4i7xNb8+djVSxu\nMEtYkD9QoSkDdNOpDAlH5GnPmrIVPHY9ml70agC1ctwET+P6L9qt0lzwCs2K1oT2\n=/Ukj\n-----END PGP MESSAGE-----\n", | ||
20 | "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" | ||
21 | } | ||
22 | ], | ||
23 | "unencrypted_suffix": "_unencrypted", | ||
24 | "version": "3.7.1" | ||
25 | } | ||
26 | } \ No newline at end of file | ||
diff --git a/hosts/surtr/tls/tsig_keys/dirty-haskell.org b/hosts/surtr/tls/tsig_keys/dirty-haskell.org new file mode 100644 index 00000000..b9effeda --- /dev/null +++ b/hosts/surtr/tls/tsig_keys/dirty-haskell.org | |||
@@ -0,0 +1,26 @@ | |||
1 | { | ||
2 | "data": "ENC[AES256_GCM,data:c4XzB/MbBfDcgR+6/FRNxDsRxtfdOR8oaKj7eLByJfnDyDrnN/p5DHrwNOe+,iv:TmCVdXMFJtRb1eT0M8Tga23rxoyUldjPATPX04n7I18=,tag:AhqhULrs/FVtfPUeWv5SdQ==,type:str]", | ||
3 | "sops": { | ||
4 | "kms": null, | ||
5 | "gcp_kms": null, | ||
6 | "azure_kv": null, | ||
7 | "hc_vault": null, | ||
8 | "age": null, | ||
9 | "lastmodified": "2022-02-22T14:20:36Z", | ||
10 | "mac": "ENC[AES256_GCM,data:AZxoNR2oE7c5LXEg8o3cBYTflBMeGadPWr1cJ5GEyBJUJUloN9V9iTjnN/62Pj1zkTQvOhL4vkoOd0q812mOV1QgCi/RbLTPIn55dDWJ8d8jYQLlqrMV3LR+xtsGDDBDOPWJ8pNIug9D7f3BwVQpbvj3W2WOnJvm3oAZNHa0RJ8=,iv:YVFNSC74bZQgGpVLxWFCkC1oouSYwJjQ+k3beSeXUJc=,tag:oi7bSs83GsDl4qpsJ8zqCw==,type:str]", | ||
11 | "pgp": [ | ||
12 | { | ||
13 | "created_at": "2022-02-22T14:20:35Z", | ||
14 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAhNF59zErbJlEDeJjF5kFLUVeAF81ageD34K/7NjVf3Ew\nFAn32mbWKZmoY4ekfOyZesKWTvpaYH8vnLj0r0vTc4nnqIejrVbz5T7nxl9mKgxX\n0l4BS9jVKuC7mGvTlKvpABPEP7uQS083JRVdTQ9nLFF3kOgf3rHWTX7I+QNMT+7E\nWqdm0q8OV09wk0I94lpRVjQjeosZmLGV58E8Q1D5x9xKjwS1Z9IT2SHONaZDAc5a\n=jdQT\n-----END PGP MESSAGE-----\n", | ||
15 | "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" | ||
16 | }, | ||
17 | { | ||
18 | "created_at": "2022-02-22T14:20:35Z", | ||
19 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAMpNL9Ff2tSQLZYJlJCc3zUeTIiJYBwPXngz89tnrtxMw\n7cBQezv8MW/nKS5+8VPsr5NA2EfbPRlPAGDs3i7c82iNyaq8wjlZ7E5kJt9Cp1UA\n0l4BUddH560+QD8JZ7Tas943jI0GvBSrP3gm/dpILXS6APmIo8cY1Ex8Qkyvp0vn\nfumu+TRaUIjgSo5ZbqbJx+/duUjTg+j+p0Zu1xvBDQizbP894y5LFfsEsWQB2tkC\n=QZbr\n-----END PGP MESSAGE-----\n", | ||
20 | "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" | ||
21 | } | ||
22 | ], | ||
23 | "unencrypted_suffix": "_unencrypted", | ||
24 | "version": "3.7.1" | ||
25 | } | ||
26 | } \ No newline at end of file | ||
diff --git a/hosts/surtr/tls/tsig_keys/kleen.li b/hosts/surtr/tls/tsig_keys/kleen.li new file mode 100644 index 00000000..3f31b1ec --- /dev/null +++ b/hosts/surtr/tls/tsig_keys/kleen.li | |||
