From 910fd2059e7e95a12702695a4991ea133f7a37a7 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Thu, 5 May 2022 11:26:19 +0200 Subject: surtr: bouncy.email --- hosts/surtr/dns/default.nix | 2 ++ hosts/surtr/dns/keys/bouncy.email_acme.yaml | 26 +++++++++++++++ hosts/surtr/dns/zones/email.bouncy.soa | 52 +++++++++++++++++++++++++++++ 3 files changed, 80 insertions(+) create mode 100644 hosts/surtr/dns/keys/bouncy.email_acme.yaml create mode 100644 hosts/surtr/dns/zones/email.bouncy.soa (limited to 'hosts/surtr/dns') diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix index e1c24936..aff6e6f3 100644 --- a/hosts/surtr/dns/default.nix +++ b/hosts/surtr/dns/default.nix @@ -182,6 +182,8 @@ in { { domain = "rheperire.org"; addACLs = { "rheperire.org" = ["ymir_acme_acl"]; }; } + { domain = "bouncy.email"; + } ]} ''; }; diff --git a/hosts/surtr/dns/keys/bouncy.email_acme.yaml b/hosts/surtr/dns/keys/bouncy.email_acme.yaml new file mode 100644 index 00000000..ef900376 --- /dev/null +++ b/hosts/surtr/dns/keys/bouncy.email_acme.yaml @@ -0,0 +1,26 @@ +{ + "data": "ENC[AES256_GCM,data:+wtxY9yDbNOOorVS7Aur1hJjoRSEygv8kyaMT+9zb4hQ0hhaoLMnkKfB4qR56wOvAy7wvW1OhFhICe5Ii1GDEEHWiRXGGm4mICt+DG4xvqYD1uNUWGdwRNWyv1PPfpjV33/rALanlGqvD6K2hMQAKDzWgrI0oIh13N6v+8R13sC+YtcoaKmt+i6w4Pby3w5TmaxZD0Rfm7PcYz+ZOR+552E6y5OZ+69Kb1wFrDWhYrPBHy8zsV2VcQYgzsB0MUgwjpRtz5j1sbA=,iv:5axeSwNOy/Mbk2cLXCb2hyIhhMmufWMmGIBseIoAq8U=,tag:L3qS4esYwH6rLTHclRk0VQ==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": null, + "lastmodified": "2022-05-05T09:11:47Z", + "mac": "ENC[AES256_GCM,data:BeR4eZ9AR8YGYy7eulvod4QwmFlstjS/ic3EIOpNaqDdeHCz5QCWM2+kR47ZQanSmVP1bFrIrnqIbL0lQXhX5a3mclFla61piC1oUELWXcn6jj6kd9QOZx9ZU/VlcKJEtt82nEXb7y8SEbiEHSs3btmAY9pHtYgLB/5grhBVnm8=,iv:3TEVp5wgtem43WEdh7LpMF77cSoP/+FjcH3oHnmmS4o=,tag:JceRss6y1lUbyem3Rqmd/w==,type:str]", + "pgp": [ + { + "created_at": "2022-05-05T09:11:46Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAN7OICwH4WzjRMo9QTW242OioK0RQufqkN/KbUQUDPyQw\nXvLmJlDZeNKDDw6KWkbb7ZNZuNF1i43BkrwfOQmYAhDDH4Y+vPYhWK6x6umxULko\n0lwB1J0TOLS17TkTO8atGrGo++hu705cokSQ84mpcercl66d7OzpI5N7I0MhM1A2\nfVdlvj7QNM/AnwXYOpxLeoUJl7D3gL/c/LA9/+5WDOMvNQLDgZI8h72J3q10Aw==\n=EdX/\n-----END PGP MESSAGE-----\n", + "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" + }, + { + "created_at": "2022-05-05T09:11:46Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAmsryLbhFP1Ac3Y5+ROeDOfiNS1E7veMwxHf9S1sZflEw\nQ4/524tpAa8rgikNV5gmVKE4UVxYrLqwJItskzOML8OMqW5QGVKtHweSvPcMhv3E\n0lwB3pOk770dv0wiyxDl4wEWH/NvK+PWwpvcP4hT7PkLRbaUpov63sj41QOxCQMj\npV/Uvzo5/bKN9ZmF5WfPRmRPRsL8CuZoXEV1F9ZxGFyuRHS4pb4TFLHv+rnbhg==\n=xLXq\n-----END PGP MESSAGE-----\n", + "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.7.2" + } +} \ No newline at end of file diff --git a/hosts/surtr/dns/zones/email.bouncy.soa b/hosts/surtr/dns/zones/email.bouncy.soa new file mode 100644 index 00000000..d6fdab9b --- /dev/null +++ b/hosts/surtr/dns/zones/email.bouncy.soa @@ -0,0 +1,52 @@ +$ORIGIN bouncy.email. +$TTL 3600 +@ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( + 2022050501 ; serial + 10800 ; refresh + 3600 ; retry + 604800 ; expire + 3600 ; min TTL +) + IN NS ns.yggdrasil.li. + IN NS ns.inwx.de. + IN NS ns2.inwx.de. + IN NS ns3.inwx.eu. + +@ IN CAA 128 issue "letsencrypt.org; validationmethods=dns-01" +@ IN CAA 128 iodef "mailto:caa@yggdrasil.li" + +@ IN A 202.61.241.61 +@ IN AAAA 2a03:4000:52:ada:: +@ IN MX 0 mailin.bouncy.email. +@ IN TXT "v=spf1 a:mailout.bouncy.email -all" + +* IN A 202.61.241.61 +* IN AAAA 2a03:4000:52:ada:: +* IN MX 0 mailin.bouncy.email. +* IN TXT "v=spf1 redirect=bouncy.email" + +mailout IN A 202.61.241.61 +mailout IN AAAA 2a03:4000:52:ada:: +mailout IN MX 0 mailin.bouncy.email. +mailout IN TXT "v=spf1 redirect=bouncy.email" + +mailin IN A 202.61.241.61 +mailin IN AAAA 2a03:4000:52:ada:: +mailin IN MX 0 mailin.bouncy.email. +mailin IN TXT "v=spf1 redirect=bouncy.email" + +mailsub IN A 202.61.241.61 +mailsub IN AAAA 2a03:4000:52:ada:: +mailsub IN MX 0 mailin.bouncy.email. +mailsub IN TXT "v=spf1 redirect=bouncy.email" + +_submissions._tcp IN SRV 5 0 465 mailsub.bouncy.email. + +imap IN A 202.61.241.61 +imap IN AAAA 2a03:4000:52:ada:: +imap IN MX 0 mailin.bouncy.email. +imap IN TXT "v=spf1 redirect=bouncy.email" + +_imaps._tcp IN SRV 5 0 993 imap.bouncy.email. + +_acme-challenge IN NS ns.yggdrasil.li. -- cgit v1.2.3