9 files changed, 420 insertions, 0 deletions
diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix
new file mode 100644
index 00000000..ce909b72
--- /dev/null
+++ b/hosts/surtr/dns/default.nix
@@ -0,0 +1,92 @@
+{...}:
+{
+  config = {
+    fileSystems."/var/lib/knot" =
+      { device = "surtr/safe/var-lib-knot";
+        fsType = "zfs";
+      };
+    systemd.services.knot.unitConfig.RequiresMountsFor = [ "/var/lib/knot" ];
+    networking.firewall = {
+      allowedTCPPorts = [
+        53 # DNS
+      ];
+      allowedUDPPorts = [
+        53 # DNS
+      ];
+    };
+    
+    services.knot = {
+      enable = true;
+      extraConfig = ''
+        server:
+          listen: 127.0.0.1@53
+          listen: ::1@53
+          listen: 202.61.241.61@53
+          listen: 2a03:4000:52:ada::@53
+        remote:
+          - id: inwx_notify
+            address: 185.181.104.96@53
+        acl:
+          - id: inwx_acl
+            address: 185.181.104.96
+            action: transfer
+        template:
+          - id: inwx_zone
+            storage: /var/lib/knot
+            zonefile-sync: -1
+            zonefile-load: difference-no-serial
+            serial-policy: dateserial
+            journal-content: all
+            semantic-checks: on
+            dnssec-signing: on
+            notify: [inwx_notify]
+            acl: [inwx_acl]
+        policy:
+          - id: rsa
+            algorithm: rsasha256
+            ksk-size: 4096
+            zsk-size: 2048
+            zsk-lifetime: 30d
+        zone:
+          - domain: yggdrasil.li
+            template: inwx_zone
+            file: ${./zones/li.yggdrasil.soa}
+          - domain: nights.email
+            template: inwx_zone
+            file: ${./zones/email.nights.soa}
+          - domain: 141.li
+            template: inwx_zone
+            file: ${./zones/li.141.soa}
+          - domain: kleen.li
+            template: inwx_zone
+            file: ${./zones/li.kleen.soa}
+          - domain: xmpp.li
+            template: inwx_zone
+            file: ${./zones/li.xmpp.soa}
+          - domain: dirty-haskell.org
+            template: inwx_zone
+            file: ${./zones/org.dirty-haskell.soa}
+          - domain: praseodym.org
+            template: inwx_zone
+            file: ${./zones/org.praseodym.soa}
+          - domain: rheperire.org
+            template: inwx_zone
+            file: ${./zones/org.rheperire.soa}
+      '';
+    };
+  };
+}
diff --git a/hosts/surtr/dns/zones/email.nights.soa b/hosts/surtr/dns/zones/email.nights.soa
new file mode 100644
index 00000000..e0589dd3
--- /dev/null
+++ b/hosts/surtr/dns/zones/email.nights.soa
@@ -0,0 +1,38 @@
+$ORIGIN nights.email.
+$TTL 3600
+@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. (
+  2021053002 ; serial
+  10800      ; refresh
+  3600       ; retry
+  604800     ; expire
+  3600       ; min TTL
+)
+                        IN      NS      ns.yggdrasil.li.
+                        IN      NS      ns.inwx.de.
+                        IN      NS      ns2.inwx.de.
+                        IN      NS      ns3.inwx.eu.
+@                       IN      A       188.68.51.254
+@                       IN      AAAA    2a03:4000:6:d004::
+@                       IN      MX      0 ymir.yggdrasil.li.
+@                       IN      TXT     "v=spf1 redirect=yggdrasil.li"
+*                       IN      A       188.68.51.254
+*                       IN      AAAA    2a03:4000:6:d004::
+*                       IN      MX      0 ymir.yggdrasil.li.
+*                       IN      TXT     "v=spf1 redirect=yggdrasil.li"
+_acme-challenge      30 IN      TXT     ""
+ymir._domainkey         IN      TXT     ( 
+  "v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq3cCKlk+VPhyAanLZTM0BCzUT/+fmxHioZcFk0uJk1akBYj7BRofR7eVNcLKpm3rwYMQgE+9vJH9p8SV6tws9EcWc8SMCqqGZlREYM7PmLDiTSK/vjCzkygfgFCb0EBNsY2A/fpP4rTeoxrbcBSvMkq97iY5rwyw4wXZVZXLiDaCj23s8POoxTk1ClqUJZJQ5x2"
+  "qzrC0RfN5kLZ9A7Gq2jB09vNxpXHYqABA0bJv88JiZM7hfkp9IafJZ+yCVMaBcJs4DAxnTjNAuFD9gm+qSFVY8+yeXqL6Qjo5PbruhyZRBW8RgRYT8t5n07XRglMGKKGMwOGLanrltcyXqB+GsDZBD36RAAwjFadnxdpDyRv4SgRP7ff2tKRrORYpmpN+mKdqw5j3J/nP6bXV1oAkyh9XQkPEIDi81WT87EZziTElDzVp6A2qFOxqucAovoRk24"
+  "7vlsns1FApFRsp9mja0UZNObyKD1M6tP9Ep7lS76tFGMk+WDvXRJH5LEsyCpu7sSyl1r/O0M4K+KldRCqLlZd7rf8F5P8T0dn1azk05g7F4p0N/y9GNdzXbPZ9u0eZdI7SEdh8ZoOZp7NVZiBFfbWLSS5ZtyA2kbBa4i7GJ/cuAbEKOmqAkeQPiu96TGIcyjkXjS6mTPI+9UmKZYZC+OM8XdJ02y5KRoonCc19ZS8CAwEAAQ=="
+)
+_xmpp-client._tcp       IN      SRV     5 0 5222 ymir.yggdrasil.li.
+_xmpp-server._tcp       IN      SRV     5 0 5269 ymir.yggdrasil.li.
+_submission._tcp        IN      SRV     5 0 25 ymir.yggdrasil.li.
+_imap._tcp              IN      SRV     5 0 143 ymir.yggdrasil.li.
+_imaps._tcp             IN      SRV     5 0 993 ymir.yggdrasil.li.
diff --git a/hosts/surtr/dns/zones/li.141.soa b/hosts/surtr/dns/zones/li.141.soa
new file mode 100644
index 00000000..6f974439
--- /dev/null
+++ b/hosts/surtr/dns/zones/li.141.soa
@@ -0,0 +1,50 @@
+$ORIGIN 141.li.
+$TTL 3600
+@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. (
+  2021053001 ; serial
+  10800      ; refresh
+  3600       ; retry
+  604800     ; expire
+  3600       ; min TTL
+)
+                        IN      NS      ns.yggdrasil.li.
+                        IN      NS      ns.inwx.de.
+                        IN      NS      ns2.inwx.de.
+                        IN      NS      ns3.inwx.eu.
+@                       IN      A       188.68.51.254
+@                       IN      AAAA    2a03:4000:6:d004::
+@                       IN      MX      0 ymir.yggdrasil.li.
+@                       IN      TXT     "v=spf1 redirect=yggdrasil.li"
+*                       IN      A       188.68.51.254
+*                       IN      AAAA    2a03:4000:6:d004::
+*                       IN      MX      0 ymir.yggdrasil.li.
