diff options
-rw-r--r-- | hosts/surtr/dns/default.nix | 2 | ||||
-rw-r--r-- | hosts/surtr/dns/keys/turn.synapse.li_acme.yaml | 26 | ||||
-rw-r--r-- | hosts/surtr/dns/zones/li.synapse.soa | 10 | ||||
-rw-r--r-- | hosts/surtr/tls/tsig_keys/turn.synapse.li | 26 |
4 files changed, 57 insertions, 7 deletions
diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix index 24e8dfdb..0a754a86 100644 --- a/hosts/surtr/dns/default.nix +++ b/hosts/surtr/dns/default.nix | |||
@@ -171,7 +171,7 @@ in { | |||
171 | addACLs = { "xmpp.li" = ["ymir_acme_acl"]; }; | 171 | addACLs = { "xmpp.li" = ["ymir_acme_acl"]; }; |
172 | } | 172 | } |
173 | { domain = "synapse.li"; | 173 | { domain = "synapse.li"; |
174 | acmeDomains = ["element.synapse.li" "synapse.li"]; | 174 | acmeDomains = ["element.synapse.li" "turn.synapse.li" "synapse.li"]; |
175 | } | 175 | } |
176 | { domain = "dirty-haskell.org"; | 176 | { domain = "dirty-haskell.org"; |
177 | addACLs = { "dirty-haskell.org" = ["ymir_acme_acl"]; }; | 177 | addACLs = { "dirty-haskell.org" = ["ymir_acme_acl"]; }; |
diff --git a/hosts/surtr/dns/keys/turn.synapse.li_acme.yaml b/hosts/surtr/dns/keys/turn.synapse.li_acme.yaml new file mode 100644 index 00000000..036fd519 --- /dev/null +++ b/hosts/surtr/dns/keys/turn.synapse.li_acme.yaml | |||
@@ -0,0 +1,26 @@ | |||
1 | { | ||
2 | "data": "ENC[AES256_GCM,data:7DNWPIDOyyokRIxX5a6LA9K3THxZfGU2xYJgL1zW+wmR7VlDmivRyn+FjGhKBmKNSbkpejefn4EwhTM9/qTz/h0hGzjSfSfMMf7b5IvMayCk13WWSOYVYEFsBw/U1OraQYKHrAe8xz3Af6dcoYvO2HYbbuGrSQFzL7+Ni5thvsO3dvvJIIiH8dkMheNqkQS0q0yhzXxKnNo0zWmw1VZSTQhZObdnF/mY9GT/uNxYLuHTb4FrcMEwcd/dIoM1S44U2RVfzepI0bzXpnlWRK8=,iv:KgVPWx4mfhb9vGN3BjsHu1jseQdL+bbsiHQxGKzuze4=,tag:dKu5W/qv/nEmZ5H7XK6ymA==,type:str]", | ||
3 | "sops": { | ||
4 | "kms": null, | ||
5 | "gcp_kms": null, | ||
6 | "azure_kv": null, | ||
7 | "hc_vault": null, | ||
8 | "age": null, | ||
9 | "lastmodified": "2022-02-24T23:02:47Z", | ||
10 | "mac": "ENC[AES256_GCM,data:zZgvnIrVOELiAUT2d9wWx5PBgv2T/elihv5P+SD8YMZfrykAPalYWeCOAg+yGGlCWhj4G5d6g3jomrHaxKUBhmQWBhKREZJnu4n8dv3xBGHq6Y0K43+EGiqZaKSCPaomkIJ5HKDavT0r0uJFQ+Z6CA+NdUMMsE4mHwFTQrGlPkY=,iv:R0UY3aIwpZojcB8XpQmuxNKDslItb9caUnckdNP05Yk=,tag:sc6aM5eE2zw0XBbX/K6xqQ==,type:str]", | ||
11 | "pgp": [ | ||
12 | { | ||
13 | "created_at": "2022-02-24T23:02:47Z", | ||
14 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAnEe5Fp4OyvdRGfTpEw5j/E60wPULMj9HGvHqYhnPt2kw\nFVhJzEu19VNX/TR66X0PGTXQ0oJjeQzEw3ZOYNXKkmAnwBseg1IpHX5of2f1UrJI\n0lwBe9ZYVeIkWq5Eo1Tt4H98p0sg0O6e84GiUxXcBClJ00y8EJUgCgVty2q6feF2\nY5UctbVtTLCH+STEeD1obeq9S066NBFv0cEd5ygDiJgyaoZ7yVKdyP4ACb509Q==\n=bcFt\n-----END PGP MESSAGE-----\n", | ||
15 | "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" | ||
16 | }, | ||
17 | { | ||
18 | "created_at": "2022-02-24T23:02:47Z", | ||
19 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAqFUV4o517EeRaFb6/+cTvvBphr+2PkXLKez7KS+oPgww\nBkaqfdNH8BIw+5a08sH+P26YsX9zDMIJJrMl9WODDB0z+8/Yj0KvXAOaUc5QHHku\n0lwBzCjN+8odiBgcU+SRHPxCAd1FJDWNErjW7Ks80nCuHw1iUSxFo2UzhinyJ2x9\nLIhow3V8OA0Fw9k4kG4jylBKuGXQpwlhL0laY9SV65wWYjQWilmncirDmlv/6Q==\n=HltA\n-----END PGP MESSAGE-----\n", | ||
20 | "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" | ||
21 | } | ||
22 | ], | ||
23 | "unencrypted_suffix": "_unencrypted", | ||
24 | "version": "3.7.1" | ||
25 | } | ||
26 | } \ No newline at end of file | ||