@@ -0,0 +1,26 @@ | |||
1 | { | ||
2 | "data": "ENC[AES256_GCM,data:Jjw1uufbrTcNTY9QLDbC98BXyDsUpO7jlS56qHmrIC4gBT0DF29v4thHgDe/,iv:AJeaK7SA2dlVMZKT7VGYXpjYOvIlWsSPghylvwq5hfE=,tag:af6RdYpyPSioqiTpnuLYNQ==,type:str]", | ||
3 | "sops": { | ||
4 | "kms": null, | ||
5 | "gcp_kms": null, | ||
6 | "azure_kv": null, | ||
7 | "hc_vault": null, | ||
8 | "age": null, | ||
9 | "lastmodified": "2022-02-22T14:43:58Z", | ||
10 | "mac": "ENC[AES256_GCM,data:Ws+LHpDFB9tKzfV5zVg5POTbzwb5KNFigPCQON85yIupazVMKesW5mpBZTzbknL0IwPfVnCQNX92bnJ6RBqJ+vIdOdax/eZzuIMvXyUGw1gjafkE3F9gv0CWu3n34SoLOynEIHXOrM/nTVWOLs6+DP1fH8MmscjhvaX52yIxe8E=,iv:OhYYyc0tcI2BrL8i2ZWADso9AcHzhb/wNrqVEnTXUJY=,tag:+GoBXxlveNe2puCbFz2foQ==,type:str]", | ||
11 | "pgp": [ | ||
12 | { | ||
13 | "created_at": "2022-02-22T14:43:58Z", | ||
14 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAHUWRBd0g/lAt4SNSRTyY084xlAmLVFiWY38oItiWEzUw\ngFigoJRqCtFsfRgmPC/VyasEAsUCSmmA15rGH+C1DA0HRyXLNUVGEcsnL1J7yNxS\n0lwBVaPi+AgmKtV48v6YzArTeY36TA9CInZl588Wy/YFitnTX6wqIuoZeJlDgEhN\nVF4XQVjb1mQhHFHbgD7SJSW6fHi8KWb+B3Tr6qt+p+CzwCycH/IaDbWbhIRSZg==\n=06jP\n-----END PGP MESSAGE-----\n", | ||
15 | "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" | ||
16 | }, | ||
17 | { | ||
18 | "created_at": "2022-02-22T14:43:58Z", | ||
19 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAZbcJU1YXpht/sVq+NgOi23+BCjuiT/DH2Q4o9oQwEBkw\nLlQGzqtLfKPAjZWCECgsgz7ssAQVY90S9MDM3fUYWX56TXZabFkgz18Bn0cq1Ywa\n0lwBeS1RQX6gyjLNrO3B52eL9t/FW01RtWWS51nGN0WafVgoIaohV00lDCFZPAD/\noajw9vLd7Njjk11Pqv6H7pUanQOk69+tX5pKpzwGlRE0eZre6OSPZp9WTgfLTQ==\n=Af2i\n-----END PGP MESSAGE-----\n", | ||
20 | "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" | ||
21 | } | ||
22 | ], | ||
23 | "unencrypted_suffix": "_unencrypted", | ||
24 | "version": "3.7.1" | ||
25 | } | ||
26 | } \ No newline at end of file | ||
diff --git a/hosts/surtr/tls/tsig_keys/nights.email b/hosts/surtr/tls/tsig_keys/nights.email new file mode 100644 index 00000000..5e387091 --- /dev/null +++ b/hosts/surtr/tls/tsig_keys/nights.email | |||
@@ -0,0 +1,26 @@ | |||
1 | { | ||
2 | "data": "ENC[AES256_GCM,data:WrhKcorA/PdPrt6tr1eDuVA/Wdr/DaRtc5ETixVKZtxDZzKQakF5ltVB49Dj,iv:f/1Ko1m064gAVPEbt2SnHt7zee/PQvMZb+/qneVc0ls=,tag:qimiralQNxwOZ/uAs1T7/g==,type:str]", | ||
3 | "sops": { | ||
4 | "kms": null, | ||
5 | "gcp_kms": null, | ||
6 | "azure_kv": null, | ||
7 | "hc_vault": null, | ||
8 | "age": null, | ||
9 | "lastmodified": "2022-02-22T14:44:08Z", | ||