+*                       IN      TXT     "v=spf1 redirect=yggdrasil.li"
+surtr                   IN      A       202.61.241.61
+surtr                   IN      AAAA    2a03:4000:52:ada::
+surtr                   IN      MX      0 ymir.yggdrasil.li
+surtr                   IN      TXT     "v=spf1 redirect=ullr.yggdrasil.li"
+ymir                    IN      A       188.68.51.254
+ymir                    IN      AAAA    2a03:4000:6:d004::
+ymir                    IN      MX      0 ymir.yggdrasil.li
+ymir                    IN      TXT     "v=spf1 redirect=ymir.yggdrasil.li"
+_acme-challenge      30 IN      TXT     ""
+ymir._domainkey         IN      TXT     ( 
+  "v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq3cCKlk+VPhyAanLZTM0BCzUT/+fmxHioZcFk0uJk1akBYj7BRofR7eVNcLKpm3rwYMQgE+9vJH9p8SV6tws9EcWc8SMCqqGZlREYM7PmLDiTSK/vjCzkygfgFCb0EBNsY2A/fpP4rTeoxrbcBSvMkq97iY5rwyw4wXZVZXLiDaCj23s8POoxTk1ClqUJZJQ5x2"
+  "qzrC0RfN5kLZ9A7Gq2jB09vNxpXHYqABA0bJv88JiZM7hfkp9IafJZ+yCVMaBcJs4DAxnTjNAuFD9gm+qSFVY8+yeXqL6Qjo5PbruhyZRBW8RgRYT8t5n07XRglMGKKGMwOGLanrltcyXqB+GsDZBD36RAAwjFadnxdpDyRv4SgRP7ff2tKRrORYpmpN+mKdqw5j3J/nP6bXV1oAkyh9XQkPEIDi81WT87EZziTElDzVp6A2qFOxqucAovoRk24"
+  "7vlsns1FApFRsp9mja0UZNObyKD1M6tP9Ep7lS76tFGMk+WDvXRJH5LEsyCpu7sSyl1r/O0M4K+KldRCqLlZd7rf8F5P8T0dn1azk05g7F4p0N/y9GNdzXbPZ9u0eZdI7SEdh8ZoOZp7NVZiBFfbWLSS5ZtyA2kbBa4i7GJ/cuAbEKOmqAkeQPiu96TGIcyjkXjS6mTPI+9UmKZYZC+OM8XdJ02y5KRoonCc19ZS8CAwEAAQ=="
+)
+_xmpp-client._tcp       IN      SRV     5 0 5222 ymir.yggdrasil.li.
+_xmpp-server._tcp       IN      SRV     5 0 5269 ymir.yggdrasil.li.
+_infinoted._tcp         IN      SRV     5 0 6523 ymir.yggdrasil.li.
+_submission._tcp        IN      SRV     5 0 25 ymir.yggdrasil.li.
+_imap._tcp              IN      SRV     5 0 143 ymir.yggdrasil.li.
+_imaps._tcp             IN      SRV     5 0 993 ymir.yggdrasil.li.
diff --git a/hosts/surtr/dns/zones/li.kleen.soa b/hosts/surtr/dns/zones/li.kleen.soa
new file mode 100644
index 00000000..5a3d2a11
--- /dev/null
+++ b/hosts/surtr/dns/zones/li.kleen.soa
@@ -0,0 +1,40 @@
+$ORIGIN kleen.li.
+$TTL 3600
+@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. (
+  2021053001 ; serial
+  10800      ; refresh
+  3600       ; retry
+  604800     ; expire
+  3600       ; min TTL
+)
+                        IN      NS      ns.yggdrasil.li.
+                        IN      NS      ns.inwx.de.
+                        IN      NS      ns2.inwx.de.
+                        IN      NS      ns3.inwx.eu.
+@                       IN      A       188.68.51.254
+@                       IN      AAAA    2a03:4000:6:d004::
+@                       IN      MX      0 ymir.yggdrasil.li.
+@                       IN      TXT     "v=spf1 redirect=yggdrasil.li"
+*                       IN      A       188.68.51.254
+*                       IN      AAAA    2a03:4000:6:d004::
+*                       IN      MX      0 ymir.yggdrasil.li.
+*                       IN      TXT     "v=spf1 redirect=yggdrasil.li"
+_acme-challenge      30 IN      TXT     ""
+ymir._domainkey         IN      TXT     ( 
+  "v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq3cCKlk+VPhyAanLZTM0BCzUT/+fmxHioZcFk0uJk1akBYj7BRofR7eVNcLKpm3rwYMQgE+9vJH9p8SV6tws9EcWc8SMCqqGZlREYM7PmLDiTSK/vjCzkygfgFCb0EBNsY2A/fpP4rTeoxrbcBSvMkq97iY5rwyw4wXZVZXLiDaCj23s8POoxTk1ClqUJZJQ5x2"
+  "qzrC0RfN5kLZ9A7Gq2jB09vNxpXHYqABA0bJv88JiZM7hfkp9IafJZ+yCVMaBcJs4DAxnTjNAuFD9gm+qSFVY8+yeXqL6Qjo5PbruhyZRBW8RgRYT8t5n07XRglMGKKGMwOGLanrltcyXqB+GsDZBD36RAAwjFadnxdpDyRv4SgRP7ff2tKRrORYpmpN+mKdqw5j3J/nP6bXV1oAkyh9XQkPEIDi81WT87EZziTElDzVp6A2qFOxqucAovoRk24"
+  "7vlsns1FApFRsp9mja0UZNObyKD1M6tP9Ep7lS76tFGMk+WDvXRJH5LEsyCpu7sSyl1r/O0M4K+KldRCqLlZd7rf8F5P8T0dn1azk05g7F4p0N/y9GNdzXbPZ9u0eZdI7SEdh8ZoOZp7NVZiBFfbWLSS5ZtyA2kbBa4i7GJ/cuAbEKOmqAkeQPiu96TGIcyjkXjS6mTPI+9UmKZYZC+OM8XdJ02y5KRoonCc19ZS8CAwEAAQ=="
+)
+_xmpp-client._tcp       IN      SRV     5 0 5222 ymir.yggdrasil.li.
+_xmpp-server._tcp       IN      SRV     5 0 5269 ymir.yggdrasil.li.
+_infinoted._tcp         IN      SRV     5 0 6523 ymir.yggdrasil.li.
+_submission._tcp        IN      SRV     5 0 25 ymir.yggdrasil.li.
+_imap._tcp              IN      SRV     5 0 143 ymir.yggdrasil.li.
+_imaps._tcp             IN      SRV     5 0 993 ymir.yggdrasil.li.
diff --git a/hosts/surtr/dns/zones/li.xmpp.soa b/hosts/surtr/dns/zones/li.xmpp.soa
new file mode 100644
index 00000000..b123f4a5
--- /dev/null
+++ b/hosts/surtr/dns/zones/li.xmpp.soa
@@ -0,0 +1,40 @@
+$ORIGIN xmpp.li.
+$TTL 3600
+@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. (
+  2021053001 ; serial
+  10800      ; refresh
+  3600       ; retry
+  604800     ; expire
+  3600       ; min TTL
+)
+                        IN      NS      ns.yggdrasil.li.
+                        IN      NS      ns.inwx.de.
+                        IN      NS      ns2.inwx.de.
+                        IN      NS      ns3.inwx.eu.
+@                       IN      A       188.68.51.254
+@                       IN      AAAA    2a03:4000:6:d004::
+@                       IN      MX      0 ymir.yggdrasil.li.
+@                       IN      TXT     "v=spf1 redirect=yggdrasil.li"
+*                       IN      A       188.68.51.254
+*                       IN      AAAA    2a03:4000:6:d004::
+*                       IN      MX      0 ymir.yggdrasil.li.
