diff options
Diffstat (limited to 'hosts/surtr/dns')
-rw-r--r-- | hosts/surtr/dns/default.nix | 4 | ||||
-rw-r--r-- | hosts/surtr/dns/keys/app.etesync.yggdrasil.li_acme.yaml | 26 | ||||
-rw-r--r-- | hosts/surtr/dns/keys/etesync.yggdrasil.li_acme.yaml | 26 | ||||
-rw-r--r-- | hosts/surtr/dns/zones/li.yggdrasil.soa | 14 |
4 files changed, 67 insertions, 3 deletions
diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix index 5cba23d9..e0637b3b 100644 --- a/hosts/surtr/dns/default.nix +++ b/hosts/surtr/dns/default.nix | |||
@@ -48,7 +48,7 @@ in { | |||
48 | unitConfig.RequiresMountsFor = [ "/var/lib/knot" ]; | 48 | unitConfig.RequiresMountsFor = [ "/var/lib/knot" ]; |
49 | serviceConfig.LoadCredential = map ({name, ...}: "${name}:${config.sops.secrets.${name}.path}") knotKeys; | 49 | serviceConfig.LoadCredential = map ({name, ...}: "${name}:${config.sops.secrets.${name}.path}") knotKeys; |
50 | }; | 50 | }; |
51 | 51 | ||
52 | services.knot = { | 52 | services.knot = { |
53 | enable = true; | 53 | enable = true; |
54 | keyFiles = map ({name, ...}: "/run/credentials/knot.service/${name}") knotKeys; | 54 | keyFiles = map ({name, ...}: "/run/credentials/knot.service/${name}") knotKeys; |
@@ -159,7 +159,7 @@ in { | |||
159 | ${concatMapStringsSep "\n" mkZone [ | 159 | ${concatMapStringsSep "\n" mkZone [ |
160 | { domain = "yggdrasil.li"; | 160 | { domain = "yggdrasil.li"; |
161 | addACLs = { "yggdrasil.li" = ["ymir_acme_acl"]; }; | 161 | addACLs = { "yggdrasil.li" = ["ymir_acme_acl"]; }; |
162 | acmeDomains = ["surtr.yggdrasil.li" "yggdrasil.li"]; | 162 | acmeDomains = ["surtr.yggdrasil.li" "yggdrasil.li" "etesync.yggdrasil.li" "app.etesync.yggdrasil.li"]; |
163 | } | 163 | } |
164 | { domain = "nights.email"; | 164 | { domain = "nights.email"; |
165 | addACLs = { "nights.email" = ["ymir_acme_acl"]; }; | 165 | addACLs = { "nights.email" = ["ymir_acme_acl"]; }; |
diff --git a/hosts/surtr/dns/keys/app.etesync.yggdrasil.li_acme.yaml b/hosts/surtr/dns/keys/app.etesync.yggdrasil.li_acme.yaml new file mode 100644 index 00000000..f8e0794d --- /dev/null +++ b/hosts/surtr/dns/keys/app.etesync.yggdrasil.li_acme.yaml | |||
@@ -0,0 +1,26 @@ | |||
1 | { | ||
2 | "data": "ENC[AES256_GCM,data:YW/R3Bi4IDGNBxtUFh9h/9i/kQaQTVQN019NDNQsGVBOFQSZxvy8+RBEfmZO1bvAYbBuQ72ksb3+dckupm8BQaO4lxsCZpGcPmDrWpYal4hirJAtiJ374j9jGTFVF0x7z6lb8B3aZ5Ztkov6ZxLLiXAEZ1owufKCYeqyemzuEUPPvrfAvF14vg3kqcr2OfeLE7XdMMMu1/ive5C2QGsKekRqJNDbO2iiWDaTFCY3N9Rqja895Of9lzUGNjsWhnNsZLzpEvm/NPFKAmStRq24XGk/KIxGoxBCLZYoCaqZNJ0=,iv:xWYRqkW8Oyple4EQegxx3Y+fwlm1ghm9pbP59UmM1bk=,tag:371XtqRpcbCLcDSJ0xtGgA==,type:str]", | ||
3 | "sops": { | ||
4 | "kms": null, | ||
5 | "gcp_kms": null, | ||
6 | "azure_kv": null, | ||
7 | "hc_vault": null, | ||
