7 files changed, 117 insertions, 6 deletions
diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix
index aff6e6f3..d665714d 100644
--- a/hosts/surtr/dns/default.nix
+++ b/hosts/surtr/dns/default.nix
@@ -156,6 +156,7 @@ in {
        ${concatMapStringsSep "\n" mkZone [
          { domain = "yggdrasil.li";
            addACLs = { "yggdrasil.li" = ["ymir_acme_acl"]; };
+            acmeDomains = ["surtr.yggdrasil.li" "yggdrasil.li"];
          }
          { domain = "nights.email";
            addACLs = { "nights.email" = ["ymir_acme_acl"]; };
@@ -183,6 +184,7 @@ in {
            addACLs = { "rheperire.org" = ["ymir_acme_acl"]; };
          }
          { domain = "bouncy.email";
+            acmeDomains = ["mailin.bouncy.email" "mailsub.bouncy.email" "imap.bouncy.email" "bouncy.email"];
          }
        ]}
      '';
diff --git a/hosts/surtr/dns/keys/imap.bouncy.email_acme.yaml b/hosts/surtr/dns/keys/imap.bouncy.email_acme.yaml
new file mode 100644
index 00000000..f57a5b9f
--- /dev/null
+++ b/hosts/surtr/dns/keys/imap.bouncy.email_acme.yaml
@@ -0,0 +1,26 @@
+{
+        "data": "ENC[AES256_GCM,data:xcDcVLIIZXus19oDIoFvZsyy0XUN26/B2yFQpt/apVBmhxC4qmHf+5SuzXx6KnL+LRCFnh0kxw5NUnLFaADUesUAWSBTCMLyirIT37NMUNAnGcP8ikqmOk2HUHE8/3BSER9Sr/9bXhA4ikzJnWVOWGJ9lT6qkw+DUHihundf+tHKnutxP/CoXM84T0YU4U6Jzw55BhyavaT7hSjm5Pa/CmvzUfu57GK8LBQchULqPXL1/GkcZbm/BJwI2RrYkhZG8CieRiey0WaD16qxsJ4lnhSb,iv:Spb+VtjR0XEj0HldOFNORYFbPDPeS7XgTdqZPi45wuw=,tag:QRQfOTwuh6lWJNrXZkNl0w==,type:str]",
+        "sops": {
+                "kms": null,
+                "gcp_kms": null,
+                "azure_kv": null,
+                "hc_vault": null,
+                "age": null,
+                "lastmodified": "2022-05-05T11:44:35Z",
+                "mac": "ENC[AES256_GCM,data:fQmb4Az33ypsJowyPrwBlkDYDNNtJWev5RzOQdvk3FOXINfeVXqBqRmK/FqYTwonWg+oQ1j7HptvEHXnNBXyHSjLs0eBNUwQAGDVYCQO2zGwmvwnRoyvSfgqESAeSWKMhzHvEA67dAm8l1HZuAXOKpnfMF2y2Z2bD4t6Ipz1FOU=,iv:UzpWjwBiC7te1IxneH/rueVKyRQ8IulRQYAQ9AybueI=,tag:s+FpPWQ0qu187LRcFb+7eg==,type:str]",
+                "pgp": [
+                        {
+                                "created_at": "2022-05-05T11:44:34Z",
+                                "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAl2GftHJU72CZwTRupXE9S1Z/w7vwrRQlFrme9woZ2QUw\nvan+u4DvpbWsv8jH4rPERxz7aIHcIUMnnDHMls7Ma8rqwE4GzjBnqJ4afYEgbUyc\n0l4B9IVHcML8hwLMRnox+/+DqMw9QJALjiLshid+6lxQOjiKj7AvLCsMA3llsT7H\ncyGwyhm99BaLO48zsXlSmGgg2/YSTPuiJtddwp9CWv0oeOrySnw5Rk0VqdVTzreK\n=EV9D\n-----END PGP MESSAGE-----\n",
+                                "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
+                        },
+                        {
+                                "created_at": "2022-05-05T11:44:34Z",
+                                "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAHdryYLAJhmbfQOq+tXxuuOYuB2stUUnq8/lRg6/nDyMw\nMeq1lqDPZmqcMGPuz1gaopZ+I30FBdASTaLMt2jPhd09mVccpY0nFuyvjJHHV32R\n0l4B2kHMD+NWtWCxPWGAUYBHI73xggVNMkDbr2FhwJgruN/4WRNGlgEszl6MQ43v\nI98doI69oLocwl7ZmXurspzyJA4btFIayAUgKc0uF28k4ulniTPlB75QxLAvXHNy\n=AQHH\n-----END PGP MESSAGE-----\n",
+                                "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
+                        }
+                ],
+                "unencrypted_suffix": "_unencrypted",
+                "version": "3.7.2"
+        }
+}
+\ No newline at end of file
diff --git a/hosts/surtr/dns/keys/mailin.bouncy.email_acme.yaml b/hosts/surtr/dns/keys/mailin.bouncy.email_acme.yaml
new file mode 100644
index 00000000..495af908
--- /dev/null
+++ b/hosts/surtr/dns/keys/mailin.bouncy.email_acme.yaml
@@ -0,0 +1,26 @@
+{
