diff options
Diffstat (limited to 'hosts')
-rw-r--r-- | hosts/surtr/dns/default.nix | 2 | ||||
-rw-r--r-- | hosts/surtr/dns/keys/bouncy.email_acme.yaml | 26 | ||||
-rw-r--r-- | hosts/surtr/dns/zones/email.bouncy.soa | 52 | ||||
-rw-r--r-- | hosts/surtr/tls/default.nix | 2 | ||||
-rw-r--r-- | hosts/surtr/tls/tsig_keys/bouncy.email | 26 |
5 files changed, 107 insertions, 1 deletions
diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix index e1c24936..aff6e6f3 100644 --- a/hosts/surtr/dns/default.nix +++ b/hosts/surtr/dns/default.nix | |||
@@ -182,6 +182,8 @@ in { | |||
182 | { domain = "rheperire.org"; | 182 | { domain = "rheperire.org"; |
183 | addACLs = { "rheperire.org" = ["ymir_acme_acl"]; }; | 183 | addACLs = { "rheperire.org" = ["ymir_acme_acl"]; }; |
184 | } | 184 | } |
185 | { domain = "bouncy.email"; | ||
186 | } | ||
185 | ]} | 187 | ]} |
186 | ''; | 188 | ''; |
187 | }; | 189 | }; |
diff --git a/hosts/surtr/dns/keys/bouncy.email_acme.yaml b/hosts/surtr/dns/keys/bouncy.email_acme.yaml new file mode 100644 index 00000000..ef900376 --- /dev/null +++ b/hosts/surtr/dns/keys/bouncy.email_acme.yaml | |||
@@ -0,0 +1,26 @@ | |||
1 | { | ||
2 | "data": "ENC[AES256_GCM,data:+wtxY9yDbNOOorVS7Aur1hJjoRSEygv8kyaMT+9zb4hQ0hhaoLMnkKfB4qR56wOvAy7wvW1OhFhICe5Ii1GDEEHWiRXGGm4mICt+DG4xvqYD1uNUWGdwRNWyv1PPfpjV33/rALanlGqvD6K2hMQAKDzWgrI0oIh13N6v+8R13sC+YtcoaKmt+i6w4Pby3w5TmaxZD0Rfm7PcYz+ZOR+552E6y5OZ+69Kb1wFrDWhYrPBHy8zsV2VcQYgzsB0MUgwjpRtz5j1sbA=,iv:5axeSwNOy/Mbk2cLXCb2hyIhhMmufWMmGIBseIoAq8U=,tag:L3qS4esYwH6rLTHclRk0VQ==,type:str]", | ||
3 | "sops": { | ||
4 | "kms": null, | ||
5 | "gcp_kms": null, | ||
6 | "azure_kv": null, | ||
7 | "hc_vault": null, | ||
8 | "age": null, | ||
9 | "lastmodified": "2022-05-05T09:11:47Z", | ||
10 | "mac": "ENC[AES256_GCM,data:BeR4eZ9AR8YGYy7eulvod4QwmFlstjS/ic3EIOpNaqDdeHCz5QCWM2+kR47ZQanSmVP1bFrIrnqIbL0lQXhX5a3mclFla61piC1oUELWXcn6jj6kd9QOZx9ZU/VlcKJEtt82nEXb7y8SEbiEHSs3btmAY9pHtYgLB/5grhBVnm8=,iv:3TEVp5wgtem43WEdh7LpMF77cSoP/+FjcH3oHnmmS4o=,tag:JceRss6y1lUbyem3Rqmd/w==,type:str]", | ||
11 | "pgp": [ | ||
12 | { | ||
13 | "created_at": "2022-05-05T09:11:46Z", | ||
14 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAN7OICwH4WzjRMo9QTW242OioK0RQufqkN/KbUQUDPyQw\nXvLmJlDZeNKDDw6KWkbb7ZNZuNF1i43BkrwfOQmYAhDDH4Y+vPYhWK6x6umxULko\n0lwB1J0TOLS17TkTO8atGrGo++hu705cokSQ84mpcercl66d7OzpI5N7I0MhM1A2\nfVdlvj7QNM/AnwXYOpxLeoUJl7D3gL/c/LA9/+5WDOMvNQLDgZI8h72J3q10Aw==\n=EdX/\n-----END PGP MESSAGE-----\n", | ||
15 | "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" | ||
16 | }, | ||
17 | { | ||
18 | "created_at": "2022-05-05T09:11:46Z", | ||