8 | "age": null, | ||
9 | "lastmodified": "2022-11-09T19:02:47Z", | ||
10 | "mac": "ENC[AES256_GCM,data:1/v1EB5lz/cwKcUuOPVVXPBtEnTmFrZj0hTGv5uQEVU9fd66muY3J6HPEvS68g/YBaaYy6V2QLc2lDwbu9amaukqE1Mq7sv51kSPp7jQs7u91BKfN5K3OtCipFxG1fwjqY4k7zliaYESLwrQWXEhFz3k/nPT9xD/nDNc/czQi3I=,iv:zNUpuirl9gZp/kr/NdO3a6ibjX6Itc0JBpu/xxTpMAI=,tag:0twXpUS+/YCpSxZBfojQ0g==,type:str]", | ||
11 | "pgp": [ | ||
12 | { | ||
13 | "created_at": "2022-11-09T19:02:47Z", | ||
14 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAwgUrKA64oejQmFVmq/vVXUtB0cA1QFTD9tYjc47x+zUw\nwClB436nZMlbuVAltWoMwaW6SOF2I6pcl10j1mU2tSBTnAFmhYUKstYNN1QaBcsj\n0l4By0ALjyRuRkvhZI1Tx3pUJ25P4mGux5dIYPbM+tDcb8hwfmCBig6NG47HH3xp\nPxWXzP6LNFkAAzpZidkv9RaI1XDezbqweMHVTOMfgnaQR35bIbFKDBEd/Y7AvGOT\n=P2yg\n-----END PGP MESSAGE-----\n", | ||
15 | "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" | ||
16 | }, | ||
17 | { | ||
18 | "created_at": "2022-11-09T19:02:47Z", | ||
19 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAbP0iUr2BYsdWpD0m2W4S8aTz8t4dp9mY23qAY5vbGV4w\nxETSJs6Luv32fHpG+kUFkNKIkkpte7Yq3qtxpFoIKroZAGR3/mXB2f0Nd+BKbDZy\n0l4Baouvj8guk0BxywGDyW3V88qMphaGxAwgVsZSiZ9++HxhGHu2fAozJdsJNNtv\njtQI/IM6TaR5/Ib5NxEZ2zR1AguaoI7iDIPhiLUwZmzk95/+xbNwo/bVjHXyh6vA\n=zxXy\n-----END PGP MESSAGE-----\n", | ||
20 | "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" | ||
21 | } | ||
22 | ], | ||
23 | "unencrypted_suffix": "_unencrypted", | ||
24 | "version": "3.7.3" | ||
25 | } | ||
26 | } \ No newline at end of file | ||
diff --git a/hosts/surtr/dns/keys/etesync.yggdrasil.li_acme.yaml b/hosts/surtr/dns/keys/etesync.yggdrasil.li_acme.yaml new file mode 100644 index 00000000..1c588b07 --- /dev/null +++ b/hosts/surtr/dns/keys/etesync.yggdrasil.li_acme.yaml | |||
@@ -0,0 +1,26 @@ | |||
1 | { | ||
2 | "data": "ENC[AES256_GCM,data:9VkwZFnF/WJZx4eHBV0psppNd+XbtCO3flQeO9YIVLYA7Hlyu7YZKkILgQDheHN/KjKfuRXsXUNjojEGgkyzU3Hc03LUQkrF4dFP99/Fqwjl9TUWKHPPxCXKPzEuEpJI3krwFOLWoD++aGmQKzAW4vG9oMF4vErkzUAchxfvVnC6TiswuSAsOF34/A3JP4dZKo78iMf90MhXSrqzQ60tUSrSGUBipBne40a5kVHw6Jc4N5zUemnYAInftIvQ+8VKhxhIxLIPrYslM159w0HgTta2Jio+6UHq,iv:UwDkUeaXY6IrVJf4BxPy52ssE32AiKkpWSOj8JeZrTw=,tag:Jdz4tOhu41kjGbBOMqQC1A==,type:str]", | ||
3 | "sops": { | ||
4 | "kms": null, | ||
5 | "gcp_kms": null, | ||
6 | "azure_kv": null, | ||
7 | "hc_vault": null, | ||
8 | "age": null, | ||
9 | "lastmodified": "2022-11-09T15:58:56Z", | ||
10 | "mac": "ENC[AES256_GCM,data:bLVoRyiCj/t39dC62YuhwDlpVdniufta6wie+bTD3CmC7RxFrSVTIuRZbKlYgue+sxhtIsG2AaO4/FrpFGm9i3tQAi47wHMhr4NRtxXYALAiBKgREjap1q19ePMeN9vdbdxB2SsnnJBhlRAsZzyFqoeKuo67pEWWPuwJz3QXSGI=,iv:fmr313AD4xbQHNP94HLzKzVTGdL7E0m0u4F/oQay/2w=,tag:gs7GWUWuCISO0WVu/C+wuQ==,type:str]", | ||
11 | "pgp": [ | ||
12 | { | ||