+        "data": "ENC[AES256_GCM,data:aRpq+iUmoEQoy7wlDjTorLK0hUQdUE0RrlFAPYzoInAxrtm58xWLWYBb6FSm7oPv+B+uM04hXbTyH9xh4ZIogiV95qva1FaK+OSO9zkhP2i4SyroRyT4IKhs8ajCAj2wRSXCcUgK13UotF45y+2yJyPEOAsIossOaAJceQdi+fbW7L5z93copWyPa5XG3/KUZBNAoGFprTzB0c9luGWp8GmJ0zFZhbI+ZnKFgL9ZDTfh2e8N0VUih748AZw7YzL3uEu68BWPdXhgDo+f/DJARizmH/NyMQ==,iv:AomUPijrVdXiYI3fl8PAbJEjWZIeh7tuIZaDzJOieDk=,tag:AWkWJ+I9m7TrKKBL5cYWVw==,type:str]",
+        "sops": {
+                "kms": null,
+                "gcp_kms": null,
+                "azure_kv": null,
+                "hc_vault": null,
+                "age": null,
+                "lastmodified": "2022-05-05T11:44:33Z",
+                "mac": "ENC[AES256_GCM,data:o2QxYW9SPIbOWP/iQ2Mk1imSUWBwPOkPUTIVub/Y4Yse0RkR6qp1LlRdhB5aOKirInKNulA0iCm5uiDyGS02N52wrmQpnWjeMcFysZ9rzzRPIaEUa31GIWRQAt11amO56hM9JTBZGmq5bhPVRxRBfMT4PSgUT/KrRJSQCVXGyAs=,iv:OWk/08GxYylbjqcOjJnC81L4P+QyUkyxYaJ+qReGzIo=,tag:4r4eVCB5s462uMbb8lrnXg==,type:str]",
+                "pgp": [
+                        {
+                                "created_at": "2022-05-05T11:44:33Z",
+                                "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAymwXeFtQyiAgb+/Rm5jxPCnKWG3n7libf3zmYbQw7B0w\ndAmL/pukd3B8n3+lcdHDZodtr3W4LyatgdSXOUG51hRoqEq16b2MmCM43jTUnYQd\n0l4BWTk98DfAZ/6z7ulexqbCmfJSfJzUJGBnLqTBq2dnxeHHWpY/tpGp6BAi2n+p\nxtooPP9PUC2wbXFyf0FB5nGg+JvsNi4FspDwFYljnDKmXBnn1H3IfCmUhy1chWty\n=a8nm\n-----END PGP MESSAGE-----\n",
+                                "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
+                        },
+                        {
+                                "created_at": "2022-05-05T11:44:33Z",
+                                "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA0t4v/UKyR3uWG2NpFqxZRG7Hj05+akMq5ZnU7B/VrgQw\n4WIpnT+nqxM7c+vFNe/AVyO+R82qQrMbTL0QHpD5rUDdszFVw1UH/ELMH3rrcRlz\n0l4Bf8bWylnKOvPqeyklEktiSUXoMWqs0AbD+LuTUgqz/JvuO6AqvgbfPUvm5eOM\npI2DEW11SZeqiUai3N/H34myzQ7kSoVSfJobUfmBazIq69DBSSWz0sksMw98+yWK\n=q0Ui\n-----END PGP MESSAGE-----\n",
+                                "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
+                        }
+                ],
+                "unencrypted_suffix": "_unencrypted",
+                "version": "3.7.2"
+        }
+}
+\ No newline at end of file
diff --git a/hosts/surtr/dns/keys/mailsub.bouncy.email_acme.yaml b/hosts/surtr/dns/keys/mailsub.bouncy.email_acme.yaml
new file mode 100644
index 00000000..63d18e50
--- /dev/null
+++ b/hosts/surtr/dns/keys/mailsub.bouncy.email_acme.yaml
@@ -0,0 +1,26 @@
+{
+        "data": "ENC[AES256_GCM,data:wjU+ojwNIfiQamoOpB2MVyOB6WCCjpt1xwWO/LYD2YJqXkjl8ko4hf/wC+Q1SPkvvHPFtxxiQh1dzcl+8Wh6Xicb5HNMxiAXUQAr7gMG25nfyv3m0vB9msPDeEcbrE4t7bXOuZUBuOx9iU5UmA5kN9oTOcCT5i/db9ILEjcSvkvysk10WytyXK5CEHu5Y+gwlIJ+tP/eG/zEcXGHbDb/feQSn+Xwt3Jrdef9cau+pZB7zexIpMkvwryG9cpZCJUUDBYOhaHO+iLiO3+IEoDpr5Dabsuk9Nez,iv:ogd5X7Ss0Izl7AuJ0NvO4zKsMDDjsew3JLb0wElFhHE=,tag:f2IWgpCELipQdM+4IrtIVg==,type:str]",
+        "sops": {
+                "kms": null,
+                "gcp_kms": null,
+                "azure_kv": null,
+                "hc_vault": null,
+                "age": null,
+                "lastmodified": "2022-05-05T11:44:34Z",
+                "mac": "ENC[AES256_GCM,data:cCqLh/qhAiicPFl1p16icG8JacpQTYjnRByjRVkD1wZ2i+M/4/LXL1O46GZJvNMNlOTN6Be6IIeazGnO7MP6oxo6He2hovD0Ej5WbSruiwL2cuVvZ3vSpFI8psWS22NBgnNXCcxA+giS5b/jlRI7pcTQ2Knwwzh7Y4Xdp/UBAi8=,iv:6wC4JpdL90zwezMsoLeE5XGwxMvUdHGaVnZqfLcd//M=,tag:7peBKCXYlivsVY9hgNojyA==,type:str]",
+                "pgp": [
+                        {
+                                "created_at": "2022-05-05T11:44:34Z",
+                                "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAJ2Nl+Jhuqa6LwqsC/EPuYPU9YzPaD11JMhPxyMnk2CMw\nIJWVCeIbXlUWulQF497/yvCX+gpODsk//xTc9J1Uv02uH0HZPYQaVMVs9sqg1NW/\n0l4BpYd98/J0fFwvjhlu/6AB8zrQ2OEegjlOSGDhrAObOBx5xly3IJOF0dObl3fO\nKuauEC3fXJ/s6dugdGDklNhrdRSlfgmigSErUyB0kjo9mF/mAQ8lbzw6b5OXXBwE\n=U3Fx\n-----END PGP MESSAGE-----\n",