19 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAmsryLbhFP1Ac3Y5+ROeDOfiNS1E7veMwxHf9S1sZflEw\nQ4/524tpAa8rgikNV5gmVKE4UVxYrLqwJItskzOML8OMqW5QGVKtHweSvPcMhv3E\n0lwB3pOk770dv0wiyxDl4wEWH/NvK+PWwpvcP4hT7PkLRbaUpov63sj41QOxCQMj\npV/Uvzo5/bKN9ZmF5WfPRmRPRsL8CuZoXEV1F9ZxGFyuRHS4pb4TFLHv+rnbhg==\n=xLXq\n-----END PGP MESSAGE-----\n", | ||
20 | "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" | ||
21 | } | ||
22 | ], | ||
23 | "unencrypted_suffix": "_unencrypted", | ||
24 | "version": "3.7.2" | ||
25 | } | ||
26 | } \ No newline at end of file | ||
diff --git a/hosts/surtr/dns/zones/email.bouncy.soa b/hosts/surtr/dns/zones/email.bouncy.soa new file mode 100644 index 00000000..d6fdab9b --- /dev/null +++ b/hosts/surtr/dns/zones/email.bouncy.soa | |||
@@ -0,0 +1,52 @@ | |||
1 | $ORIGIN bouncy.email. | ||
2 | $TTL 3600 | ||
3 | @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( | ||
4 | 2022050501 ; serial | ||
5 | 10800 ; refresh | ||
6 | 3600 ; retry | ||
7 | 604800 ; expire | ||
8 | 3600 ; min TTL | ||
9 | ) | ||
10 | IN NS ns.yggdrasil.li. | ||
11 | IN NS ns.inwx.de. | ||
12 | IN NS ns2.inwx.de. | ||
13 | IN NS ns3.inwx.eu. | ||
14 | |||
15 | @ IN CAA 128 issue "letsencrypt.org; validationmethods=dns-01" | ||
16 | @ IN CAA 128 iodef "mailto:caa@yggdrasil.li" | ||
17 | |||
18 | @ IN A 202.61.241.61 | ||
19 | @ IN AAAA 2a03:4000:52:ada:: | ||
20 | @ IN MX 0 mailin.bouncy.email. | ||
21 | @ IN TXT "v=spf1 a:mailout.bouncy.email -all" | ||
22 | |||
23 | * IN A 202.61.241.61 | ||
24 | * IN AAAA 2a03:4000:52:ada:: | ||
25 | * IN MX 0 mailin.bouncy.email. | ||
26 | * IN TXT "v=spf1 redirect=bouncy.email" | ||
27 | |||
28 | mailout IN A 202.61.241.61 | ||
29 | mailout IN AAAA 2a03:4000:52:ada:: | ||
30 | mailout IN MX 0 mailin.bouncy.email. | ||
31 | mailout IN TXT "v=spf1 redirect=bouncy.email" | ||
32 | |||
33 | mailin IN A 202.61.241.61 | ||
34 | mailin IN AAAA 2a03:4000:52:ada:: | ||
35 | mailin IN MX 0 mailin.bouncy.email. | ||
36 | mailin IN TXT "v=spf1 redirect=bouncy.email" | ||
37 | |||
38 | mailsub IN A 202.61.241.61 | ||
39 | mailsub IN AAAA 2a03:4000:52:ada:: | ||
40 | mailsub IN MX 0 mailin.bouncy.email. | ||
41 | mailsub IN TXT "v=spf1 redirect=bouncy.email" | ||
42 | |||
43 | _submissions._tcp IN SRV 5 0 465 mailsub.bouncy.email. | ||
44 | |||
45 | imap IN A 202.61.241.61 | ||
46 | imap IN AAAA 2a03:4000:52:ada:: | ||
47 | imap IN MX 0 mailin.bouncy.email. | ||
48 | imap IN TXT "v=spf1 redirect=bouncy.email" | ||
49 | |||
50 | _imaps._tcp IN SRV 5 0 993 imap.bouncy.email. | ||
51 | |||
52 | _acme-challenge IN NS ns.yggdrasil.li. | ||
diff --git a/hosts/surtr/tls/default.nix b/hosts/surtr/tls/default.nix index d1478a5b..0f3a7fec 100644 --- a/hosts/surtr/tls/default.nix +++ b/hosts/surtr/tls/default.nix | |||
@@ -36,7 +36,7 @@ in { | |||