13 | "created_at": "2022-11-09T15:58:56Z", | ||
14 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdATu1XElbAp1jN1ON1K5dOrePlVtucKDXpu1316bi0pQsw\n8YHSJkrIS0LaAGSPnZkNtxXMOWNcmLrbUhDwLcLnmYG2VSv4oaOhgHJ7qHxlwFTM\n0l4B67lzysh5ah1XEQMn5J/tERwHp9S2s5vN61olviMetrlAV6n03JTHjMSsV2nZ\nM5JflAbE3amxEdlAIcKyRh5pcTz1cnwEk5dVQMN6to8alhBOsEd2j40S7ixvuAmB\n=UUbW\n-----END PGP MESSAGE-----\n", | ||
15 | "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" | ||
16 | }, | ||
17 | { | ||
18 | "created_at": "2022-11-09T15:58:56Z", | ||
19 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdANUUZ//nrQaWaN09s/He7ZvgVDBNSoSoor5PPpeFkogYw\nxtwRVqp4/bqkiBDk0Szgjna98hnC0LKLfiO1zDDzSZ1c8NhUSo2mI52qnq6PAkOZ\n0l4BlYEjEcCYhuZJrGErzFnxWdPVUlTy/DOVN8AWwJCgvvbKKL0R4As7gwyoGg8a\nAPYgA4J9p62dlTCTHFXZNdQ6Iml/sBcgafcWAq5B6anQ6bmFGUF7s/+ntT5Ergr9\n=LVUN\n-----END PGP MESSAGE-----\n", | ||
20 | "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" | ||
21 | } | ||
22 | ], | ||
23 | "unencrypted_suffix": "_unencrypted", | ||
24 | "version": "3.7.3" | ||
25 | } | ||
26 | } \ No newline at end of file | ||
diff --git a/hosts/surtr/dns/zones/li.yggdrasil.soa b/hosts/surtr/dns/zones/li.yggdrasil.soa index 1a4e4656..1bb10662 100644 --- a/hosts/surtr/dns/zones/li.yggdrasil.soa +++ b/hosts/surtr/dns/zones/li.yggdrasil.soa | |||
@@ -1,7 +1,7 @@ | |||
1 | $ORIGIN yggdrasil.li. | 1 | $ORIGIN yggdrasil.li. |
2 | $TTL 3600 | 2 | $TTL 3600 |
3 | @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( | 3 | @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( |
4 | 2022072800 ; serial | 4 | 2022110904 ; serial |
5 | 10800 ; refresh | 5 | 10800 ; refresh |
6 | 3600 ; retry | 6 | 3600 ; retry |
7 | 604800 ; expire | 7 | 604800 ; expire |
@@ -53,6 +53,18 @@ _acme-challenge.surtr IN NS ns.yggdrasil.li. | |||
53 | 53 | ||
54 | prometheus.surtr IN CNAME surtr.yggdrasil.li. | 54 | prometheus.surtr IN CNAME surtr.yggdrasil.li. |
55 | 55 | ||
56 | etesync IN A 202.61.241.61 | ||
57 | etesync IN AAAA 2a03:4000:52:ada:: | ||
58 | etesync IN MX 0 surtr.yggdrasil.li | ||
59 | etesync IN TXT "v=spf1 redirect=surtr.yggdrasil.li" | ||
60 | _acme-challenge.etesync IN NS ns.yggdrasil.li. | ||
61 | |||
62 | app.etesync IN A 202.61.241.61 | ||
63 | app.etesync IN AAAA 2a03:4000:52:ada:: | ||
64 | app.etesync IN MX 0 surtr.yggdrasil.li | ||
65 | app.etesync IN TXT "v=spf1 redirect=surtr.yggdrasil.li" | ||
66 | _acme-challenge.app.etesync IN NS ns.yggdrasil.li. | ||
67 | |||
56 | vidhar IN AAAA 2a03:4000:52:ada:4:1:: | 68 | vidhar IN AAAA 2a03:4000:52:ada:4:1:: |
57 | vidhar IN MX 0 ymir.yggdrasil.li | 69 | vidhar IN MX 0 ymir.yggdrasil.li |
58 | vidhar IN TXT "v=spf1 redirect=yggdrasil.li" | 70 | vidhar IN TXT "v=spf1 redirect=yggdrasil.li" |