+                                "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
+                        },
+                        {
+                                "created_at": "2022-05-05T11:44:34Z",
+                                "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAuAXp4XtRgiQe/Nhs1oBhZxxre6e6R8uBXCUuLgp5IxIw\nUZNOL8NJB94jyqC1yxOr9mILMJw0+cQYFq8CuwSea7Cuz3WOgtVRl1ezKQlpusu5\n0l4BK5ByaesUw7P+wYuXC9VDFnKUCkSn+AA76zikuHHFu9KMd/4p6FcHboQyFz54\nguRNReB6U3y2g9KIwKo/hAk+8NHnuqH9w9Cfb2IIsU5a663AhLv/GKKkCbo0s7Ur\n=jNYe\n-----END PGP MESSAGE-----\n",
+                                "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
+                        }
+                ],
+                "unencrypted_suffix": "_unencrypted",
+                "version": "3.7.2"
+        }
+}
+\ No newline at end of file
diff --git a/hosts/surtr/dns/keys/surtr.yggdrasil.li_acme.yaml b/hosts/surtr/dns/keys/surtr.yggdrasil.li_acme.yaml
new file mode 100644
index 00000000..4523b3ba
--- /dev/null
+++ b/hosts/surtr/dns/keys/surtr.yggdrasil.li_acme.yaml
@@ -0,0 +1,26 @@
+{
+        "data": "ENC[AES256_GCM,data:4+Pvq42ibLYLxaBBf0Q8gVYglcCdABu8R3M5haawnPSadC53u1+2vx5cujznaUE0vpNJKRDhrHKmctbY6azhgWWvd+PIJ7QtbIEn+9ZhFPsaufrVxXCF/2/wPR505cJiIx0ydeE5G8a8AwsSexLPNg8cBENjkPlImd9LnxIVM3xwpjnNasV7B+OkOnK9twAh51waJLsVYrlS1VOJRh3Q7tuJWlBtQu0YWdImmxvtrz30h2MHg8g03bkL91z5NSf6mbMkLwj6dRZYlXpPMKMi4ZjsXFk=,iv:7bXn7FQwQbLF8gp115OAO+r1eqjlQklar/ADrVJaJOw=,tag:R2NmSMATA1rRQazoV6WfMw==,type:str]",
+        "sops": {
+                "kms": null,
+                "gcp_kms": null,
+                "azure_kv": null,
+                "hc_vault": null,
+                "age": null,
+                "lastmodified": "2022-05-05T11:44:30Z",
+                "mac": "ENC[AES256_GCM,data:fLYGT6nZqQEE71WV6lhmXcX2HpQBwqRqd4j9D7YwXXCQolK2v4vqND8cjn2Ni71eWxoJRqHSVWOcvK39EM+kphcmH/wqLMYhdfjkP+DisYecO8LSF8MC1mhADz/YAQQfSs1Fp73JBEOruWqeyXsCB0uSfuIk5w6P0oihzZEddys=,iv:kdLy5pPPfOhyT4E0PV+cbb/007A5maBtQ90ZaCvUHGM=,tag:QJrlCAoFTosBYTgqfca/SA==,type:str]",
+                "pgp": [
+                        {
+                                "created_at": "2022-05-05T11:44:30Z",
+                                "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAO6YzCUEucOdXkrSHAVb7Evv2ouIgsI44bvG39sM9mTcw\nExiQR9nGBTrVUIRX7Gcb6GbDOHfYiSXhIi6CVzF7gRwe1iJGM1T6fheA30VuJ4uk\n0l4B3F4m/Pqvgp9NaBGQQDQOaCTD5NjwK/2lZtuMckQMUi9df4nEA9khJHsw8nx5\nSGU8QZquE4Kyi//pEFycoQ2q0QvKqg8JoT2m7TG5EBFXea1xfbZOZNIANUB8LnOW\n=vaJN\n-----END PGP MESSAGE-----\n",
+                                "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
+                        },
+                        {
+                                "created_at": "2022-05-05T11:44:30Z",
+                                "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAgqn8CAAZu2yB5YUfmQtMxMNJr3D40jzBH1oVmV862lYw\nlEAvxqlzV7xj/pLLfcQm/fxVu6c1tQlD4nA00VceQVZN8bm0kOzwbl+MnCYBiHps\n0l4Bcus9lKpaEpz/SB2no38/VCeM2mFnWPkUuyaLN0+xlosq4/laLhLe4NzXW8BX\nQKv8FLX0GxywRzonaLBf4p9Za8EXKXv9xMf5iYst4vG0epj4MCCxp6IH/uNDJwFt\n=yguK\n-----END PGP MESSAGE-----\n",
+                                "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
+                        }
+                ],
+                "unencrypted_suffix": "_unencrypted",
+                "version": "3.7.2"
+        }
+}
+\ No newline at end of file
diff --git a/hosts/surtr/dns/zones/email.bouncy.soa b/hosts/surtr/dns/zones/email.bouncy.soa
index d6fdab9b..2123c0bf 100644
--- a/hosts/surtr/dns/zones/email.bouncy.soa
+++ b/hosts/surtr/dns/zones/email.bouncy.soa
@@ -1,7 +1,7 @@
 $ORIGIN bouncy.email.