+*                       IN      TXT     "v=spf1 redirect=yggdrasil.li"
+_acme-challenge      30 IN      TXT     ""
+ymir._domainkey         IN      TXT     ( 
+  "v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq3cCKlk+VPhyAanLZTM0BCzUT/+fmxHioZcFk0uJk1akBYj7BRofR7eVNcLKpm3rwYMQgE+9vJH9p8SV6tws9EcWc8SMCqqGZlREYM7PmLDiTSK/vjCzkygfgFCb0EBNsY2A/fpP4rTeoxrbcBSvMkq97iY5rwyw4wXZVZXLiDaCj23s8POoxTk1ClqUJZJQ5x2"
+  "qzrC0RfN5kLZ9A7Gq2jB09vNxpXHYqABA0bJv88JiZM7hfkp9IafJZ+yCVMaBcJs4DAxnTjNAuFD9gm+qSFVY8+yeXqL6Qjo5PbruhyZRBW8RgRYT8t5n07XRglMGKKGMwOGLanrltcyXqB+GsDZBD36RAAwjFadnxdpDyRv4SgRP7ff2tKRrORYpmpN+mKdqw5j3J/nP6bXV1oAkyh9XQkPEIDi81WT87EZziTElDzVp6A2qFOxqucAovoRk24"
+  "7vlsns1FApFRsp9mja0UZNObyKD1M6tP9Ep7lS76tFGMk+WDvXRJH5LEsyCpu7sSyl1r/O0M4K+KldRCqLlZd7rf8F5P8T0dn1azk05g7F4p0N/y9GNdzXbPZ9u0eZdI7SEdh8ZoOZp7NVZiBFfbWLSS5ZtyA2kbBa4i7GJ/cuAbEKOmqAkeQPiu96TGIcyjkXjS6mTPI+9UmKZYZC+OM8XdJ02y5KRoonCc19ZS8CAwEAAQ=="
+)
+_xmpp-client._tcp       IN      SRV     5 0 5222 ymir.yggdrasil.li.
+_xmpp-server._tcp       IN      SRV     5 0 5269 ymir.yggdrasil.li.
+_infinoted._tcp         IN      SRV     5 0 6523 ymir.yggdrasil.li.
+_submission._tcp        IN      SRV     5 0 25 ymir.yggdrasil.li.
+_imap._tcp              IN      SRV     5 0 143 ymir.yggdrasil.li.
+_imaps._tcp             IN      SRV     5 0 993 ymir.yggdrasil.li.
diff --git a/hosts/surtr/dns/zones/li.yggdrasil.soa b/hosts/surtr/dns/zones/li.yggdrasil.soa
new file mode 100644
index 00000000..a9b87b76
--- /dev/null
+++ b/hosts/surtr/dns/zones/li.yggdrasil.soa
@@ -0,0 +1,58 @@
+$ORIGIN yggdrasil.li.
+$TTL 3600
+@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. (
+  2021053000 ; serial
+  10800      ; refresh
+  3600       ; retry
+  604800     ; expire
+  3600       ; min TTL
+)
+                        IN      NS      ns.yggdrasil.li.
+                        IN      NS      ns.inwx.de.
+                        IN      NS      ns2.inwx.de.
+                        IN      NS      ns3.inwx.eu.
+ns                      IN      A       202.61.241.61
+ns                      IN      AAAA    2a03:4000:52:ada::
+@                       IN      A       188.68.51.254
+@                       IN      AAAA    2a03:4000:6:d004::
+@                       IN      MX      0 ymir.yggdrasil.li.
+@                       IN      TXT     "v=spf1 a:mailout.yggdrasil.li -all"
+*                       IN      A       188.68.51.254
+*                       IN      AAAA    2a03:4000:6:d004::
+*                       IN      MX      0 ymir.yggdrasil.li.
+*                       IN      TXT     "v=spf1 redirect=yggdrasil.li"
+ymir                    IN      A       188.68.51.254
+ymir                    IN      AAAA    2a03:4000:6:d004::
+ymir                    IN      MX      0 ymir.yggdrasil.li.
+ymir                    IN      TXT     "v=spf1 redirect=yggdrasil.li"
+surtr                   IN      A       202.61.241.61
+surtr                   IN      AAAA    2a03:4000:52:ada::
+surtr                   IN      MX      0 ymir.yggdrasil.li
+surtr                   IN      TXT     "v=spf1 redirect=ullr.yggdrasil.li"
+mailout                 IN      A       188.68.51.254
+mailout                 IN      AAAA    2a03:4000:6:d004::
+mailout                 IN      MX      0 ymir.yggdrasil.li
+mailout                 IN      TXT     "v=spf1 redirect=yggdrasil.li"
+_acme-challenge      30 IN      TXT     ""
+ymir._domainkey         IN      TXT     ( 
+  "v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq3cCKlk+VPhyAanLZTM0BCzUT/+fmxHioZcFk0uJk1akBYj7BRofR7eVNcLKpm3rwYMQgE+9vJH9p8SV6tws9EcWc8SMCqqGZlREYM7PmLDiTSK/vjCzkygfgFCb0EBNsY2A/fpP4rTeoxrbcBSvMkq97iY5rwyw4wXZVZXLiDaCj23s8POoxTk1ClqUJZJQ5x2"
+  "qzrC0RfN5kLZ9A7Gq2jB09vNxpXHYqABA0bJv88JiZM7hfkp9IafJZ+yCVMaBcJs4DAxnTjNAuFD9gm+qSFVY8+yeXqL6Qjo5PbruhyZRBW8RgRYT8t5n07XRglMGKKGMwOGLanrltcyXqB+GsDZBD36RAAwjFadnxdpDyRv4SgRP7ff2tKRrORYpmpN+mKdqw5j3J/nP6bXV1oAkyh9XQkPEIDi81WT87EZziTElDzVp6A2qFOxqucAovoRk24"
+  "7vlsns1FApFRsp9mja0UZNObyKD1M6tP9Ep7lS76tFGMk+WDvXRJH5LEsyCpu7sSyl1r/O0M4K+KldRCqLlZd7rf8F5P8T0dn1azk05g7F4p0N/y9GNdzXbPZ9u0eZdI7SEdh8ZoOZp7NVZiBFfbWLSS5ZtyA2kbBa4i7GJ/cuAbEKOmqAkeQPiu96TGIcyjkXjS6mTPI+9UmKZYZC+OM8XdJ02y5KRoonCc19ZS8CAwEAAQ=="
+)
+_xmpp-client._tcp       IN      SRV     5 0 5222 ymir.yggdrasil.li.
+_xmpp-server._tcp       IN      SRV     5 0 5269 ymir.yggdrasil.li.
+_infinoted._tcp         IN      SRV     5 0 6523 ymir.yggdrasil.li.
+_submission._tcp        IN      SRV     5 0 25 ymir.yggdrasil.li.
+_imap._tcp              IN      SRV     5 0 143 ymir.yggdrasil.li.
+_imaps._tcp             IN      SRV     5 0 993 ymir.yggdrasil.li.
diff --git a/hosts/surtr/dns/zones/org.dirty-haskell.soa b/hosts/surtr/dns/zones/org.dirty-haskell.soa
new file mode 100644
index 00000000..74aed5fd
--- /dev/null
+++ b/hosts/surtr/dns/zones/org.dirty-haskell.soa
@@ -0,0 +1,32 @@
+$ORIGIN dirty-haskell.org.
+$TTL 3600
+@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. (
+  2021053001 ; serial
+  10800      ; refresh
+  3600       ; retry
+  604800     ; expire
+  3600       ; min TTL
+)
+                        IN      NS      ns.yggdrasil.li.
+                        IN      NS      ns.inwx.de.
+                        IN      NS      ns2.inwx.de.
+                        IN      NS      ns3.inwx.eu.
+@                       IN      A       188.68.51.254
+@                       IN      AAAA    2a03:4000:6:d004::
+@                       IN      MX      10 ymir.yggdrasil.li.