36 | }; | 36 | }; |
37 | 37 | ||
38 | config = { | 38 | config = { |
39 | security.acme.domains = genAttrs ["dirty-haskell.org" "141.li" "xmpp.li" "synapse.li" "yggdrasil.li" "praseodym.org" "rheperire.org" "kleen.li" "nights.email"] (domain: { wildcard = true; }); | 39 | security.acme.domains = genAttrs ["dirty-haskell.org" "141.li" "xmpp.li" "synapse.li" "yggdrasil.li" "praseodym.org" "rheperire.org" "kleen.li" "nights.email" "bouncy.email"] (domain: { wildcard = true; }); |
40 | 40 | ||
41 | fileSystems."/var/lib/acme" = | 41 | fileSystems."/var/lib/acme" = |
42 | { device = "surtr/safe/var-lib-acme"; | 42 | { device = "surtr/safe/var-lib-acme"; |
diff --git a/hosts/surtr/tls/tsig_keys/bouncy.email b/hosts/surtr/tls/tsig_keys/bouncy.email new file mode 100644 index 00000000..f6b8377b --- /dev/null +++ b/hosts/surtr/tls/tsig_keys/bouncy.email | |||
@@ -0,0 +1,26 @@ | |||
1 | { | ||
2 | "data": "ENC[AES256_GCM,data:A9Z9+ZH8xL+ho8AHY68BPpDwccOCFe6kn6vTe+7xiAa2L4OeAQr6ht2Ps0FN,iv:inoeIthQ0qpV+Fgllhu/7AtTbemkx48dBUpw3B4jnmo=,tag:ST1upRnFaiQWQnhmuwSurQ==,type:str]", | ||
3 | "sops": { | ||
4 | "kms": null, | ||
5 | "gcp_kms": null, | ||
6 | "azure_kv": null, | ||
7 | "hc_vault": null, | ||
8 | "age": null, | ||
9 | "lastmodified": "2022-05-05T09:11:47Z", | ||
10 | "mac": "ENC[AES256_GCM,data:Rp9OZdZ83nXKJqZGq8bEgkrjdDzGIWD1SsaPSEzKdTmL5+N2aqv0hQhmlKqgINSipy3pPr27ojQgDUqSGXNkiOdxOMn1wwxBFL7DBAFOW294KxU1uCXhQMLcYwGHlaEVrzGrNvPE3SEfjgWFTJHyT7j+hI7dVUfPiGYxWJFHg6A=,iv:IQ5x4u8MeChI7Mf5vfUv4s9Y8EaUja8En5yzPP6Vz/U=,tag:64Xu995aal53KQLWl3UOgw==,type:str]", | ||
11 | "pgp": [ | ||
12 | { | ||
13 | "created_at": "2022-05-05T09:11:47Z", | ||
14 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAAg2F1LygQ9z7q2KuTamS1ZyAlKrSsFXevqRRN9LZrzEw\n7JXermDoMQzMuTPdjMUL6E5Rlfk5j2UTHKqa1SoQyUDgmF1hCOny/8+gbVqQySLw\n0lwB2MNRJGOcLWSoxEXHU+bIRiwLX5QZ8MFFrtxkk1hd28RL8JozFio/ZwuNSFSK\nU3jNEajWwxX/Y1ct0KmcVvhhCOwKTinZCebCocB0I12V7ZRMbDzKUc1avLIoVA==\n=JlNZ\n-----END PGP MESSAGE-----\n", | ||
15 | "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" | ||
16 | }, | ||
17 | { | ||
18 | "created_at": "2022-05-05T09:11:47Z", | ||
19 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAfoOzVooUt/RCvN/Gyzfg/Ci/6SPOavIFz6a1VY8RCTsw\nbdfL6HQaU+I14B6DdJYV3ThZTvchspexKCt/3tve4fQtLS4YP43Yc/cKyuvJjKhi\n0lwBdH92sKoNZCF8sC+AoH8fOP20jR6DvIXcvvnYrlpOPolQ2xJffrzpFnDmxSC5\n5tKMotnX5iPi0zNR4riAf+li0vboFYpOWyO1vJWtF97EaMdrIaqqC5i98/5qlg==\n=iFkv\n-----END PGP MESSAGE-----\n", | ||
20 | "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" | ||
21 | } | ||
22 | ], | ||
23 | "unencrypted_suffix": "_unencrypted", | ||
24 | "version": "3.7.2" | ||
25 | } | ||
26 | } \ No newline at end of file | ||