 $TTL 3600
 @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. (
-  2022050501 ; serial
+  2022050503 ; serial
  10800      ; refresh
  3600       ; retry
  604800     ; expire
@@ -20,6 +20,8 @@ $TTL 3600
 @                       IN      MX      0 mailin.bouncy.email.
 @                       IN      TXT     "v=spf1 a:mailout.bouncy.email -all"
+_acme-challenge         IN      NS      ns.yggdrasil.li.
 *                       IN      A       202.61.241.61
 *                       IN      AAAA    2a03:4000:52:ada::
 *                       IN      MX      0 mailin.bouncy.email.
@@ -34,11 +36,13 @@ mailin			IN	A	202.61.241.61
 mailin                  IN      AAAA    2a03:4000:52:ada::
 mailin                  IN      MX      0 mailin.bouncy.email.
 mailin                  IN      TXT     "v=spf1 redirect=bouncy.email"
+_acme-challenge.mailin  IN      NS      ns.yggdrasil.li.
 mailsub                 IN      A       202.61.241.61
 mailsub                 IN      AAAA    2a03:4000:52:ada::
 mailsub                 IN      MX      0 mailin.bouncy.email.
 mailsub                 IN      TXT     "v=spf1 redirect=bouncy.email"
+_acme-challenge.mailsub IN      NS      ns.yggdrasil.li.
 _submissions._tcp       IN      SRV     5 0 465 mailsub.bouncy.email.
@@ -46,7 +50,6 @@ imap			IN	A	202.61.241.61
 imap                    IN      AAAA    2a03:4000:52:ada::
 imap                    IN      MX      0 mailin.bouncy.email.
 imap                    IN      TXT     "v=spf1 redirect=bouncy.email"
+_acme-challenge.imap    IN      NS      ns.yggdrasil.li.
 _imaps._tcp             IN      SRV     5 0 993 imap.bouncy.email.
-_acme-challenge         IN      NS      ns.yggdrasil.li.
diff --git a/hosts/surtr/dns/zones/li.yggdrasil.soa b/hosts/surtr/dns/zones/li.yggdrasil.soa
index 74b7170e..c43f7b0d 100644
--- a/hosts/surtr/dns/zones/li.yggdrasil.soa
+++ b/hosts/surtr/dns/zones/li.yggdrasil.soa
@@ -1,7 +1,7 @@
 $ORIGIN yggdrasil.li.
 $TTL 3600
 @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. (
-  2022040800 ; serial
+  2022050501 ; serial
  10800      ; refresh
  3600       ; retry
  604800     ; expire
@@ -37,8 +37,10 @@ ymir                    IN      TXT     "v=spf1 redirect=yggdrasil.li"
 surtr                   IN      A       202.61.241.61
 surtr                   IN      AAAA    2a03:4000:52:ada::
-surtr                   IN      MX      0 ymir.yggdrasil.li
+surtr                   IN      MX      0 surtr.yggdrasil.li
-surtr                   IN      TXT     "v=spf1 redirect=yggdrasil.li"
+surtr                   IN      TXT     "v=spf1 a:surtr.yggdrasil.li -all"
+_acme-challenge.surtr   IN      NS      ns.yggdrasil.li.
 prometheus.surtr        IN      CNAME   surtr.yggdrasil.li.

diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix index aff6e6f3..d665714d 100644 --- a/hosts/surtr/dns/default.nix +++ b/hosts/surtr/dns/default.nix
@@ -156,6 +156,7 @@ in {
156	${concatMapStringsSep "\n" mkZone [	156	${concatMapStringsSep "\n" mkZone [
157	{ domain = "yggdrasil.li";	157	{ domain = "yggdrasil.li";
158	addACLs = { "yggdrasil.li" = ["ymir_acme_acl"]; };	158	addACLs = { "yggdrasil.li" = ["ymir_acme_acl"]; };
		159	acmeDomains = ["surtr.yggdrasil.li" "yggdrasil.li"];
159	}	160	}
160	{ domain = "nights.email";	161	{ domain = "nights.email";
161	addACLs = { "nights.email" = ["ymir_acme_acl"]; };	162	addACLs = { "nights.email" = ["ymir_acme_acl"]; };
@@ -183,6 +184,7 @@ in {
183	addACLs = { "rheperire.org" = ["ymir_acme_acl"]; };	184	addACLs = { "rheperire.org" = ["ymir_acme_acl"]; };
184	}	185	}
185	{ domain = "bouncy.email";	186	{ domain = "bouncy.email";
		187	acmeDomains = ["mailin.bouncy.email" "mailsub.bouncy.email" "imap.bouncy.email" "bouncy.email"];
186	}	188	}
187	]}	189	]}
188	'';	190	'';


diff --git a/hosts/surtr/dns/keys/imap.bouncy.email_acme.yaml b/hosts/surtr/dns/keys/imap.bouncy.email_acme.yaml new file mode 100644 index 00000000..f57a5b9f --- /dev/null +++ b/hosts/surtr/dns/keys/imap.bouncy.email_acme.yaml
@@ -0,0 +1,26 @@
		1	{
		2	"data": "ENC[AES256_GCM,data:xcDcVLIIZXus19oDIoFvZsyy0XUN26/B2yFQpt/apVBmhxC4qmHf+5SuzXx6KnL+LRCFnh0kxw5NUnLFaADUesUAWSBTCMLyirIT37NMUNAnGcP8ikqmOk2HUHE8/3BSER9Sr/9bXhA4ikzJnWVOWGJ9lT6qkw+DUHihundf+tHKnutxP/CoXM84T0YU4U6Jzw55BhyavaT7hSjm5Pa/CmvzUfu57GK8LBQchULqPXL1/GkcZbm/BJwI2RrYkhZG8CieRiey0WaD16qxsJ4lnhSb,iv:Spb+VtjR0XEj0HldOFNORYFbPDPeS7XgTdqZPi45wuw=,tag:QRQfOTwuh6lWJNrXZkNl0w==,type:str]",
		3	"sops": {
		4	"kms": null,
		5	"gcp_kms": null,
		6	"azure_kv": null,
		7	"hc_vault": null,
		8	"age": null,
		9	"lastmodified": "2022-05-05T11:44:35Z",
		10	"mac": "ENC[AES256_GCM,data:fQmb4Az33ypsJowyPrwBlkDYDNNtJWev5RzOQdvk3FOXINfeVXqBqRmK/FqYTwonWg+oQ1j7HptvEHXnNBXyHSjLs0eBNUwQAGDVYCQO2zGwmvwnRoyvSfgqESAeSWKMhzHvEA67dAm8l1HZuAXOKpnfMF2y2Z2bD4t6Ipz1FOU=,iv:UzpWjwBiC7te1IxneH/rueVKyRQ8IulRQYAQ9AybueI=,tag:s+FpPWQ0qu187LRcFb+7eg==,type:str]",
		11	"pgp": [
		12	{
		13	"created_at": "2022-05-05T11:44:34Z",
		14	"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAl2GftHJU72CZwTRupXE9S1Z/w7vwrRQlFrme9woZ2QUw\nvan+u4DvpbWsv8jH4rPERxz7aIHcIUMnnDHMls7Ma8rqwE4GzjBnqJ4afYEgbUyc\n0l4B9IVHcML8hwLMRnox+/+DqMw9QJALjiLshid+6lxQOjiKj7AvLCsMA3llsT7H\ncyGwyhm99BaLO48zsXlSmGgg2/YSTPuiJtddwp9CWv0oeOrySnw5Rk0VqdVTzreK\n=EV9D\n-----END PGP MESSAGE-----\n",
		15	"fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
		16	},
		17	{
		18	"created_at": "2022-05-05T11:44:34Z",
		19	"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAHdryYLAJhmbfQOq+tXxuuOYuB2stUUnq8/lRg6/nDyMw\nMeq1lqDPZmqcMGPuz1gaopZ+I30FBdASTaLMt2jPhd09mVccpY0nFuyvjJHHV32R\n0l4B2kHMD+NWtWCxPWGAUYBHI73xggVNMkDbr2FhwJgruN/4WRNGlgEszl6MQ43v\nI98doI69oLocwl7ZmXurspzyJA4btFIayAUgKc0uF28k4ulniTPlB75QxLAvXHNy\n=AQHH\n-----END PGP MESSAGE-----\n",
		20	"fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
		21	}
		22	],
		23	"unencrypted_suffix": "_unencrypted",
		24	"version": "3.7.2"
		25	}
		26	} \ No newline at end of file


diff --git a/hosts/surtr/dns/keys/mailin.bouncy.email_acme.yaml b/hosts/surtr/dns/keys/mailin.bouncy.email_acme.yaml new file mode 100644 index 00000000..495af908 --- /dev/null +++ b/hosts/surtr/dns/keys/mailin.bouncy.email_acme.yaml