+@                       IN      TXT     "v=spf1 redirect=yggdrasil.li"
+*                       IN      A       188.68.51.254
+*                       IN      AAAA    2a03:4000:6:d004::
+*                       IN      MX      0 ymir.yggdrasil.li.
+*                       IN      TXT     "v=spf1 redirect=yggdrasil.li"
+_acme-challenge      30 IN      TXT     ""
+ymir._domainkey         IN      TXT     ( 
+  "v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq3cCKlk+VPhyAanLZTM0BCzUT/+fmxHioZcFk0uJk1akBYj7BRofR7eVNcLKpm3rwYMQgE+9vJH9p8SV6tws9EcWc8SMCqqGZlREYM7PmLDiTSK/vjCzkygfgFCb0EBNsY2A/fpP4rTeoxrbcBSvMkq97iY5rwyw4wXZVZXLiDaCj23s8POoxTk1ClqUJZJQ5x2"
+  "qzrC0RfN5kLZ9A7Gq2jB09vNxpXHYqABA0bJv88JiZM7hfkp9IafJZ+yCVMaBcJs4DAxnTjNAuFD9gm+qSFVY8+yeXqL6Qjo5PbruhyZRBW8RgRYT8t5n07XRglMGKKGMwOGLanrltcyXqB+GsDZBD36RAAwjFadnxdpDyRv4SgRP7ff2tKRrORYpmpN+mKdqw5j3J/nP6bXV1oAkyh9XQkPEIDi81WT87EZziTElDzVp6A2qFOxqucAovoRk24"
+  "7vlsns1FApFRsp9mja0UZNObyKD1M6tP9Ep7lS76tFGMk+WDvXRJH5LEsyCpu7sSyl1r/O0M4K+KldRCqLlZd7rf8F5P8T0dn1azk05g7F4p0N/y9GNdzXbPZ9u0eZdI7SEdh8ZoOZp7NVZiBFfbWLSS5ZtyA2kbBa4i7GJ/cuAbEKOmqAkeQPiu96TGIcyjkXjS6mTPI+9UmKZYZC+OM8XdJ02y5KRoonCc19ZS8CAwEAAQ=="
+)
diff --git a/hosts/surtr/dns/zones/org.praseodym.soa b/hosts/surtr/dns/zones/org.praseodym.soa
new file mode 100644
index 00000000..6f2c676f
--- /dev/null
+++ b/hosts/surtr/dns/zones/org.praseodym.soa
@@ -0,0 +1,45 @@
+$ORIGIN praseodym.org.
+$TTL 3600
+@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. (
+  2021053000 ; serial
+  10800      ; refresh
+  3600       ; retry
+  604800     ; expire
+  3600       ; min TTL
+)
+                        IN      NS      ns.yggdrasil.li.
+                        IN      NS      ns.inwx.de.
+                        IN      NS      ns2.inwx.de.
+                        IN      NS      ns3.inwx.eu.
+@                       IN      A       188.68.51.254
+@                       IN      AAAA    2a03:4000:6:d004::
+@                       IN      MX      0 ymir.yggdrasil.li.
+@                       IN      TXT     "v=spf1 redirect=yggdrasil.li"
+*                       IN      A       188.68.51.254
+*                       IN      AAAA    2a03:4000:6:d004::
+*                       IN      MX      0 ymir.yggdrasil.li.
+*                       IN      TXT     "v=spf1 redirect=yggdrasil.li"
+surtr                   IN      A       202.61.241.61
+surtr                   IN      AAAA    2a03:4000:52:ada::
+surtr                   IN      MX      0 ymir.yggdrasil.li
+surtr                   IN      TXT     "v=spf1 redirect=ullr.yggdrasil.li"
+_acme-challenge      30 IN      TXT     ""
+ymir._domainkey         IN      TXT     ( 
+  "v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq3cCKlk+VPhyAanLZTM0BCzUT/+fmxHioZcFk0uJk1akBYj7BRofR7eVNcLKpm3rwYMQgE+9vJH9p8SV6tws9EcWc8SMCqqGZlREYM7PmLDiTSK/vjCzkygfgFCb0EBNsY2A/fpP4rTeoxrbcBSvMkq97iY5rwyw4wXZVZXLiDaCj23s8POoxTk1ClqUJZJQ5x2"
+  "qzrC0RfN5kLZ9A7Gq2jB09vNxpXHYqABA0bJv88JiZM7hfkp9IafJZ+yCVMaBcJs4DAxnTjNAuFD9gm+qSFVY8+yeXqL6Qjo5PbruhyZRBW8RgRYT8t5n07XRglMGKKGMwOGLanrltcyXqB+GsDZBD36RAAwjFadnxdpDyRv4SgRP7ff2tKRrORYpmpN+mKdqw5j3J/nP6bXV1oAkyh9XQkPEIDi81WT87EZziTElDzVp6A2qFOxqucAovoRk24"
+  "7vlsns1FApFRsp9mja0UZNObyKD1M6tP9Ep7lS76tFGMk+WDvXRJH5LEsyCpu7sSyl1r/O0M4K+KldRCqLlZd7rf8F5P8T0dn1azk05g7F4p0N/y9GNdzXbPZ9u0eZdI7SEdh8ZoOZp7NVZiBFfbWLSS5ZtyA2kbBa4i7GJ/cuAbEKOmqAkeQPiu96TGIcyjkXjS6mTPI+9UmKZYZC+OM8XdJ02y5KRoonCc19ZS8CAwEAAQ=="
+)
+_xmpp-client._tcp       IN      SRV     5 0 5222 ymir.yggdrasil.li.
+_xmpp-server._tcp       IN      SRV     5 0 5269 ymir.yggdrasil.li.
+_infinoted._tcp         IN      SRV     5 0 6523 ymir.yggdrasil.li.
+_submission._tcp        IN      SRV     5 0 25 ymir.yggdrasil.li.
+_imap._tcp              IN      SRV     5 0 143 ymir.yggdrasil.li.
+_imaps._tcp             IN      SRV     5 0 993 ymir.yggdrasil.li.
diff --git a/hosts/surtr/dns/zones/org.rheperire.soa b/hosts/surtr/dns/zones/org.rheperire.soa
new file mode 100644
index 00000000..43b1e862
--- /dev/null
+++ b/hosts/surtr/dns/zones/org.rheperire.soa
@@ -0,0 +1,25 @@
+$ORIGIN rheperire.org.
+$TTL 3600
+@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. (
+  2021053010 ; serial
+  10800      ; refresh
+  3600       ; retry
+  604800     ; expire
+  3600       ; min TTL
+)
+                        IN      NS      ns.yggdrasil.li.
+                        IN      NS      ns.inwx.de.
+                        IN      NS      ns2.inwx.de.
+                        IN      NS      ns3.inwx.eu.
+@                       IN      A       188.68.51.254
+@                       IN      AAAA    2a03:4000:6:d004::
+@                       IN      MX      0 ymir.yggdrasil.li.
+@                       IN      TXT     "v=spf1 redirect=yggdrasil.li"
+*                       IN      A       188.68.51.254
+*                       IN      AAAA    2a03:4000:6:d004::
+*                       IN      MX      0 ymir.yggdrasil.li.
