From 7e97353075b4acee96488d022e456f80f4f903ed Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Thu, 10 Nov 2022 09:15:50 +0100 Subject: surtr: etebase --- hosts/surtr/dns/default.nix | 4 ++-- .../dns/keys/app.etesync.yggdrasil.li_acme.yaml | 26 ++++++++++++++++++++++ .../surtr/dns/keys/etesync.yggdrasil.li_acme.yaml | 26 ++++++++++++++++++++++ hosts/surtr/dns/zones/li.yggdrasil.soa | 14 +++++++++++- 4 files changed, 67 insertions(+), 3 deletions(-) create mode 100644 hosts/surtr/dns/keys/app.etesync.yggdrasil.li_acme.yaml create mode 100644 hosts/surtr/dns/keys/etesync.yggdrasil.li_acme.yaml (limited to 'hosts/surtr/dns') diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix index 5cba23d9..e0637b3b 100644 --- a/hosts/surtr/dns/default.nix +++ b/hosts/surtr/dns/default.nix @@ -48,7 +48,7 @@ in { unitConfig.RequiresMountsFor = [ "/var/lib/knot" ]; serviceConfig.LoadCredential = map ({name, ...}: "${name}:${config.sops.secrets.${name}.path}") knotKeys; }; - + services.knot = { enable = true; keyFiles = map ({name, ...}: "/run/credentials/knot.service/${name}") knotKeys; @@ -159,7 +159,7 @@ in { ${concatMapStringsSep "\n" mkZone [ { domain = "yggdrasil.li"; addACLs = { "yggdrasil.li" = ["ymir_acme_acl"]; }; - acmeDomains = ["surtr.yggdrasil.li" "yggdrasil.li"]; + acmeDomains = ["surtr.yggdrasil.li" "yggdrasil.li" "etesync.yggdrasil.li" "app.etesync.yggdrasil.li"]; } { domain = "nights.email"; addACLs = { "nights.email" = ["ymir_acme_acl"]; }; diff --git a/hosts/surtr/dns/keys/app.etesync.yggdrasil.li_acme.yaml b/hosts/surtr/dns/keys/app.etesync.yggdrasil.li_acme.yaml new file mode 100644 index 00000000..f8e0794d --- /dev/null +++ b/hosts/surtr/dns/keys/app.etesync.yggdrasil.li_acme.yaml @@ -0,0 +1,26 @@ +{ + "data": "ENC[AES256_GCM,data:YW/R3Bi4IDGNBxtUFh9h/9i/kQaQTVQN019NDNQsGVBOFQSZxvy8+RBEfmZO1bvAYbBuQ72ksb3+dckupm8BQaO4lxsCZpGcPmDrWpYal4hirJAtiJ374j9jGTFVF0x7z6lb8B3aZ5Ztkov6ZxLLiXAEZ1owufKCYeqyemzuEUPPvrfAvF14vg3kqcr2OfeLE7XdMMMu1/ive5C2QGsKekRqJNDbO2iiWDaTFCY3N9Rqja895Of9lzUGNjsWhnNsZLzpEvm/NPFKAmStRq24XGk/KIxGoxBCLZYoCaqZNJ0=,iv:xWYRqkW8Oyple4EQegxx3Y+fwlm1ghm9pbP59UmM1bk=,tag:371XtqRpcbCLcDSJ0xtGgA==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": null, + "lastmodified": "2022-11-09T19:02:47Z", + "mac": "ENC[AES256_GCM,data:1/v1EB5lz/cwKcUuOPVVXPBtEnTmFrZj0hTGv5uQEVU9fd66muY3J6HPEvS68g/YBaaYy6V2QLc2lDwbu9amaukqE1Mq7sv51kSPp7jQs7u91BKfN5K3OtCipFxG1fwjqY4k7zliaYESLwrQWXEhFz3k/nPT9xD/nDNc/czQi3I=,iv:zNUpuirl9gZp/kr/NdO3a6ibjX6Itc0JBpu/xxTpMAI=,tag:0twXpUS+/YCpSxZBfojQ0g==,type:str]", + "pgp": [ + { + "created_at": "2022-11-09T19:02:47Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAwgUrKA64oejQmFVmq/vVXUtB0cA1QFTD9tYjc47x+zUw\nwClB436nZMlbuVAltWoMwaW6SOF2I6pcl10j1mU2tSBTnAFmhYUKstYNN1QaBcsj\n0l4By0ALjyRuRkvhZI1Tx3pUJ25P4mGux5dIYPbM+tDcb8hwfmCBig6NG47HH3xp\nPxWXzP6LNFkAAzpZidkv9RaI1XDezbqweMHVTOMfgnaQR35bIbFKDBEd/Y7AvGOT\n=P2yg\n-----END PGP MESSAGE-----\n", + "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" + }, + { + "created_at": "2022-11-09T19:02:47Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAbP0iUr2BYsdWpD0m2W4S8aTz8t4dp9mY23qAY5vbGV4w\nxETSJs6Luv32fHpG+kUFkNKIkkpte7Yq3qtxpFoIKroZAGR3/mXB2f0Nd+BKbDZy\n0l4Baouvj8guk0BxywGDyW3V88qMphaGxAwgVsZSiZ9++HxhGHu2fAozJdsJNNtv\njtQI/IM6TaR5/Ib5NxEZ2zR1AguaoI7iDIPhiLUwZmzk95/+xbNwo/bVjHXyh6vA\n=zxXy\n-----END