@@ -0,0 +1,26 @@
		1	{
		2	"data": "ENC[AES256_GCM,data:aRpq+iUmoEQoy7wlDjTorLK0hUQdUE0RrlFAPYzoInAxrtm58xWLWYBb6FSm7oPv+B+uM04hXbTyH9xh4ZIogiV95qva1FaK+OSO9zkhP2i4SyroRyT4IKhs8ajCAj2wRSXCcUgK13UotF45y+2yJyPEOAsIossOaAJceQdi+fbW7L5z93copWyPa5XG3/KUZBNAoGFprTzB0c9luGWp8GmJ0zFZhbI+ZnKFgL9ZDTfh2e8N0VUih748AZw7YzL3uEu68BWPdXhgDo+f/DJARizmH/NyMQ==,iv:AomUPijrVdXiYI3fl8PAbJEjWZIeh7tuIZaDzJOieDk=,tag:AWkWJ+I9m7TrKKBL5cYWVw==,type:str]",
		3	"sops": {
		4	"kms": null,
		5	"gcp_kms": null,
		6	"azure_kv": null,
		7	"hc_vault": null,
		8	"age": null,
		9	"lastmodified": "2022-05-05T11:44:33Z",
		10	"mac": "ENC[AES256_GCM,data:o2QxYW9SPIbOWP/iQ2Mk1imSUWBwPOkPUTIVub/Y4Yse0RkR6qp1LlRdhB5aOKirInKNulA0iCm5uiDyGS02N52wrmQpnWjeMcFysZ9rzzRPIaEUa31GIWRQAt11amO56hM9JTBZGmq5bhPVRxRBfMT4PSgUT/KrRJSQCVXGyAs=,iv:OWk/08GxYylbjqcOjJnC81L4P+QyUkyxYaJ+qReGzIo=,tag:4r4eVCB5s462uMbb8lrnXg==,type:str]",
		11	"pgp": [
		12	{
		13	"created_at": "2022-05-05T11:44:33Z",
		14	"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAymwXeFtQyiAgb+/Rm5jxPCnKWG3n7libf3zmYbQw7B0w\ndAmL/pukd3B8n3+lcdHDZodtr3W4LyatgdSXOUG51hRoqEq16b2MmCM43jTUnYQd\n0l4BWTk98DfAZ/6z7ulexqbCmfJSfJzUJGBnLqTBq2dnxeHHWpY/tpGp6BAi2n+p\nxtooPP9PUC2wbXFyf0FB5nGg+JvsNi4FspDwFYljnDKmXBnn1H3IfCmUhy1chWty\n=a8nm\n-----END PGP MESSAGE-----\n",
		15	"fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
		16	},
		17	{
		18	"created_at": "2022-05-05T11:44:33Z",
		19	"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA0t4v/UKyR3uWG2NpFqxZRG7Hj05+akMq5ZnU7B/VrgQw\n4WIpnT+nqxM7c+vFNe/AVyO+R82qQrMbTL0QHpD5rUDdszFVw1UH/ELMH3rrcRlz\n0l4Bf8bWylnKOvPqeyklEktiSUXoMWqs0AbD+LuTUgqz/JvuO6AqvgbfPUvm5eOM\npI2DEW11SZeqiUai3N/H34myzQ7kSoVSfJobUfmBazIq69DBSSWz0sksMw98+yWK\n=q0Ui\n-----END PGP MESSAGE-----\n",
		20	"fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
		21	}
		22	],
		23	"unencrypted_suffix": "_unencrypted",
		24	"version": "3.7.2"
		25	}
		26	} \ No newline at end of file


diff --git a/hosts/surtr/dns/keys/mailsub.bouncy.email_acme.yaml b/hosts/surtr/dns/keys/mailsub.bouncy.email_acme.yaml new file mode 100644 index 00000000..63d18e50 --- /dev/null +++ b/hosts/surtr/dns/keys/mailsub.bouncy.email_acme.yaml
@@ -0,0 +1,26 @@
		1	{
		2	"data": "ENC[AES256_GCM,data:wjU+ojwNIfiQamoOpB2MVyOB6WCCjpt1xwWO/LYD2YJqXkjl8ko4hf/wC+Q1SPkvvHPFtxxiQh1dzcl+8Wh6Xicb5HNMxiAXUQAr7gMG25nfyv3m0vB9msPDeEcbrE4t7bXOuZUBuOx9iU5UmA5kN9oTOcCT5i/db9ILEjcSvkvysk10WytyXK5CEHu5Y+gwlIJ+tP/eG/zEcXGHbDb/feQSn+Xwt3Jrdef9cau+pZB7zexIpMkvwryG9cpZCJUUDBYOhaHO+iLiO3+IEoDpr5Dabsuk9Nez,iv:ogd5X7Ss0Izl7AuJ0NvO4zKsMDDjsew3JLb0wElFhHE=,tag:f2IWgpCELipQdM+4IrtIVg==,type:str]",
		3	"sops": {
		4	"kms": null,
		5	"gcp_kms": null,
		6	"azure_kv": null,
		7	"hc_vault": null,
		8	"age": null,
		9	"lastmodified": "2022-05-05T11:44:34Z",
		10	"mac": "ENC[AES256_GCM,data:cCqLh/qhAiicPFl1p16icG8JacpQTYjnRByjRVkD1wZ2i+M/4/LXL1O46GZJvNMNlOTN6Be6IIeazGnO7MP6oxo6He2hovD0Ej5WbSruiwL2cuVvZ3vSpFI8psWS22NBgnNXCcxA+giS5b/jlRI7pcTQ2Knwwzh7Y4Xdp/UBAi8=,iv:6wC4JpdL90zwezMsoLeE5XGwxMvUdHGaVnZqfLcd//M=,tag:7peBKCXYlivsVY9hgNojyA==,type:str]",
		11	"pgp": [
		12	{
		13	"created_at": "2022-05-05T11:44:34Z",