+*                       IN      TXT     "v=spf1 redirect=yggdrasil.li"
+_acme-challenge      30 IN      TXT     ""

diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix new file mode 100644 index 00000000..ce909b72 --- /dev/null +++ b/hosts/surtr/dns/default.nix
@@ -0,0 +1,92 @@
	1	{...}:
	2	{
	3	config = {
	4	fileSystems."/var/lib/knot" =
	5	{ device = "surtr/safe/var-lib-knot";
	6	fsType = "zfs";
	7	};
	8
	9	systemd.services.knot.unitConfig.RequiresMountsFor = [ "/var/lib/knot" ];
	10
	11	networking.firewall = {
	12	allowedTCPPorts = [
	13	53 # DNS
	14	];
	15	allowedUDPPorts = [
	16	53 # DNS
	17	];
	18	};
	19
	20	services.knot = {
	21	enable = true;
	22	extraConfig = ''
	23	server:
	24	listen: 127.0.0.1@53
	25	listen: ::1@53
	26	listen: 202.61.241.61@53
	27	listen: 2a03:4000:52:ada::@53
	28
	29	remote:
	30	- id: inwx_notify
	31	address: 185.181.104.96@53
	32
	33	acl:
	34	- id: inwx_acl
	35	address: 185.181.104.96
	36	action: transfer
	37
	38	template:
	39	- id: inwx_zone
	40	storage: /var/lib/knot
	41	zonefile-sync: -1
	42	zonefile-load: difference-no-serial
	43	serial-policy: dateserial
	44	journal-content: all
	45	semantic-checks: on
	46	dnssec-signing: on
	47	notify: [inwx_notify]
	48	acl: [inwx_acl]
	49
	50	policy:
	51	- id: rsa
	52	algorithm: rsasha256
	53	ksk-size: 4096
	54	zsk-size: 2048
	55	zsk-lifetime: 30d
	56
	57	zone:
	58	- domain: yggdrasil.li
	59	template: inwx_zone
	60	file: ${./zones/li.yggdrasil.soa}
	61
	62	- domain: nights.email
	63	template: inwx_zone
	64	file: ${./zones/email.nights.soa}
	65
	66	- domain: 141.li
	67	template: inwx_zone
	68	file: ${./zones/li.141.soa}
	69
	70	- domain: kleen.li
	71	template: inwx_zone
	72	file: ${./zones/li.kleen.soa}
	73
	74	- domain: xmpp.li
	75	template: inwx_zone
	76	file: ${./zones/li.xmpp.soa}
	77
	78	- domain: dirty-haskell.org
	79	template: inwx_zone
	80	file: ${./zones/org.dirty-haskell.soa}
	81
	82	- domain: praseodym.org
	83	template: inwx_zone
	84	file: ${./zones/org.praseodym.soa}
	85
	86	- domain: rheperire.org
	87	template: inwx_zone
	88	file: ${./zones/org.rheperire.soa}
	89	'';
	90	};
	91	};
	92	}


diff --git a/hosts/surtr/dns/zones/email.nights.soa b/hosts/surtr/dns/zones/email.nights.soa new file mode 100644 index 00000000..e0589dd3 --- /dev/null +++ b/hosts/surtr/dns/zones/email.nights.soa
@@ -0,0 +1,38 @@
	1	$ORIGIN nights.email.
	2	$TTL 3600
	3	@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. (
	4	2021053002 ; serial
	5	10800 ; refresh
	6	3600 ; retry
	7	604800 ; expire
	8	3600 ; min TTL
	9	)
	10	IN NS ns.yggdrasil.li.
	11	IN NS ns.inwx.de.
	12	IN NS ns2.inwx.de.
	13	IN NS ns3.inwx.eu.
	14
	15	@ IN A 188.68.51.254
	16	@ IN AAAA 2a03:4000:6:d004::
	17	@ IN MX 0 ymir.yggdrasil.li.
	18	@ IN TXT "v=spf1 redirect=yggdrasil.li"
	19
	20	* IN A 188.68.51.254
	21	* IN AAAA 2a03:4000:6:d004::
	22	* IN MX 0 ymir.yggdrasil.li.
	23	* IN TXT "v=spf1 redirect=yggdrasil.li"
	24
	25	_acme-challenge 30 IN TXT ""
	26
	27	ymir._domainkey IN TXT (
	28	"v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq3cCKlk+VPhyAanLZTM0BCzUT/+fmxHioZcFk0uJk1akBYj7BRofR7eVNcLKpm3rwYMQgE+9vJH9p8SV6tws9EcWc8SMCqqGZlREYM7PmLDiTSK/vjCzkygfgFCb0EBNsY2A/fpP4rTeoxrbcBSvMkq97iY5rwyw4wXZVZXLiDaCj23s8POoxTk1ClqUJZJQ5x2"
	29	"qzrC0RfN5kLZ9A7Gq2jB09vNxpXHYqABA0bJv88JiZM7hfkp9IafJZ+yCVMaBcJs4DAxnTjNAuFD9gm+qSFVY8+yeXqL6Qjo5PbruhyZRBW8RgRYT8t5n07XRglMGKKGMwOGLanrltcyXqB+GsDZBD36RAAwjFadnxdpDyRv4SgRP7ff2tKRrORYpmpN+mKdqw5j3J/nP6bXV1oAkyh9XQkPEIDi81WT87EZziTElDzVp6A2qFOxqucAovoRk24"
	30	"7vlsns1FApFRsp9mja0UZNObyKD1M6tP9Ep7lS76tFGMk+WDvXRJH5LEsyCpu7sSyl1r/O0M4K+KldRCqLlZd7rf8F5P8T0dn1azk05g7F4p0N/y9GNdzXbPZ9u0eZdI7SEdh8ZoOZp7NVZiBFfbWLSS5ZtyA2kbBa4i7GJ/cuAbEKOmqAkeQPiu96TGIcyjkXjS6mTPI+9UmKZYZC+OM8XdJ02y5KRoonCc19ZS8CAwEAAQ=="
	31	)
	32
	33	_xmpp-client._tcp IN SRV 5 0 5222 ymir.yggdrasil.li.
	34	_xmpp-server._tcp IN SRV 5 0 5269 ymir.yggdrasil.li.
	35
	36	_submission._tcp IN SRV 5 0 25 ymir.yggdrasil.li.
	37	_imap._tcp IN SRV 5 0 143 ymir.yggdrasil.li.
	38	_imaps._tcp IN SRV 5 0 993 ymir.yggdrasil.li.


diff --git a/hosts/surtr/dns/zones/li.141.soa b/hosts/surtr/dns/zones/li.141.soa new file mode 100644 index 00000000..6f974439 --- /dev/null +++ b/hosts/surtr/dns/zones/li.141.soa
@@ -0,0 +1,50 @@
	1	$ORIGIN 141.li.
	2	$TTL 3600
	3	@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. (
	4	2021053001 ; serial
	5	10800 ; refresh
	6	3600 ; retry
	7	604800 ; expire
	8	3600 ; min TTL
	9	)
	10	IN NS ns.yggdrasil.li.
	11	IN NS ns.inwx.de.
	12	IN NS ns2.inwx.de.
	13	IN NS ns3.inwx.eu.
	14
	15	@ IN A 188.68.51.254
	16	@ IN AAAA 2a03:4000:6:d004::
	17	@ IN MX 0 ymir.yggdrasil.li.
	18	@ IN TXT "v=spf1 redirect=yggdrasil.li"
	19
	20	* IN A 188.68.51.254
	21	* IN AAAA 2a03:4000:6:d004::
	22	* IN MX 0 ymir.yggdrasil.li.