PGP MESSAGE-----\n", + "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.7.3" + } +} \ No newline at end of file diff --git a/hosts/surtr/dns/keys/etesync.yggdrasil.li_acme.yaml b/hosts/surtr/dns/keys/etesync.yggdrasil.li_acme.yaml new file mode 100644 index 00000000..1c588b07 --- /dev/null +++ b/hosts/surtr/dns/keys/etesync.yggdrasil.li_acme.yaml @@ -0,0 +1,26 @@ +{ + "data": "ENC[AES256_GCM,data:9VkwZFnF/WJZx4eHBV0psppNd+XbtCO3flQeO9YIVLYA7Hlyu7YZKkILgQDheHN/KjKfuRXsXUNjojEGgkyzU3Hc03LUQkrF4dFP99/Fqwjl9TUWKHPPxCXKPzEuEpJI3krwFOLWoD++aGmQKzAW4vG9oMF4vErkzUAchxfvVnC6TiswuSAsOF34/A3JP4dZKo78iMf90MhXSrqzQ60tUSrSGUBipBne40a5kVHw6Jc4N5zUemnYAInftIvQ+8VKhxhIxLIPrYslM159w0HgTta2Jio+6UHq,iv:UwDkUeaXY6IrVJf4BxPy52ssE32AiKkpWSOj8JeZrTw=,tag:Jdz4tOhu41kjGbBOMqQC1A==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": null, + "lastmodified": "2022-11-09T15:58:56Z", + "mac": "ENC[AES256_GCM,data:bLVoRyiCj/t39dC62YuhwDlpVdniufta6wie+bTD3CmC7RxFrSVTIuRZbKlYgue+sxhtIsG2AaO4/FrpFGm9i3tQAi47wHMhr4NRtxXYALAiBKgREjap1q19ePMeN9vdbdxB2SsnnJBhlRAsZzyFqoeKuo67pEWWPuwJz3QXSGI=,iv:fmr313AD4xbQHNP94HLzKzVTGdL7E0m0u4F/oQay/2w=,tag:gs7GWUWuCISO0WVu/C+wuQ==,type:str]", + "pgp": [ + { + "created_at": "2022-11-09T15:58:56Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdATu1XElbAp1jN1ON1K5dOrePlVtucKDXpu1316bi0pQsw\n8YHSJkrIS0LaAGSPnZkNtxXMOWNcmLrbUhDwLcLnmYG2VSv4oaOhgHJ7qHxlwFTM\n0l4B67lzysh5ah1XEQMn5J/tERwHp9S2s5vN61olviMetrlAV6n03JTHjMSsV2nZ\nM5JflAbE3amxEdlAIcKyRh5pcTz1cnwEk5dVQMN6to8alhBOsEd2j40S7ixvuAmB\n=UUbW\n-----END PGP MESSAGE-----\n", + "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" + }, + { + "created_at": "2022-11-09T15:58:56Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdANUUZ//nrQaWaN09s/He7ZvgVDBNSoSoor5PPpeFkogYw\nxtwRVqp4/bqkiBDk0Szgjna98hnC0LKLfiO1zDDzSZ1c8NhUSo2mI52qnq6PAkOZ\n0l4BlYEjEcCYhuZJrGErzFnxWdPVUlTy/DOVN8AWwJCgvvbKKL0R4As7gwyoGg8a\nAPYgA4J9p62dlTCTHFXZNdQ6Iml/sBcgafcWAq5B6anQ6bmFGUF7s/+ntT5Ergr9\n=LVUN\n-----END PGP MESSAGE-----\n", + "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.7.3" + } +} \ No newline at end of file diff --git a/hosts/surtr/dns/zones/li.yggdrasil.soa b/hosts/surtr/dns/zones/li.yggdrasil.soa index 1a4e4656..1bb10662 100644 --- a/hosts/surtr/dns/zones/li.yggdrasil.soa +++ b/hosts/surtr/dns/zones/li.yggdrasil.soa @@ -1,7 +1,7 @@ $ORIGIN yggdrasil.li. $TTL 3600 @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( - 2022072800 ; serial + 2022110904 ; serial 10800 ; refresh 3600 ; retry 604800 ; expire @@ -53,6 +53,18 @@ _acme-challenge.surtr IN NS ns.yggdrasil.li. prometheus.surtr IN CNAME surtr.yggdrasil.li. +etesync IN A 202.61.241.61 +etesync IN AAAA 2a03:4000:52:ada:: +etesync IN MX 0 surtr.yggdrasil.li +etesync IN TXT "v=spf1 redirect=surtr.yggdrasil.li" +_acme-challenge.etesync IN NS ns.yggdrasil.li. + +app.etesync IN A 202.61.241.61 +app.etesync IN AAAA 2a03:4000:52:ada:: +app.etesync IN MX 0 surtr.yggdrasil.li +app.etesync IN TXT "v=spf1 redirect=surtr.yggdrasil.li" +_acme-challenge.app.etesync IN NS ns.yggdrasil.li. + vidhar IN AAAA 2a03:4000:52:ada:4:1:: vidhar IN MX 0 ymir.yggdrasil.li vidhar IN TXT "v=spf1 redirect=yggdrasil.li" -- cgit v1.2.3