10 | "mac": "ENC[AES256_GCM,data:+/9QfW6yc0AXNKu73Mkp7hK98lWWyNn3WLJ2wdi6mh7dAR/pYxcuIa8a9b8Kv41WrExwExVbWbI886v2hC63GMI+rZeiOXAZEEFNCpYQwyog0bzWedZ9gE5ZmymaErrPsVJYauys+8NYomhtj+3ufB5FZNwfmEOO76dzcr10qZY=,iv:ecyJqhBYHHNj97JvOCFgFg4jxaBySUdj3ZgZKY6ulLw=,tag:a62hRw50887xQarS6O/GgA==,type:str]", | ||
11 | "pgp": [ | ||
12 | { | ||
13 | "created_at": "2022-02-22T14:44:08Z", | ||
14 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAwkyJitOwmF+FeN4F3Z72t5wf8vTizR+TjlBPU/OwRUYw\nYVBQCma/uqjRj4UZeWXo6lq3weKI+gRp17z3Fvzc0YCWdtGq7lKyVtmwPltrvEXc\n0l4B4h6XT2+EcPuqtvkpNwIUoNphYZV8xGUD4v6lAQqUOYFsJvZfZbYe7tukcAQg\nwvbuWE2Hht0cxPpY65cVURA92wEcs7aP6Bp9Mqb/lQn7Ju1sv1a4bAvYvNVFnqu2\n=OkoI\n-----END PGP MESSAGE-----\n", | ||
15 | "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" | ||
16 | }, | ||
17 | { | ||
18 | "created_at": "2022-02-22T14:44:08Z", | ||
19 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAFIJLO7eo3lhEVg13E2zI8DMn3ljuQv9JggBD2mHk4Xcw\nDjk54ugbH3AacQN4zsoGJsAjZEUpfCBhGl/fpVZYEVzgMLzA2SRqRol94YPyNpM3\n0l4Bived0rDJwIYAEhpCplpX/JKAN48BaauPC14QuWDxgBpZTWSKqa+BoYpTbBoc\nN0amWuqWp7WGLrRizpfah1w/+Og6QycgccXzG/dz5aRVC71ddxycvjbR2k6sH3tr\n=m8ZH\n-----END PGP MESSAGE-----\n", | ||
20 | "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" | ||
21 | } | ||
22 | ], | ||
23 | "unencrypted_suffix": "_unencrypted", | ||
24 | "version": "3.7.1" | ||
25 | } | ||
26 | } \ No newline at end of file | ||
diff --git a/hosts/surtr/tls/tsig_keys/praseodym.org b/hosts/surtr/tls/tsig_keys/praseodym.org new file mode 100644 index 00000000..c4afce5d --- /dev/null +++ b/hosts/surtr/tls/tsig_keys/praseodym.org | |||
@@ -0,0 +1,26 @@ | |||
1 | { | ||
2 | "data": "ENC[AES256_GCM,data:LLr/euxUJL1qSnjx2HlUG/X5dIg15WXb3VryAnVtHCLHUxnfrUF2PNlAoneL,iv:7OeUpmgXb7PfyDwfgNvaqhnPn9UKqYd4ug8as01gIDU=,tag:CYKMKyol09ahPr6SKGB9kA==,type:str]", | ||
3 | "sops": { | ||
4 | "kms": null, | ||
5 | "gcp_kms": null, | ||
6 | "azure_kv": null, | ||
7 | "hc_vault": null, | ||
8 | "age": null, | ||
9 | "lastmodified": "2022-02-22T14:43:37Z", | ||
10 | "mac": "ENC[AES256_GCM,data:dMgOwAv7CWEsP568dNX/1mGOcVIXc/eU92gJUSkZaQBWoJExa7Y1K0Ocyin9YsdQsFGcBFgjyo1DtdVUrf8j5/V69CG8xXiWwf82O247lifK+V2/Etgys7W71GZXxX+C5+fnN8SgsVQeOKX47ljiDeajKMXOptQEx7Awooe1vYM=,iv:GP57gibgf20yrZTgGzGxewOEWnu+1E7uJUYYJO85n9Q=,tag:Zhl9FmLYUyydiNzbXjLN4g==,type:str]", | ||
11 | "pgp": [ | ||
12 | { | ||
13 | "created_at": "2022-02-22T14:43:37Z", | ||
