summaryrefslogtreecommitdiff
path: root/hosts/surtr/dns
diff options
context:
space:
mode:
Diffstat (limited to 'hosts/surtr/dns')
-rw-r--r--hosts/surtr/dns/default.nix2
-rw-r--r--hosts/surtr/dns/keys/turn.synapse.li_acme.yaml26
-rw-r--r--hosts/surtr/dns/zones/li.synapse.soa10
3 files changed, 31 insertions, 7 deletions
diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix
index 24e8dfdb..0a754a86 100644
--- a/hosts/surtr/dns/default.nix
+++ b/hosts/surtr/dns/default.nix
@@ -171,7 +171,7 @@ in {
171 addACLs = { "xmpp.li" = ["ymir_acme_acl"]; }; 171 addACLs = { "xmpp.li" = ["ymir_acme_acl"]; };
172 } 172 }
173 { domain = "synapse.li"; 173 { domain = "synapse.li";
174 acmeDomains = ["element.synapse.li" "synapse.li"]; 174 acmeDomains = ["element.synapse.li" "turn.synapse.li" "synapse.li"];
175 } 175 }
176 { domain = "dirty-haskell.org"; 176 { domain = "dirty-haskell.org";
177 addACLs = { "dirty-haskell.org" = ["ymir_acme_acl"]; }; 177 addACLs = { "dirty-haskell.org" = ["ymir_acme_acl"]; };
diff --git a/hosts/surtr/dns/keys/turn.synapse.li_acme.yaml b/hosts/surtr/dns/keys/turn.synapse.li_acme.yaml
new file mode 100644
index 00000000..036fd519
--- /dev/null
+++ b/hosts/surtr/dns/keys/turn.synapse.li_acme.yaml
@@ -0,0 +1,26 @@
1{
2 "data": "ENC[AES256_GCM,data:7DNWPIDOyyokRIxX5a6LA9K3THxZfGU2xYJgL1zW+wmR7VlDmivRyn+FjGhKBmKNSbkpejefn4EwhTM9/qTz/h0hGzjSfSfMMf7b5IvMayCk13WWSOYVYEFsBw/U1OraQYKHrAe8xz3Af6dcoYvO2HYbbuGrSQFzL7+Ni5thvsO3dvvJIIiH8dkMheNqkQS0q0yhzXxKnNo0zWmw1VZSTQhZObdnF/mY9GT/uNxYLuHTb4FrcMEwcd/dIoM1S44U2RVfzepI0bzXpnlWRK8=,iv:KgVPWx4mfhb9vGN3BjsHu1jseQdL+bbsiHQxGKzuze4=,tag:dKu5W/qv/nEmZ5H7XK6ymA==,type:str]",
3 "sops": {
4 "kms": null,
5 "gcp_kms": null,
6 "azure_kv": null,
7 "hc_vault": null,
8 "age": null,
9 "lastmodified": "2022-02-24T23:02:47Z",
10 "mac": "ENC[AES256_GCM,data:zZgvnIrVOELiAUT2d9wWx5PBgv2T/elihv5P+SD8YMZfrykAPalYWeCOAg+yGGlCWhj4G5d6g3jomrHaxKUBhmQWBhKREZJnu4n8dv3xBGHq6Y0K43+EGiqZaKSCPaomkIJ5HKDavT0r0uJFQ+Z6CA+NdUMMsE4mHwFTQrGlPkY=,iv:R0UY3aIwpZojcB8XpQmuxNKDslItb9caUnckdNP05Yk=,tag:sc6aM5eE2zw0XBbX/K6xqQ==,type:str]",
11 "pgp": [
12 {
13 "created_at": "2022-02-24T23:02:47Z",
14 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAnEe5Fp4OyvdRGfTpEw5j/E60wPULMj9HGvHqYhnPt2kw\nFVhJzEu19VNX/TR66X0PGTXQ0oJjeQzEw3ZOYNXKkmAnwBseg1IpHX5of2f1UrJI\n0lwBe9ZYVeIkWq5Eo1Tt4H98p0sg0O6e84GiUxXcBClJ00y8EJUgCgVty2q6feF2\nY5UctbVtTLCH+STEeD1obeq9S066NBFv0cEd5ygDiJgyaoZ7yVKdyP4ACb509Q==\n=bcFt\n-----END PGP MESSAGE-----\n",
15 "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
16 },
17 {
18 "created_at": "2022-02-24T23:02:47Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAqFUV4o517EeRaFb6/+cTvvBphr+2PkXLKez7KS+oPgww\nBkaqfdNH8BIw+5a08sH+P26YsX9zDMIJJrMl9WODDB0z+8/Yj0KvXAOaUc5QHHku\n0lwBzCjN+8odiBgcU+SRHPxCAd1FJDWNErjW7Ks80nCuHw1iUSxFo2UzhinyJ2x9\nLIhow3V8OA0Fw9k4kG4jylBKuGXQpwlhL0laY9SV65wWYjQWilmncirDmlv/6Q==\n=HltA\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 }
22 ],
23 "unencrypted_suffix": "_unencrypted",
24 "version": "3.7.1"
25 }
26} \ No newline at end of file
diff --git a/hosts/surtr/dns/zones/li.synapse.soa b/hosts/surtr/dns/zones/li.synapse.soa
index 58ee3110..2f4e8160 100644
--- a/hosts/surtr/dns/zones/li.synapse.soa
+++ b/hosts/surtr/dns/zones/li.synapse.soa
@@ -1,7 +1,7 @@
1$ORIGIN synapse.li. 1$ORIGIN synapse.li.
2$TTL 3600 2$TTL 3600
3@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( 3@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. (
4 2022022403 ; serial 4 2022022500 ; serial
5 10800 ; refresh 5 10800 ; refresh
6 3600 ; retry 6 3600 ; retry
7 604800 ; expire 7 604800 ; expire
@@ -21,12 +21,10 @@ $TTL 3600
21@ IN MX 0 ymir.yggdrasil.li 21@ IN MX 0 ymir.yggdrasil.li
22@ IN TXT "v=spf1 redirect=yggdrasil.li" 22@ IN TXT "v=spf1 redirect=yggdrasil.li"
23 23
24* IN A 202.61.241.61
25* IN AAAA 2a03:4000:52:ada::
26* IN MX 0 ymir.yggdrasil.li
27* IN TXT "v=spf1 redirect=yggdrasil.li"
28
29element IN CNAME synapse.li. 24element IN CNAME synapse.li.
30_acme-challenge.element IN NS ns.yggdrasil.li. 25_acme-challenge.element IN NS ns.yggdrasil.li.
31 26
27turn IN CNAME synapse.li.
28_acme-challenge.turn IN NS ns.yggdrasil.li.
29
32_acme-challenge IN NS ns.yggdrasil.li. 30_acme-challenge IN NS ns.yggdrasil.li.