		14	"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAJ2Nl+Jhuqa6LwqsC/EPuYPU9YzPaD11JMhPxyMnk2CMw\nIJWVCeIbXlUWulQF497/yvCX+gpODsk//xTc9J1Uv02uH0HZPYQaVMVs9sqg1NW/\n0l4BpYd98/J0fFwvjhlu/6AB8zrQ2OEegjlOSGDhrAObOBx5xly3IJOF0dObl3fO\nKuauEC3fXJ/s6dugdGDklNhrdRSlfgmigSErUyB0kjo9mF/mAQ8lbzw6b5OXXBwE\n=U3Fx\n-----END PGP MESSAGE-----\n",
		15	"fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
		16	},
		17	{
		18	"created_at": "2022-05-05T11:44:34Z",
		19	"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAuAXp4XtRgiQe/Nhs1oBhZxxre6e6R8uBXCUuLgp5IxIw\nUZNOL8NJB94jyqC1yxOr9mILMJw0+cQYFq8CuwSea7Cuz3WOgtVRl1ezKQlpusu5\n0l4BK5ByaesUw7P+wYuXC9VDFnKUCkSn+AA76zikuHHFu9KMd/4p6FcHboQyFz54\nguRNReB6U3y2g9KIwKo/hAk+8NHnuqH9w9Cfb2IIsU5a663AhLv/GKKkCbo0s7Ur\n=jNYe\n-----END PGP MESSAGE-----\n",
		20	"fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
		21	}
		22	],
		23	"unencrypted_suffix": "_unencrypted",
		24	"version": "3.7.2"
		25	}
		26	} \ No newline at end of file


diff --git a/hosts/surtr/dns/keys/surtr.yggdrasil.li_acme.yaml b/hosts/surtr/dns/keys/surtr.yggdrasil.li_acme.yaml new file mode 100644 index 00000000..4523b3ba --- /dev/null +++ b/hosts/surtr/dns/keys/surtr.yggdrasil.li_acme.yaml
@@ -0,0 +1,26 @@
		1	{
		2	"data": "ENC[AES256_GCM,data:4+Pvq42ibLYLxaBBf0Q8gVYglcCdABu8R3M5haawnPSadC53u1+2vx5cujznaUE0vpNJKRDhrHKmctbY6azhgWWvd+PIJ7QtbIEn+9ZhFPsaufrVxXCF/2/wPR505cJiIx0ydeE5G8a8AwsSexLPNg8cBENjkPlImd9LnxIVM3xwpjnNasV7B+OkOnK9twAh51waJLsVYrlS1VOJRh3Q7tuJWlBtQu0YWdImmxvtrz30h2MHg8g03bkL91z5NSf6mbMkLwj6dRZYlXpPMKMi4ZjsXFk=,iv:7bXn7FQwQbLF8gp115OAO+r1eqjlQklar/ADrVJaJOw=,tag:R2NmSMATA1rRQazoV6WfMw==,type:str]",
		3	"sops": {
		4	"kms": null,
		5	"gcp_kms": null,
		6	"azure_kv": null,
		7	"hc_vault": null,
		8	"age": null,
		9	"lastmodified": "2022-05-05T11:44:30Z",
		10	"mac": "ENC[AES256_GCM,data:fLYGT6nZqQEE71WV6lhmXcX2HpQBwqRqd4j9D7YwXXCQolK2v4vqND8cjn2Ni71eWxoJRqHSVWOcvK39EM+kphcmH/wqLMYhdfjkP+DisYecO8LSF8MC1mhADz/YAQQfSs1Fp73JBEOruWqeyXsCB0uSfuIk5w6P0oihzZEddys=,iv:kdLy5pPPfOhyT4E0PV+cbb/007A5maBtQ90ZaCvUHGM=,tag:QJrlCAoFTosBYTgqfca/SA==,type:str]",
		11	"pgp": [
		12	{
		13	"created_at": "2022-05-05T11:44:30Z",
		14	"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAO6YzCUEucOdXkrSHAVb7Evv2ouIgsI44bvG39sM9mTcw\nExiQR9nGBTrVUIRX7Gcb6GbDOHfYiSXhIi6CVzF7gRwe1iJGM1T6fheA30VuJ4uk\n0l4B3F4m/Pqvgp9NaBGQQDQOaCTD5NjwK/2lZtuMckQMUi9df4nEA9khJHsw8nx5\nSGU8QZquE4Kyi//pEFycoQ2q0QvKqg8JoT2m7TG5EBFXea1xfbZOZNIANUB8LnOW\n=vaJN\n-----END PGP MESSAGE-----\n",
		15	"fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8"
		16	},
		17	{
		18	"created_at": "2022-05-05T11:44:30Z",
		19	"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAgqn8CAAZu2yB5YUfmQtMxMNJr3D40jzBH1oVmV862lYw\nlEAvxqlzV7xj/pLLfcQm/fxVu6c1tQlD4nA00VceQVZN8bm0kOzwbl+MnCYBiHps\n0l4Bcus9lKpaEpz/SB2no38/VCeM2mFnWPkUuyaLN0+xlosq4/laLhLe4NzXW8BX\nQKv8FLX0GxywRzonaLBf4p9Za8EXKXv9xMf5iYst4vG0epj4MCCxp6IH/uNDJwFt\n=yguK\n-----END PGP MESSAGE-----\n",
		20	"fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
		21	}
		22	],
		23	"unencrypted_suffix": "_unencrypted",
		24	"version": "3.7.2"
		25	}
		26	} \ No newline at end of file


diff --git a/hosts/surtr/dns/zones/email.bouncy.soa b/hosts/surtr/dns/zones/email.bouncy.soa index d6fdab9b..2123c0bf 100644 --- a/hosts/surtr/dns/zones/email.bouncy.soa +++ b/hosts/surtr/dns/zones/email.bouncy.soa
@@ -1,7 +1,7 @@
1	$ORIGIN bouncy.email.	1	$ORIGIN bouncy.email.
