diff options
Diffstat (limited to 'hosts')
-rw-r--r-- | hosts/surtr/http.nix | 4 | ||||
-rw-r--r-- | hosts/surtr/tls.nix | 63 |
2 files changed, 38 insertions, 29 deletions
diff --git a/hosts/surtr/http.nix b/hosts/surtr/http.nix index a5f08dfe..bca89a4c 100644 --- a/hosts/surtr/http.nix +++ b/hosts/surtr/http.nix | |||
@@ -58,6 +58,8 @@ | |||
58 | }; | 58 | }; |
59 | }; | 59 | }; |
60 | }; | 60 | }; |
61 | security.acme.domains."webdav.141.li" = {}; | 61 | security.acme.domains."webdav.141.li" = { |
62 | zone = "141.li"; | ||
63 | }; | ||
62 | }; | 64 | }; |
63 | } | 65 | } |
diff --git a/hosts/surtr/tls.nix b/hosts/surtr/tls.nix index 704941e2..97a9649d 100644 --- a/hosts/surtr/tls.nix +++ b/hosts/surtr/tls.nix | |||
@@ -11,40 +11,43 @@ let | |||
11 | EXEC_PROPAGATION_TIMEOUT=300 | 11 | EXEC_PROPAGATION_TIMEOUT=300 |
12 | EXEC_POLLING_INTERVAL=5 | 12 | EXEC_POLLING_INTERVAL=5 |
13 | ''; | 13 | ''; |
14 | knotDNSExec = zone: pkgs.writeScriptBin "update-dns.sh" '' | 14 | knotDNSExec = domain: |
15 | #!${pkgs.zsh}/bin/zsh -xe | 15 | let |
16 | zone = if cfg.domains.${domain}.zone == null then domain else cfg.domains.${domain}.zone; | ||
17 | in pkgs.writeScriptBin "update-dns.sh" '' | ||
18 | #!${pkgs.zsh}/bin/zsh -xe | ||
16 | 19 | ||
17 | mode=$1 | 20 | mode=$1 |
18 | fqdn=$2 | 21 | fqdn=$2 |
19 | challenge=$3 | 22 | challenge=$3 |
20 | 23 | ||
21 | owner=''${fqdn%".${zone}."} | 24 | owner=''${fqdn%".${domain}."} |
22 | 25 | ||
23 | commited= | 26 | commited= |
24 | function abort() { | 27 | function abort() { |
25 | [[ -n "''${commited}" ]] || ${knotCfg.cliWrappers}/bin/knotc zone-abort "${zone}" | 28 | [[ -n "''${commited}" ]] || ${knotCfg.cliWrappers}/bin/knotc zone-abort "${zone}" |
26 | } | 29 | } |
27 | 30 | ||
28 | ${knotCfg.cliWrappers}/bin/knotc zone-begin "${zone}" | 31 | ${knotCfg.cliWrappers}/bin/knotc zone-begin "${zone}" |
29 | trap abort EXIT | 32 | trap abort EXIT |
30 | 33 | ||
31 | case "''${mode}" in | 34 | case "''${mode}" in |
32 | present) | 35 | present) |
33 | ${knotCfg.cliWrappers}/bin/knotc zone-unset ${zone} "''${owner}" TXT '""' | 36 | ${knotCfg.cliWrappers}/bin/knotc zone-unset ${zone} "''${owner}" TXT '""' |
34 | ${knotCfg.cliWrappers}/bin/knotc zone-set ${zone} "''${owner}" 30 TXT "''${challenge}" | 37 | ${knotCfg.cliWrappers}/bin/knotc zone-set ${zone} "''${owner}" 30 TXT "''${challenge}" |
35 | ;; | 38 | ;; |
36 | cleanup) | 39 | cleanup) |
37 | ${knotCfg.cliWrappers}/bin/knotc zone-unset ${zone} "''${owner}" TXT "''${challenge}" | 40 | ${knotCfg.cliWrappers}/bin/knotc zone-unset ${zone} "''${owner}" TXT "''${challenge}" |
38 | ${knotCfg.cliWrappers}/bin/knotc zone-set ${zone} "''${owner}" 30 TXT '""' | 41 | ${knotCfg.cliWrappers}/bin/knotc zone-set ${zone} "''${owner}" 30 TXT '""' |
39 | ;; | 42 | ;; |
40 | *) | 43 | *) |
41 | exit 2 | 44 | exit 2 |
42 | ;; | 45 | ;; |
43 | esac | 46 | esac |
44 | 47 | ||
45 | ${knotCfg.cliWrappers}/bin/knotc zone-commit "${zone}" | 48 | ${knotCfg.cliWrappers}/bin/knotc zone-commit "${zone}" |
46 | commited=yes | 49 | commited=yes |
47 | ''; | 50 | ''; |
48 | 51 | ||
49 | domainOptions = { | 52 | domainOptions = { |
50 | options = { | 53 | options = { |
@@ -52,6 +55,10 @@ let | |||
52 | type = types.bool; | 55 | type = types.bool; |
53 | default = false; | 56 | default = false; |
54 | }; | 57 | }; |
58 | zone = mkOption { | ||
59 | type = types.nullOr types.str; | ||
60 | default = null; | ||
61 | }; | ||
55 | }; | 62 | }; |
56 | }; | 63 | }; |
57 | in { | 64 | in { |