summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--hosts/surtr/http.nix4
-rw-r--r--hosts/surtr/tls.nix63
2 files changed, 38 insertions, 29 deletions
diff --git a/hosts/surtr/http.nix b/hosts/surtr/http.nix
index a5f08dfe..bca89a4c 100644
--- a/hosts/surtr/http.nix
+++ b/hosts/surtr/http.nix
@@ -58,6 +58,8 @@
58 }; 58 };
59 }; 59 };
60 }; 60 };
61 security.acme.domains."webdav.141.li" = {}; 61 security.acme.domains."webdav.141.li" = {
62 zone = "141.li";
63 };
62 }; 64 };
63} 65}
diff --git a/hosts/surtr/tls.nix b/hosts/surtr/tls.nix
index 704941e2..97a9649d 100644
--- a/hosts/surtr/tls.nix
+++ b/hosts/surtr/tls.nix
@@ -11,40 +11,43 @@ let
11 EXEC_PROPAGATION_TIMEOUT=300 11 EXEC_PROPAGATION_TIMEOUT=300
12 EXEC_POLLING_INTERVAL=5 12 EXEC_POLLING_INTERVAL=5
13 ''; 13 '';
14 knotDNSExec = zone: pkgs.writeScriptBin "update-dns.sh" '' 14 knotDNSExec = domain:
15 #!${pkgs.zsh}/bin/zsh -xe 15 let
16 zone = if cfg.domains.${domain}.zone == null then domain else cfg.domains.${domain}.zone;
17 in pkgs.writeScriptBin "update-dns.sh" ''
18 #!${pkgs.zsh}/bin/zsh -xe
16 19
17 mode=$1 20 mode=$1
18 fqdn=$2 21 fqdn=$2
19 challenge=$3 22 challenge=$3
20 23
21 owner=''${fqdn%".${zone}."} 24 owner=''${fqdn%".${domain}."}
22 25
23 commited= 26 commited=
24 function abort() { 27 function abort() {
25 [[ -n "''${commited}" ]] || ${knotCfg.cliWrappers}/bin/knotc zone-abort "${zone}" 28 [[ -n "''${commited}" ]] || ${knotCfg.cliWrappers}/bin/knotc zone-abort "${zone}"
26 } 29 }
27 30
28 ${knotCfg.cliWrappers}/bin/knotc zone-begin "${zone}" 31 ${knotCfg.cliWrappers}/bin/knotc zone-begin "${zone}"
29 trap abort EXIT 32 trap abort EXIT
30 33
31 case "''${mode}" in 34 case "''${mode}" in
32 present) 35 present)
33 ${knotCfg.cliWrappers}/bin/knotc zone-unset ${zone} "''${owner}" TXT '""' 36 ${knotCfg.cliWrappers}/bin/knotc zone-unset ${zone} "''${owner}" TXT '""'
34 ${knotCfg.cliWrappers}/bin/knotc zone-set ${zone} "''${owner}" 30 TXT "''${challenge}" 37 ${knotCfg.cliWrappers}/bin/knotc zone-set ${zone} "''${owner}" 30 TXT "''${challenge}"
35 ;; 38 ;;
36 cleanup) 39 cleanup)
37 ${knotCfg.cliWrappers}/bin/knotc zone-unset ${zone} "''${owner}" TXT "''${challenge}" 40 ${knotCfg.cliWrappers}/bin/knotc zone-unset ${zone} "''${owner}" TXT "''${challenge}"
38 ${knotCfg.cliWrappers}/bin/knotc zone-set ${zone} "''${owner}" 30 TXT '""' 41 ${knotCfg.cliWrappers}/bin/knotc zone-set ${zone} "''${owner}" 30 TXT '""'
39 ;; 42 ;;
40 *) 43 *)
41 exit 2 44 exit 2
42 ;; 45 ;;
43 esac 46 esac
44 47
45 ${knotCfg.cliWrappers}/bin/knotc zone-commit "${zone}" 48 ${knotCfg.cliWrappers}/bin/knotc zone-commit "${zone}"
46 commited=yes 49 commited=yes
47 ''; 50 '';
48 51
49 domainOptions = { 52 domainOptions = {
50 options = { 53 options = {
@@ -52,6 +55,10 @@ let
52 type = types.bool; 55 type = types.bool;
53 default = false; 56 default = false;
54 }; 57 };
58 zone = mkOption {
59 type = types.nullOr types.str;
60 default = null;
61 };
55 }; 62 };
56 }; 63 };
57in { 64in {