From f6e32c687607fbc666a41eda574ff1e10a630ece Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Tue, 22 Feb 2022 13:24:29 +0100 Subject: ... --- hosts/surtr/dns/default.nix | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'hosts/surtr/dns/default.nix') diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix index 2079585c..971de5e8 100644 --- a/hosts/surtr/dns/default.nix +++ b/hosts/surtr/dns/default.nix @@ -25,6 +25,7 @@ in { enable = true; keyFiles = [ config.sops.secrets."rheperire.org_acme_key.yaml".path + config.sops.secrets."webdav.141.li_acme_key.yaml".path config.sops.secrets."knot_local_key.yaml".path ]; extraConfig = '' @@ -50,6 +51,9 @@ in { - id: rheperire.org_acme_acl key: rheperire.org_acme_key action: update + - id: webdav.141.li_acme_acl + key: webdav.141.li_acme_key + action: update - id: local_acl key: local_key action: update @@ -130,7 +134,12 @@ in { - domain: 141.li template: inwx_zone + acl: [local_acl, inwx_acl] file: ${./zones/li.141.soa} + - domain: _acme-challenge.webdav.141.li + template: acme_zone + acl: [webdav.141.li_acme_acl] + file: ${acmeChallengeZonefile "webdav.141.li"} - domain: kleen.li template: inwx_zone @@ -150,8 +159,8 @@ in { - domain: rheperire.org template: inwx_zone - file: ${./zones/org.rheperire.soa} acl: [local_acl, inwx_acl] + file: ${./zones/org.rheperire.soa} - domain: _acme-challenge.rheperire.org template: acme_zone acl: [rheperire.org_acme_acl] @@ -165,6 +174,11 @@ in { owner = "knot"; sopsFile = ./keys/rheperire.org_acme.yaml; }; + "webdav.141.li_acme_key.yaml" = { + format = "binary"; + owner = "knot"; + sopsFile = ./keys/webdav.141.li_acme.yaml; + }; "knot_local_key.yaml" = { format = "binary"; owner = "knot"; -- cgit v1.2.3