From 8d478176fc8595e7a8cb28f22806c741df6d6732 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Thu, 24 Feb 2022 20:17:37 +0100 Subject: synapse.li --- hosts/surtr/dns/default.nix | 2 ++ hosts/surtr/dns/zones/li.synapse.soa | 29 +++++++++++++++++++++++++++++ hosts/surtr/tls/default.nix | 2 +- 3 files changed, 32 insertions(+), 1 deletion(-) create mode 100644 hosts/surtr/dns/zones/li.synapse.soa diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix index dc991b66..e9ae3183 100644 --- a/hosts/surtr/dns/default.nix +++ b/hosts/surtr/dns/default.nix @@ -169,6 +169,8 @@ in { { domain = "xmpp.li"; addACLs = { "xmpp.li" = ["ymir_acme_acl"]; }; } + { domain = "synapse.li"; + } { domain = "dirty-haskell.org"; addACLs = { "dirty-haskell.org" = ["ymir_acme_acl"]; }; } diff --git a/hosts/surtr/dns/zones/li.synapse.soa b/hosts/surtr/dns/zones/li.synapse.soa new file mode 100644 index 00000000..539f0297 --- /dev/null +++ b/hosts/surtr/dns/zones/li.synapse.soa @@ -0,0 +1,29 @@ +$ORIGIN synapse.li +$TTL 3600 +@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( + 2022022401 ; serial + 10800 ; refresh + 3600 ; retry + 604800 ; expire + 3600 ; min TTL +) + + IN NS ns.yggdrasil.li. + IN NS ns.inwx.de. + IN NS ns2.inwx.de. + IN NS ns3.inwx.eu. + +@ IN CAA 128 issue "letsencrypt.org; validationmethods=dns-01" +@ IN CAA 128 iodef "mailto:caa@yggdrasil.li" + +@ IN A 202.61.241.61 +@ IN AAAA 2a03:4000:52:ada:: +@ IN MX 0 ymir.yggdrasil.li +@ IN TXT "v=spf1 redirect=yggdrasil.li" + +* IN A 202.61.241.61 +* IN AAAA 2a03:4000:52:ada:: +* IN MX 0 ymir.yggdrasil.li +* IN TXT "v=spf1 redirect=yggdrasil.li" + +_acme-challenge IN NS ns.yggdrasil.li. diff --git a/hosts/surtr/tls/default.nix b/hosts/surtr/tls/default.nix index 5118b1ad..6fbab9bd 100644 --- a/hosts/surtr/tls/default.nix +++ b/hosts/surtr/tls/default.nix @@ -36,7 +36,7 @@ in { }; config = { - security.acme.domains = genAttrs ["dirty-haskell.org" "141.li" "xmpp.li" "yggdrasil.li" "praseodym.org" "rheperire.org" "kleen.li" "nights.email"] (domain: { wildcard = true; }); + security.acme.domains = genAttrs ["dirty-haskell.org" "141.li" "xmpp.li" "synapse.li" "yggdrasil.li" "praseodym.org" "rheperire.org" "kleen.li" "nights.email"] (domain: { wildcard = true; }); fileSystems."/var/lib/acme" = { device = "surtr/safe/var-lib-acme"; -- cgit v1.2.3