14 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAEwneu5Lzspri3SHXIFgp8G+nTOpl3DGEoQTCaxeJvkgw\n/q3IUfiNFbpH32V7V07oOk3CD3SIlVVLNcxD/3DuOLHLeCehnWJ6OAtzaakvR2zW\n0l4BEBu/NBzhrtxbOt2vJnUyIoPwJIQuzQ92nUppd3gdaMoHyA+Wk/CAByTZ6+Gu\nq4jPWyeVwGeItpQ3PfpnCKJJQGhs/2E9TQrrovr2vhurnaxiEW80U/NdCQ3eMXiw\n=vKZP\n-----END PGP MESSAGE-----\n", | ||
15 | "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" | ||
16 | }, | ||
17 | { | ||
18 | "created_at": "2022-02-22T14:43:37Z", | ||
19 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA1KY9DWpdJsUWLsvl4jJWel1tsdiNJ4z1VJw1W1Uiti0w\nLBhjFCiX4trrvYZf/s27t3CEE3j1xHpk+nhG+5rvh4PKOy9+4Z4dQ7ePr3khWK8d\n0l4BrSZXnmP1+i49AjR4F94EvezVS5MMNlqbHOfChBaybXO95oXl8CamSu2X0kSC\naJJe/ovfYblK2QCD1+kAb/e4LOedAHkL/YSOFtKa0WVhKNJoRIocAAYfCAXuQSRP\n=GWol\n-----END PGP MESSAGE-----\n", | ||
20 | "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" | ||
21 | } | ||
22 | ], | ||
23 | "unencrypted_suffix": "_unencrypted", | ||
24 | "version": "3.7.1" | ||
25 | } | ||
26 | } \ No newline at end of file | ||
diff --git a/hosts/surtr/tls/tsig_keys/xmpp.li b/hosts/surtr/tls/tsig_keys/xmpp.li new file mode 100644 index 00000000..35acd462 --- /dev/null +++ b/hosts/surtr/tls/tsig_keys/xmpp.li | |||
@@ -0,0 +1,26 @@ | |||
1 | { | ||
2 | "data": "ENC[AES256_GCM,data:Bice54S+zPCtUASZD0wnqFeBDekIKAfaZmNc4BJ8yFzzP1AeenJqOow69lf/,iv:dsBceXehjvhfTSd+KXE2QOvpTwNTY7gr9ef0hNFdDms=,tag:6iMISbLkELFP5OBbRgcdqA==,type:str]", | ||
3 | "sops": { | ||
4 | "kms": null, | ||
5 | "gcp_kms": null, | ||
6 | "azure_kv": null, | ||
7 | "hc_vault": null, | ||
8 | "age": null, | ||
9 | "lastmodified": "2022-02-22T14:43:10Z", | ||
10 | "mac": "ENC[AES256_GCM,data:IACasoGWgaouc0QnJAztTJkRnD60D0r0pXdxhXnDqpsz3qeS4Nnc5wgjMjSC6iTLNTDsGHw5s8egoIYKNhMVv1Gi7jYPgaIMGkjtg5iGIGmd12dqQTT4LPTfvrA0zqvu6BjzjO1BEBaJ26u8SBWw6yIg76b0BPpmM6afmyKo4X0=,iv:el8SzvnpQzURe1POMWNI3d2vYbAHqgfWzkzFi6GTQx8=,tag:HWABf4iOAZZLiJiMivGQ7Q==,type:str]", | ||
11 | "pgp": [ | ||
12 | { | ||
13 | "created_at": "2022-02-22T14:43:10Z", | ||
14 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAqBgOG0dMrKdKrPfL605eIH0q4zc/qLSepP3Mbi4wUCAw\nwVXV+LDTZKtCiT3RioyM3Vlf6blY1i5A8VgCKPHKFSy7TEMmhsHKKQGExahE35tm\n0l4BSmNYGiyW6mdiOlVS4uHlztG0SkzxAKoWs7lgwXufP97M0c9GaGLwVUCaOrWj\n416XfTI1wL8HmLBHaa8s2GyVPo+VWRKUpPu9gXAjTpqmRxeFjt7j749nIK8X27y8\n=2zXf\n-----END PGP MESSAGE-----\n", | ||
15 | "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" | ||
16 | }, | ||
17 | { | ||
18 | "created_at": "2022-02-22T14:43:10Z", | ||