diff --git a/hosts/surtr/dns/zones/li.synapse.soa b/hosts/surtr/dns/zones/li.synapse.soa index 58ee3110..2f4e8160 100644 --- a/hosts/surtr/dns/zones/li.synapse.soa +++ b/hosts/surtr/dns/zones/li.synapse.soa | |||
@@ -1,7 +1,7 @@ | |||
1 | $ORIGIN synapse.li. | 1 | $ORIGIN synapse.li. |
2 | $TTL 3600 | 2 | $TTL 3600 |
3 | @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( | 3 | @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( |
4 | 2022022403 ; serial | 4 | 2022022500 ; serial |
5 | 10800 ; refresh | 5 | 10800 ; refresh |
6 | 3600 ; retry | 6 | 3600 ; retry |
7 | 604800 ; expire | 7 | 604800 ; expire |
@@ -21,12 +21,10 @@ $TTL 3600 | |||
21 | @ IN MX 0 ymir.yggdrasil.li | 21 | @ IN MX 0 ymir.yggdrasil.li |
22 | @ IN TXT "v=spf1 redirect=yggdrasil.li" | 22 | @ IN TXT "v=spf1 redirect=yggdrasil.li" |
23 | 23 | ||
24 | * IN A 202.61.241.61 | ||
25 | * IN AAAA 2a03:4000:52:ada:: | ||
26 | * IN MX 0 ymir.yggdrasil.li | ||
27 | * IN TXT "v=spf1 redirect=yggdrasil.li" | ||
28 | |||
29 | element IN CNAME synapse.li. | 24 | element IN CNAME synapse.li. |
30 | _acme-challenge.element IN NS ns.yggdrasil.li. | 25 | _acme-challenge.element IN NS ns.yggdrasil.li. |
31 | 26 | ||
27 | turn IN CNAME synapse.li. | ||
28 | _acme-challenge.turn IN NS ns.yggdrasil.li. | ||
29 | |||
32 | _acme-challenge IN NS ns.yggdrasil.li. | 30 | _acme-challenge IN NS ns.yggdrasil.li. |
diff --git a/hosts/surtr/tls/tsig_keys/turn.synapse.li b/hosts/surtr/tls/tsig_keys/turn.synapse.li new file mode 100644 index 00000000..019a03ab --- /dev/null +++ b/hosts/surtr/tls/tsig_keys/turn.synapse.li | |||
@@ -0,0 +1,26 @@ | |||
1 | { | ||
2 | "data": "ENC[AES256_GCM,data:uoAUhFWLvBkHC4gDhzj7MLGw3SeqfWG4CahGgJ2KPdoTkY6Vb8Kt0IJHh5kT,iv:k9RVMNa5bteaJv6+zRXnYvk2KMC2W7Bm0oYRaj40ocE=,tag:m5YIWRHkCS6PFvpVNEZoVg==,type:str]", | ||
3 | "sops": { | ||
4 | "kms": null, | ||
5 | "gcp_kms": null, | ||
6 | "azure_kv": null, | ||
7 | "hc_vault": null, | ||
8 | "age": null, | ||
9 | "lastmodified": "2022-02-24T23:02:47Z", | ||
10 | "mac": "ENC[AES256_GCM,data:G5hTMG3zfk2AIoKuIXZoQN8oUo/Zqd36B2Iz1fhsJg5k/Ns1kgHu3emNi0inhkryPTY8+4kNlLLk8T207RMn7mmu5Ya6zEMASxHrMp/1IgES1C88CZNAqIAmTVlmLEzXsh6O/8f7xtPjgNzfgbbDb6td/CNBQPyBfsuGeB9XM6E=,iv:3El86ZrV10IK0MTikO/Zs85afOv7t6Mz75sbl6yUNew=,tag:H4bNDQoF8Q8lTHImP0YFzQ==,type:str]", | ||
11 | "pgp": [ | ||
12 | { | ||
13 | "created_at": "2022-02-24T23:02:47Z", | ||
14 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdA75TO939bjxbE1DVdU7jxN92WBA9+FXLGzLVuYC9rjmUw\nB3jCi3+Q5Ig1N8moAy5SbuwvWuwunqksLipygk0zQCkrQAP5Yw8zTuaed1TUj61Y\n0l4BAfnWJkhG66fNaJ8bYLpnPelF/q5A8Ttqj6Yxj/NJwpqn8A43uOIgYZwUH/d3\nr/o1fT6hmsVgwRZsk7wTqletauc29SyA79nL3ObsP+3Mq3WSLaxoXNN/41+aPAyZ\n=oSp+\n-----END PGP MESSAGE-----\n", | ||
15 | "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" | ||
16 | }, | ||
17 | { | ||
18 | "created_at": "2022-02-24T23:02:47Z", | ||
19 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAEjr8onFpTD5dlA6pFGE8Z7JWfIzZMK3APnpY84e1iVQw\nlWIlbx9T9UjPpp3TgTgDz5ve1ZeQuKm95VcjvfWOamo8Nf9rgX8+yaNjFe9Cl9EX\n0l4BKcFRgwZoiNPyuWFlPGbW9K/GmPY2DX/KKdPuCWjDktdDzrgD07RyIdXnlaob\nPBjFDkMDpFMt6meE/Unux9fNE6MeyAsJvEHkKjNq9AEvqKZgdrNkzmUzjWm4DIsx\n=9W7b\n-----END PGP MESSAGE-----\n", | ||
20 | "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" | ||
21 | } | ||
22 | ], | ||
23 | "unencrypted_suffix": "_unencrypted", | ||
24 | "version": "3.7.1" | ||
25 | } | ||
26 | } \ No newline at end of file | ||