2	$TTL 3600	2	$TTL 3600
3	@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. (	3	@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. (
4	2022050501 ; serial	4	2022050503 ; serial
5	10800 ; refresh	5	10800 ; refresh
6	3600 ; retry	6	3600 ; retry
7	604800 ; expire	7	604800 ; expire
@@ -20,6 +20,8 @@ $TTL 3600
20	@ IN MX 0 mailin.bouncy.email.	20	@ IN MX 0 mailin.bouncy.email.
21	@ IN TXT "v=spf1 a:mailout.bouncy.email -all"	21	@ IN TXT "v=spf1 a:mailout.bouncy.email -all"
22		22
		23	_acme-challenge IN NS ns.yggdrasil.li.
		24
23	* IN A 202.61.241.61	25	* IN A 202.61.241.61
24	* IN AAAA 2a03:4000:52:ada::	26	* IN AAAA 2a03:4000:52:ada::
25	* IN MX 0 mailin.bouncy.email.	27	* IN MX 0 mailin.bouncy.email.
@@ -34,11 +36,13 @@ mailin IN A 202.61.241.61
34	mailin IN AAAA 2a03:4000:52:ada::	36	mailin IN AAAA 2a03:4000:52:ada::
35	mailin IN MX 0 mailin.bouncy.email.	37	mailin IN MX 0 mailin.bouncy.email.
36	mailin IN TXT "v=spf1 redirect=bouncy.email"	38	mailin IN TXT "v=spf1 redirect=bouncy.email"
		39	_acme-challenge.mailin IN NS ns.yggdrasil.li.
37		40
38	mailsub IN A 202.61.241.61	41	mailsub IN A 202.61.241.61
39	mailsub IN AAAA 2a03:4000:52:ada::	42	mailsub IN AAAA 2a03:4000:52:ada::
40	mailsub IN MX 0 mailin.bouncy.email.	43	mailsub IN MX 0 mailin.bouncy.email.
41	mailsub IN TXT "v=spf1 redirect=bouncy.email"	44	mailsub IN TXT "v=spf1 redirect=bouncy.email"
		45	_acme-challenge.mailsub IN NS ns.yggdrasil.li.
42		46
43	_submissions._tcp IN SRV 5 0 465 mailsub.bouncy.email.	47	_submissions._tcp IN SRV 5 0 465 mailsub.bouncy.email.
44		48
@@ -46,7 +50,6 @@ imap IN A 202.61.241.61
46	imap IN AAAA 2a03:4000:52:ada::	50	imap IN AAAA 2a03:4000:52:ada::
47	imap IN MX 0 mailin.bouncy.email.	51	imap IN MX 0 mailin.bouncy.email.
48	imap IN TXT "v=spf1 redirect=bouncy.email"	52	imap IN TXT "v=spf1 redirect=bouncy.email"
		53	_acme-challenge.imap IN NS ns.yggdrasil.li.
49		54
50	_imaps._tcp IN SRV 5 0 993 imap.bouncy.email.	55	_imaps._tcp IN SRV 5 0 993 imap.bouncy.email.
51
52	_acme-challenge IN NS ns.yggdrasil.li.


diff --git a/hosts/surtr/dns/zones/li.yggdrasil.soa b/hosts/surtr/dns/zones/li.yggdrasil.soa index 74b7170e..c43f7b0d 100644 --- a/hosts/surtr/dns/zones/li.yggdrasil.soa +++ b/hosts/surtr/dns/zones/li.yggdrasil.soa
@@ -1,7 +1,7 @@
1	$ORIGIN yggdrasil.li.	1	$ORIGIN yggdrasil.li.
2	$TTL 3600	2	$TTL 3600
3	@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. (	3	@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. (
4	2022040800 ; serial	4	2022050501 ; serial
5	10800 ; refresh	5	10800 ; refresh
6	3600 ; retry	6	3600 ; retry
7	604800 ; expire	7	604800 ; expire
@@ -37,8 +37,10 @@ ymir IN TXT "v=spf1 redirect=yggdrasil.li"
37		37
38	surtr IN A 202.61.241.61	38	surtr IN A 202.61.241.61
39	surtr IN AAAA 2a03:4000:52:ada::	39	surtr IN AAAA 2a03:4000:52:ada::
40	surtr IN MX 0 ymir.yggdrasil.li	40	surtr IN MX 0 surtr.yggdrasil.li
41	surtr IN TXT "v=spf1 redirect=yggdrasil.li"	41	surtr IN TXT "v=spf1 a:surtr.yggdrasil.li -all"
		42
		43	_acme-challenge.surtr IN NS ns.yggdrasil.li.
42		44
43	prometheus.surtr IN CNAME surtr.yggdrasil.li.	45	prometheus.surtr IN CNAME surtr.yggdrasil.li.
44		46