19 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA4FILrqlN0ta93yHezBedT+3UuCQqonGlarHvrwi77DUw\nIi4IxaLcYRwqISIhsjz0k7MzJ/BlP1/Qg/NMaB9CoSQIoVc8P7TK/gdP81ORE+r2\n0l4BT9n00HJPJ4IHJKcKmG+Ta5xOPHsVqRNgLSp7Ss71I0HLEa6YqhE/4z3kwvcE\nD7fWKVLkMuA6PMzjEa+ZGY/baqHL0VFW+Vy3/Fn+E0nStUT17Ya0ANB5kuyRp/v6\n=cwHX\n-----END PGP MESSAGE-----\n", | ||
20 | "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" | ||
21 | } | ||
22 | ], | ||
23 | "unencrypted_suffix": "_unencrypted", | ||
24 | "version": "3.7.1" | ||
25 | } | ||
26 | } \ No newline at end of file | ||
diff --git a/hosts/surtr/tls/tsig_keys/yggdrasil.li b/hosts/surtr/tls/tsig_keys/yggdrasil.li new file mode 100644 index 00000000..7c75602c --- /dev/null +++ b/hosts/surtr/tls/tsig_keys/yggdrasil.li | |||
@@ -0,0 +1,26 @@ | |||
1 | { | ||
2 | "data": "ENC[AES256_GCM,data:nfXCp4v2HFGHzceTQJY7knQ3ci8sPUGdiYL5Cy9epu3LK1QULNFb+eA+vFHG,iv:xBdtLNYMgGQfLsdjj63uwc9NWe8UvVnVmyuMAM0S1bQ=,tag:9xSy1U4+crLKvWr7eKti4w==,type:str]", | ||
3 | "sops": { | ||
4 | "kms": null, | ||
5 | "gcp_kms": null, | ||
6 | "azure_kv": null, | ||
7 | "hc_vault": null, | ||
8 | "age": null, | ||
9 | "lastmodified": "2022-02-22T14:43:24Z", | ||
10 | "mac": "ENC[AES256_GCM,data:DzSO3ir1Q2KWzwcmrW9ksw9GFRJXOVkb2tuhgDQxzV+sHC8O6VLMvYUZCNrYSKlZR0i2xiGuQD+3cO09YRYMF9MoR3ODl1BAGi5C0z0UKYPxf8BE/8x1qj2ak4Qdp7BHtaAQHo+IU+dX8AK64DJ5b2pJ/ThZzRSlfaeYp3X8cgA=,iv:FeuDzZzI8R2sZxWry5Jr1eoUWQlLkSqiNLutrvBviKI=,tag:VQJoQSodDkHIkrDXsnPG7Q==,type:str]", | ||
11 | "pgp": [ | ||
12 | { | ||
13 | "created_at": "2022-02-22T14:43:23Z", | ||
14 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAP/YAe2yfGvQ3TcChWjoRsi1bSezMKA2VDWPgRZuA1xQw\nEXhjL2Iu/ORRaktmd6ortqSxckYo2WOosqLXLLWXSnSpBK0mpSFO4/DJbMeKapCA\n0lwB0Tq0hP1Knh7jrTm/9mj2zcqonJY4P8mDwobBI4p1Ll29HxG4KCExrsxFFV6S\nQj1/r9Sz3SLsA9+z8hS8SQO3+877ITmAF518LTjs5clelO4I3KYCQqezXTVOSA==\n=2jir\n-----END PGP MESSAGE-----\n", | ||
15 | "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" | ||
16 | }, | ||
17 | { | ||
18 | "created_at": "2022-02-22T14:43:23Z", | ||
19 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdArOyejysX1GDvK5g928BoioPtvEz1VzindL8Ng3Ta/Bcw\nUCB1/NKkCM8Ex2jALoGrBeZ5GdL2eRAOmQysaYPpeYRSG84/6e3DUixsbavL63tO\n0lwB+fVTe4tsLKFQ/j+GRJrBkHWNLVSjq50t68OhqTMQ31e8FejeTdAmsFG33MjH\ntumC/AGjz9qAGR7G690wu6WZaJRFD+aPMAJdFN2Fu3A+Imdra3hlTExs8ZAVaA==\n=7NiP\n-----END PGP MESSAGE-----\n", | ||
20 | "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" | ||
21 | } | ||
22 | ], | ||
23 | "unencrypted_suffix": "_unencrypted", | ||
24 | "version": "3.7.1" | ||
25 | } | ||
26 | } \ No newline at end of file | ||