	23	* IN TXT "v=spf1 redirect=yggdrasil.li"
	24
	25	surtr IN A 202.61.241.61
	26	surtr IN AAAA 2a03:4000:52:ada::
	27	surtr IN MX 0 ymir.yggdrasil.li
	28	surtr IN TXT "v=spf1 redirect=ullr.yggdrasil.li"
	29
	30	ymir IN A 188.68.51.254
	31	ymir IN AAAA 2a03:4000:6:d004::
	32	ymir IN MX 0 ymir.yggdrasil.li
	33	ymir IN TXT "v=spf1 redirect=ymir.yggdrasil.li"
	34
	35	_acme-challenge 30 IN TXT ""
	36
	37	ymir._domainkey IN TXT (
	38	"v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq3cCKlk+VPhyAanLZTM0BCzUT/+fmxHioZcFk0uJk1akBYj7BRofR7eVNcLKpm3rwYMQgE+9vJH9p8SV6tws9EcWc8SMCqqGZlREYM7PmLDiTSK/vjCzkygfgFCb0EBNsY2A/fpP4rTeoxrbcBSvMkq97iY5rwyw4wXZVZXLiDaCj23s8POoxTk1ClqUJZJQ5x2"
	39	"qzrC0RfN5kLZ9A7Gq2jB09vNxpXHYqABA0bJv88JiZM7hfkp9IafJZ+yCVMaBcJs4DAxnTjNAuFD9gm+qSFVY8+yeXqL6Qjo5PbruhyZRBW8RgRYT8t5n07XRglMGKKGMwOGLanrltcyXqB+GsDZBD36RAAwjFadnxdpDyRv4SgRP7ff2tKRrORYpmpN+mKdqw5j3J/nP6bXV1oAkyh9XQkPEIDi81WT87EZziTElDzVp6A2qFOxqucAovoRk24"
	40	"7vlsns1FApFRsp9mja0UZNObyKD1M6tP9Ep7lS76tFGMk+WDvXRJH5LEsyCpu7sSyl1r/O0M4K+KldRCqLlZd7rf8F5P8T0dn1azk05g7F4p0N/y9GNdzXbPZ9u0eZdI7SEdh8ZoOZp7NVZiBFfbWLSS5ZtyA2kbBa4i7GJ/cuAbEKOmqAkeQPiu96TGIcyjkXjS6mTPI+9UmKZYZC+OM8XdJ02y5KRoonCc19ZS8CAwEAAQ=="
	41	)
	42
	43	_xmpp-client._tcp IN SRV 5 0 5222 ymir.yggdrasil.li.
	44	_xmpp-server._tcp IN SRV 5 0 5269 ymir.yggdrasil.li.
	45
	46	_infinoted._tcp IN SRV 5 0 6523 ymir.yggdrasil.li.
	47
	48	_submission._tcp IN SRV 5 0 25 ymir.yggdrasil.li.
	49	_imap._tcp IN SRV 5 0 143 ymir.yggdrasil.li.
	50	_imaps._tcp IN SRV 5 0 993 ymir.yggdrasil.li.


diff --git a/hosts/surtr/dns/zones/li.kleen.soa b/hosts/surtr/dns/zones/li.kleen.soa new file mode 100644 index 00000000..5a3d2a11 --- /dev/null +++ b/hosts/surtr/dns/zones/li.kleen.soa
@@ -0,0 +1,40 @@
	1	$ORIGIN kleen.li.
	2	$TTL 3600
	3	@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. (
	4	2021053001 ; serial
	5	10800 ; refresh
	6	3600 ; retry
	7	604800 ; expire
	8	3600 ; min TTL
	9	)
	10	IN NS ns.yggdrasil.li.
	11	IN NS ns.inwx.de.
	12	IN NS ns2.inwx.de.
	13	IN NS ns3.inwx.eu.
	14
	15	@ IN A 188.68.51.254
	16	@ IN AAAA 2a03:4000:6:d004::
	17	@ IN MX 0 ymir.yggdrasil.li.
	18	@ IN TXT "v=spf1 redirect=yggdrasil.li"
	19
	20	* IN A 188.68.51.254
	21	* IN AAAA 2a03:4000:6:d004::
	22	* IN MX 0 ymir.yggdrasil.li.
	23	* IN TXT "v=spf1 redirect=yggdrasil.li"
	24
	25	_acme-challenge 30 IN TXT ""
	26
	27	ymir._domainkey IN TXT (
	28	"v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq3cCKlk+VPhyAanLZTM0BCzUT/+fmxHioZcFk0uJk1akBYj7BRofR7eVNcLKpm3rwYMQgE+9vJH9p8SV6tws9EcWc8SMCqqGZlREYM7PmLDiTSK/vjCzkygfgFCb0EBNsY2A/fpP4rTeoxrbcBSvMkq97iY5rwyw4wXZVZXLiDaCj23s8POoxTk1ClqUJZJQ5x2"
	29	"qzrC0RfN5kLZ9A7Gq2jB09vNxpXHYqABA0bJv88JiZM7hfkp9IafJZ+yCVMaBcJs4DAxnTjNAuFD9gm+qSFVY8+yeXqL6Qjo5PbruhyZRBW8RgRYT8t5n07XRglMGKKGMwOGLanrltcyXqB+GsDZBD36RAAwjFadnxdpDyRv4SgRP7ff2tKRrORYpmpN+mKdqw5j3J/nP6bXV1oAkyh9XQkPEIDi81WT87EZziTElDzVp6A2qFOxqucAovoRk24"
	30	"7vlsns1FApFRsp9mja0UZNObyKD1M6tP9Ep7lS76tFGMk+WDvXRJH5LEsyCpu7sSyl1r/O0M4K+KldRCqLlZd7rf8F5P8T0dn1azk05g7F4p0N/y9GNdzXbPZ9u0eZdI7SEdh8ZoOZp7NVZiBFfbWLSS5ZtyA2kbBa4i7GJ/cuAbEKOmqAkeQPiu96TGIcyjkXjS6mTPI+9UmKZYZC+OM8XdJ02y5KRoonCc19ZS8CAwEAAQ=="
	31	)
	32
	33	_xmpp-client._tcp IN SRV 5 0 5222 ymir.yggdrasil.li.
	34	_xmpp-server._tcp IN SRV 5 0 5269 ymir.yggdrasil.li.
	35
	36	_infinoted._tcp IN SRV 5 0 6523 ymir.yggdrasil.li.
	37
	38	_submission._tcp IN SRV 5 0 25 ymir.yggdrasil.li.
	39	_imap._tcp IN SRV 5 0 143 ymir.yggdrasil.li.
	40	_imaps._tcp IN SRV 5 0 993 ymir.yggdrasil.li.


diff --git a/hosts/surtr/dns/zones/li.xmpp.soa b/hosts/surtr/dns/zones/li.xmpp.soa new file mode 100644 index 00000000..b123f4a5 --- /dev/null +++ b/hosts/surtr/dns/zones/li.xmpp.soa
@@ -0,0 +1,40 @@
	1	$ORIGIN xmpp.li.
	2	$TTL 3600
	3	@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. (
	4	2021053001 ; serial
	5	10800 ; refresh
	6	3600 ; retry
	7	604800 ; expire
	8	3600 ; min TTL
	9	)
	10	IN NS ns.yggdrasil.li.
	11	IN NS ns.inwx.de.
	12	IN NS ns2.inwx.de.
	13	IN NS ns3.inwx.eu.
	14
	15	@ IN A 188.68.51.254
	16	@ IN AAAA 2a03:4000:6:d004::
	17	@ IN MX 0 ymir.yggdrasil.li.
	18	@ IN TXT "v=spf1 redirect=yggdrasil.li"
	19
	20	* IN A 188.68.51.254
	21	* IN AAAA 2a03:4000:6:d004::
	22	* IN MX 0 ymir.yggdrasil.li.
