summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--hosts/surtr/dns/default.nix2
-rw-r--r--hosts/surtr/dns/zones/li.synapse.soa29
-rw-r--r--hosts/surtr/tls/default.nix2
3 files changed, 32 insertions, 1 deletions
diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix
index dc991b66..e9ae3183 100644
--- a/hosts/surtr/dns/default.nix
+++ b/hosts/surtr/dns/default.nix
@@ -169,6 +169,8 @@ in {
169 { domain = "xmpp.li"; 169 { domain = "xmpp.li";
170 addACLs = { "xmpp.li" = ["ymir_acme_acl"]; }; 170 addACLs = { "xmpp.li" = ["ymir_acme_acl"]; };
171 } 171 }
172 { domain = "synapse.li";
173 }
172 { domain = "dirty-haskell.org"; 174 { domain = "dirty-haskell.org";
173 addACLs = { "dirty-haskell.org" = ["ymir_acme_acl"]; }; 175 addACLs = { "dirty-haskell.org" = ["ymir_acme_acl"]; };
174 } 176 }
diff --git a/hosts/surtr/dns/zones/li.synapse.soa b/hosts/surtr/dns/zones/li.synapse.soa
new file mode 100644
index 00000000..539f0297
--- /dev/null
+++ b/hosts/surtr/dns/zones/li.synapse.soa
@@ -0,0 +1,29 @@
1$ORIGIN synapse.li
2$TTL 3600
3@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. (
4 2022022401 ; serial
5 10800 ; refresh
6 3600 ; retry
7 604800 ; expire
8 3600 ; min TTL
9)
10
11 IN NS ns.yggdrasil.li.
12 IN NS ns.inwx.de.
13 IN NS ns2.inwx.de.
14 IN NS ns3.inwx.eu.
15
16@ IN CAA 128 issue "letsencrypt.org; validationmethods=dns-01"
17@ IN CAA 128 iodef "mailto:caa@yggdrasil.li"
18
19@ IN A 202.61.241.61
20@ IN AAAA 2a03:4000:52:ada::
21@ IN MX 0 ymir.yggdrasil.li
22@ IN TXT "v=spf1 redirect=yggdrasil.li"
23
24* IN A 202.61.241.61
25* IN AAAA 2a03:4000:52:ada::
26* IN MX 0 ymir.yggdrasil.li
27* IN TXT "v=spf1 redirect=yggdrasil.li"
28
29_acme-challenge IN NS ns.yggdrasil.li.
diff --git a/hosts/surtr/tls/default.nix b/hosts/surtr/tls/default.nix
index 5118b1ad..6fbab9bd 100644
--- a/hosts/surtr/tls/default.nix
+++ b/hosts/surtr/tls/default.nix
@@ -36,7 +36,7 @@ in {
36 }; 36 };
37 37
38 config = { 38 config = {
39 security.acme.domains = genAttrs ["dirty-haskell.org" "141.li" "xmpp.li" "yggdrasil.li" "praseodym.org" "rheperire.org" "kleen.li" "nights.email"] (domain: { wildcard = true; }); 39 security.acme.domains = genAttrs ["dirty-haskell.org" "141.li" "xmpp.li" "synapse.li" "yggdrasil.li" "praseodym.org" "rheperire.org" "kleen.li" "nights.email"] (domain: { wildcard = true; });
40 40
41 fileSystems."/var/lib/acme" = 41 fileSystems."/var/lib/acme" =
42 { device = "surtr/safe/var-lib-acme"; 42 { device = "surtr/safe/var-lib-acme";