	23	* IN TXT "v=spf1 redirect=yggdrasil.li"
	24
	25	_acme-challenge 30 IN TXT ""
	26
	27	ymir._domainkey IN TXT (
	28	"v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq3cCKlk+VPhyAanLZTM0BCzUT/+fmxHioZcFk0uJk1akBYj7BRofR7eVNcLKpm3rwYMQgE+9vJH9p8SV6tws9EcWc8SMCqqGZlREYM7PmLDiTSK/vjCzkygfgFCb0EBNsY2A/fpP4rTeoxrbcBSvMkq97iY5rwyw4wXZVZXLiDaCj23s8POoxTk1ClqUJZJQ5x2"
	29	"qzrC0RfN5kLZ9A7Gq2jB09vNxpXHYqABA0bJv88JiZM7hfkp9IafJZ+yCVMaBcJs4DAxnTjNAuFD9gm+qSFVY8+yeXqL6Qjo5PbruhyZRBW8RgRYT8t5n07XRglMGKKGMwOGLanrltcyXqB+GsDZBD36RAAwjFadnxdpDyRv4SgRP7ff2tKRrORYpmpN+mKdqw5j3J/nP6bXV1oAkyh9XQkPEIDi81WT87EZziTElDzVp6A2qFOxqucAovoRk24"
	30	"7vlsns1FApFRsp9mja0UZNObyKD1M6tP9Ep7lS76tFGMk+WDvXRJH5LEsyCpu7sSyl1r/O0M4K+KldRCqLlZd7rf8F5P8T0dn1azk05g7F4p0N/y9GNdzXbPZ9u0eZdI7SEdh8ZoOZp7NVZiBFfbWLSS5ZtyA2kbBa4i7GJ/cuAbEKOmqAkeQPiu96TGIcyjkXjS6mTPI+9UmKZYZC+OM8XdJ02y5KRoonCc19ZS8CAwEAAQ=="
	31	)
	32
	33	_xmpp-client._tcp IN SRV 5 0 5222 ymir.yggdrasil.li.
	34	_xmpp-server._tcp IN SRV 5 0 5269 ymir.yggdrasil.li.
	35
	36	_infinoted._tcp IN SRV 5 0 6523 ymir.yggdrasil.li.
	37
	38	_submission._tcp IN SRV 5 0 25 ymir.yggdrasil.li.
	39	_imap._tcp IN SRV 5 0 143 ymir.yggdrasil.li.
	40	_imaps._tcp IN SRV 5 0 993 ymir.yggdrasil.li.


diff --git a/hosts/surtr/dns/zones/li.yggdrasil.soa b/hosts/surtr/dns/zones/li.yggdrasil.soa new file mode 100644 index 00000000..a9b87b76 --- /dev/null +++ b/hosts/surtr/dns/zones/li.yggdrasil.soa
@@ -0,0 +1,58 @@
	1	$ORIGIN yggdrasil.li.
	2	$TTL 3600
	3	@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. (
	4	2021053000 ; serial
	5	10800 ; refresh
	6	3600 ; retry
	7	604800 ; expire
	8	3600 ; min TTL
	9	)
	10	IN NS ns.yggdrasil.li.
	11	IN NS ns.inwx.de.
	12	IN NS ns2.inwx.de.
	13	IN NS ns3.inwx.eu.
	14
	15	ns IN A 202.61.241.61
	16	ns IN AAAA 2a03:4000:52:ada::
	17
	18	@ IN A 188.68.51.254
	19	@ IN AAAA 2a03:4000:6:d004::
	20	@ IN MX 0 ymir.yggdrasil.li.
	21	@ IN TXT "v=spf1 a:mailout.yggdrasil.li -all"
	22
	23	* IN A 188.68.51.254
	24	* IN AAAA 2a03:4000:6:d004::
	25	* IN MX 0 ymir.yggdrasil.li.
	26	* IN TXT "v=spf1 redirect=yggdrasil.li"
	27
	28	ymir IN A 188.68.51.254
	29	ymir IN AAAA 2a03:4000:6:d004::
	30	ymir IN MX 0 ymir.yggdrasil.li.
	31	ymir IN TXT "v=spf1 redirect=yggdrasil.li"
	32
	33	surtr IN A 202.61.241.61
	34	surtr IN AAAA 2a03:4000:52:ada::
	35	surtr IN MX 0 ymir.yggdrasil.li
	36	surtr IN TXT "v=spf1 redirect=ullr.yggdrasil.li"
	37
	38	mailout IN A 188.68.51.254
	39	mailout IN AAAA 2a03:4000:6:d004::
	40	mailout IN MX 0 ymir.yggdrasil.li
	41	mailout IN TXT "v=spf1 redirect=yggdrasil.li"
	42
	43	_acme-challenge 30 IN TXT ""
	44
	45	ymir._domainkey IN TXT (
	46	"v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq3cCKlk+VPhyAanLZTM0BCzUT/+fmxHioZcFk0uJk1akBYj7BRofR7eVNcLKpm3rwYMQgE+9vJH9p8SV6tws9EcWc8SMCqqGZlREYM7PmLDiTSK/vjCzkygfgFCb0EBNsY2A/fpP4rTeoxrbcBSvMkq97iY5rwyw4wXZVZXLiDaCj23s8POoxTk1ClqUJZJQ5x2"
	47	"qzrC0RfN5kLZ9A7Gq2jB09vNxpXHYqABA0bJv88JiZM7hfkp9IafJZ+yCVMaBcJs4DAxnTjNAuFD9gm+qSFVY8+yeXqL6Qjo5PbruhyZRBW8RgRYT8t5n07XRglMGKKGMwOGLanrltcyXqB+GsDZBD36RAAwjFadnxdpDyRv4SgRP7ff2tKRrORYpmpN+mKdqw5j3J/nP6bXV1oAkyh9XQkPEIDi81WT87EZziTElDzVp6A2qFOxqucAovoRk24"
	48	"7vlsns1FApFRsp9mja0UZNObyKD1M6tP9Ep7lS76tFGMk+WDvXRJH5LEsyCpu7sSyl1r/O0M4K+KldRCqLlZd7rf8F5P8T0dn1azk05g7F4p0N/y9GNdzXbPZ9u0eZdI7SEdh8ZoOZp7NVZiBFfbWLSS5ZtyA2kbBa4i7GJ/cuAbEKOmqAkeQPiu96TGIcyjkXjS6mTPI+9UmKZYZC+OM8XdJ02y5KRoonCc19ZS8CAwEAAQ=="
	49	)
	50
	51	_xmpp-client._tcp IN SRV 5 0 5222 ymir.yggdrasil.li.
	52	_xmpp-server._tcp IN SRV 5 0 5269 ymir.yggdrasil.li.
	53
	54	_infinoted._tcp IN SRV 5 0 6523 ymir.yggdrasil.li.
	55
	56	_submission._tcp IN SRV 5 0 25 ymir.yggdrasil.li.
	57	_imap._tcp IN SRV 5 0 143 ymir.yggdrasil.li.
	58	_imaps._tcp IN SRV 5 0 993 ymir.yggdrasil.li.


diff --git a/hosts/surtr/dns/zones/org.dirty-haskell.soa b/hosts/surtr/dns/zones/org.dirty-haskell.soa new file mode 100644 index 00000000..74aed5fd --- /dev/null +++ b/hosts/surtr/dns/zones/org.dirty-haskell.soa
@@ -0,0 +1,32 @@
	1	$ORIGIN dirty-haskell.org.
	2	$TTL 3600
	3	@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. (
	4	2021053001 ; serial
	5	10800 ; refresh
	6	3600 ; retry
	7	604800 ; expire
	8	3600 ; min TTL
	9	)
	10	IN NS ns.yggdrasil.li.
	11	IN NS ns.inwx.de.
	12	IN NS ns2.inwx.de.
	13	IN NS ns3.inwx.eu.
	14
	15
	16	@ IN A 188.68.51.254
	17	@ IN AAAA 2a03:4000:6:d004::
	18	@ IN MX 10 ymir.yggdrasil.li.
	19	@ IN TXT "v=spf1 redirect=yggdrasil.li"
	20
	21	* IN A 188.68.51.254
	22	* IN AAAA 2a03:4000:6:d004::
	23	* IN MX 0 ymir.yggdrasil.li.
	24	* IN TXT "v=spf1 redirect=yggdrasil.li"
	25
	26	_acme-challenge 30 IN TXT ""
	27
	28	ymir._domainkey IN TXT (
	29	"v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq3cCKlk+VPhyAanLZTM0BCzUT/+fmxHioZcFk0uJk1akBYj7BRofR7eVNcLKpm3rwYMQgE+9vJH9p8SV6tws9EcWc8SMCqqGZlREYM7PmLDiTSK/vjCzkygfgFCb0EBNsY2A/fpP4rTeoxrbcBSvMkq97iY5rwyw4wXZVZXLiDaCj23s8POoxTk1ClqUJZJQ5x2"
	30	"qzrC0RfN5kLZ9A7Gq2jB09vNxpXHYqABA0bJv88JiZM7hfkp9IafJZ+yCVMaBcJs4DAxnTjNAuFD9gm+qSFVY8+yeXqL6Qjo5PbruhyZRBW8RgRYT8t5n07XRglMGKKGMwOGLanrltcyXqB+GsDZBD36RAAwjFadnxdpDyRv4SgRP7ff2tKRrORYpmpN+mKdqw5j3J/nP6bXV1oAkyh9XQkPEIDi81WT87EZziTElDzVp6A2qFOxqucAovoRk24"
	31	"7vlsns1FApFRsp9mja0UZNObyKD1M6tP9Ep7lS76tFGMk+WDvXRJH5LEsyCpu7sSyl1r/O0M4K+KldRCqLlZd7rf8F5P8T0dn1azk05g7F4p0N/y9GNdzXbPZ9u0eZdI7SEdh8ZoOZp7NVZiBFfbWLSS5ZtyA2kbBa4i7GJ/cuAbEKOmqAkeQPiu96TGIcyjkXjS6mTPI+9UmKZYZC+OM8XdJ02y5KRoonCc19ZS8CAwEAAQ=="
	32	)


diff --git a/hosts/surtr/dns/zones/org.praseodym.soa b/hosts/surtr/dns/zones/org.praseodym.soa new file mode 100644 index 00000000..6f2c676f --- /dev/null +++ b/hosts/surtr/dns/zones/org.praseodym.soa
@@ -0,0 +1,45 @@
	1	$ORIGIN praseodym.org.
	2	$TTL 3600
	3	@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. (
	4	2021053000 ; serial
	5	10800 ; refresh
	6	3600 ; retry
	7	604800 ; expire
	8	3600 ; min TTL
	9	)
	10	IN NS ns.yggdrasil.li.
	11	IN NS ns.inwx.de.
	12	IN NS ns2.inwx.de.
	13	IN NS ns3.inwx.eu.
	14
	15	@ IN A 188.68.51.254
	16	@ IN AAAA 2a03:4000:6:d004::
	17	@ IN MX 0 ymir.yggdrasil.li.
	18	@ IN TXT "v=spf1 redirect=yggdrasil.li"
	19
	20	* IN A 188.68.51.254
	21	* IN AAAA 2a03:4000:6:d004::
	22	* IN MX 0 ymir.yggdrasil.li.
	23	* IN TXT "v=spf1 redirect=yggdrasil.li"
	24
	25	surtr IN A 202.61.241.61
	26	surtr IN AAAA 2a03:4000:52:ada::
	27	surtr IN MX 0 ymir.yggdrasil.li
	28	surtr IN TXT "v=spf1 redirect=ullr.yggdrasil.li"
	29
	30	_acme-challenge 30 IN TXT ""
	31
	32	ymir._domainkey IN TXT (
	33	"v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq3cCKlk+VPhyAanLZTM0BCzUT/+fmxHioZcFk0uJk1akBYj7BRofR7eVNcLKpm3rwYMQgE+9vJH9p8SV6tws9EcWc8SMCqqGZlREYM7PmLDiTSK/vjCzkygfgFCb0EBNsY2A/fpP4rTeoxrbcBSvMkq97iY5rwyw4wXZVZXLiDaCj23s8POoxTk1ClqUJZJQ5x2"
	34	"qzrC0RfN5kLZ9A7Gq2jB09vNxpXHYqABA0bJv88JiZM7hfkp9IafJZ+yCVMaBcJs4DAxnTjNAuFD9gm+qSFVY8+yeXqL6Qjo5PbruhyZRBW8RgRYT8t5n07XRglMGKKGMwOGLanrltcyXqB+GsDZBD36RAAwjFadnxdpDyRv4SgRP7ff2tKRrORYpmpN+mKdqw5j3J/nP6bXV1oAkyh9XQkPEIDi81WT87EZziTElDzVp6A2qFOxqucAovoRk24"
	35	"7vlsns1FApFRsp9mja0UZNObyKD1M6tP9Ep7lS76tFGMk+WDvXRJH5LEsyCpu7sSyl1r/O0M4K+KldRCqLlZd7rf8F5P8T0dn1azk05g7F4p0N/y9GNdzXbPZ9u0eZdI7SEdh8ZoOZp7NVZiBFfbWLSS5ZtyA2kbBa4i7GJ/cuAbEKOmqAkeQPiu96TGIcyjkXjS6mTPI+9UmKZYZC+OM8XdJ02y5KRoonCc19ZS8CAwEAAQ=="
	36	)
	37
	38	_xmpp-client._tcp IN SRV 5 0 5222 ymir.yggdrasil.li.
	39	_xmpp-server._tcp IN SRV 5 0 5269 ymir.yggdrasil.li.
	40
	41	_infinoted._tcp IN SRV 5 0 6523 ymir.yggdrasil.li.
	42
	43	_submission._tcp IN SRV 5 0 25 ymir.yggdrasil.li.
	44	_imap._tcp IN SRV 5 0 143 ymir.yggdrasil.li.
	45	_imaps._tcp IN SRV 5 0 993 ymir.yggdrasil.li.


diff --git a/hosts/surtr/dns/zones/org.rheperire.soa b/hosts/surtr/dns/zones/org.rheperire.soa new file mode 100644 index 00000000..43b1e862 --- /dev/null +++ b/hosts/surtr/dns/zones/org.rheperire.soa
@@ -0,0 +1,25 @@
	1	$ORIGIN rheperire.org.
	2	$TTL 3600
	3	@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. (
	4	2021053010 ; serial
	5	10800 ; refresh
	6	3600 ; retry
	7	604800 ; expire
	8	3600 ; min TTL
	9	)
	10	IN NS ns.yggdrasil.li.
	11	IN NS ns.inwx.de.
	12	IN NS ns2.inwx.de.
	13	IN NS ns3.inwx.eu.
	14
	15	@ IN A 188.68.51.254
	16	@ IN AAAA 2a03:4000:6:d004::
	17	@ IN MX 0 ymir.yggdrasil.li.
	18	@ IN TXT "v=spf1 redirect=yggdrasil.li"
	19
	20	* IN A 188.68.51.254
	21	* IN AAAA 2a03:4000:6:d004::
	22	* IN MX 0 ymir.yggdrasil.li.
	23	* IN TXT "v=spf1 redirect=yggdrasil.li"
	24
	25	_acme-challenge 30 IN TXT ""