From 97a05b0837e27e8d73d3a16185fb07169de65d7b Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sun, 15 May 2022 16:32:21 +0200 Subject: surtr: ... --- hosts/surtr/dns/default.nix | 2 +- hosts/surtr/dns/keys/spm.bouncy.email_acme.yaml | 26 +++++++++++++++++++++++++ hosts/surtr/dns/zones/email.bouncy.soa | 8 +++++++- 3 files changed, 34 insertions(+), 2 deletions(-) create mode 100644 hosts/surtr/dns/keys/spm.bouncy.email_acme.yaml (limited to 'hosts/surtr/dns') diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix index d665714d..5b439a8f 100644 --- a/hosts/surtr/dns/default.nix +++ b/hosts/surtr/dns/default.nix @@ -184,7 +184,7 @@ in { addACLs = { "rheperire.org" = ["ymir_acme_acl"]; }; } { domain = "bouncy.email"; - acmeDomains = ["mailin.bouncy.email" "mailsub.bouncy.email" "imap.bouncy.email" "bouncy.email"]; + acmeDomains = ["mailin.bouncy.email" "mailsub.bouncy.email" "imap.bouncy.email" "spm.bouncy.email" "bouncy.email"]; } ]} ''; diff --git a/hosts/surtr/dns/keys/spm.bouncy.email_acme.yaml b/hosts/surtr/dns/keys/spm.bouncy.email_acme.yaml new file mode 100644 index 00000000..abddfb7c --- /dev/null +++ b/hosts/surtr/dns/keys/spm.bouncy.email_acme.yaml @@ -0,0 +1,26 @@ +{ + "data": "ENC[AES256_GCM,data:I8Fc6jr7yq63KQNKP1LlnZFX/AXC15HK9+3hMHFvTrqpCOZ/Pg+N5Vw+QUy2MP4F4CTE7m7yPSrejqwHiMT7OUVvEbxywgwbT9JBN8YUVhorp5FcAMXoSWDFOxgzpQ3YRR+2FcRO7M6VbCFzp7yCQY9I7/OLWShUPZv9oEBI1LRtx9Zko4yMPRF895wvIqR50KHmvL4YQhPubIt4dozYi3yJSAKLLgBDVF64I+YactydP1LLpkq+JGb8DIYRwyGxFCxM3U+1wrkbSioR3Ut+Xw==,iv:46KiDfXa3eVewPDouUYOz7PenuwaRbOgbuSDmMTVBXs=,tag:DZphA+jv7FpYhW+spnFnIA==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": null, + "lastmodified": "2022-05-15T13:16:43Z", + "mac": "ENC[AES256_GCM,data:ctSwR9AUO7jcAto8H+qic4bZ14Zu3Vh/yH/TANLLDomEOcpfUjGneLO2mv5J4RM0O+G0mMULseqMXYWPYPAaXLz91ynkROoX76q/H+yf+mDBl7bfO/tzg8XmAZvQjtBCv7ctLY1OXe144uOoxeYfrM4Tv72K1dehEI/eJPCNIak=,iv:bwhXaEOJte0LmpKS0pQ4nLgrCrcmUNIqCdcrm6c/7b0=,tag:pzCYdGnYC8cPUL/h9V5z9w==,type:str]", + "pgp": [ + { + "created_at": "2022-05-15T13:16:43Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdA8Qw/R0Q22h6YqOt3yLHzFH8ef5tc6oBNx+1lGtxOi3Qw\nEJko8z7Lv5DScheFgECls03rlt9HH7cmPnkQhUnqmfbyzYuosLVM+G0bswpu01ot\n0l4BNBsavoLAa68LFtJGBViM1kojb/UteeYC1cvq2TeXLNaQ90QmGnC6GJHZvzpi\n/u7Rl0DdGoagHrTtVKnNGtvOdwFYeG6iPRHl8Ko9D0HTkgW7dkJ77tw2Wqt0POjs\n=BhzO\n-----END PGP MESSAGE-----\n", + "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" + }, + { + "created_at": "2022-05-15T13:16:43Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAFp33Ruo0AivhV6jjRzoZQvtexS5WEkeoKf4xjRjmKB8w\nRCCCUGiwg8+sz9q+T89QeV26yIQBFQR3kvoamPltW+VZfGuh3oPjl6NbL0MpGsr5\n0l4BDJgG7sIJRZokW0/pwdAJ0PZrKlPxtUoaorM//pLGd0eNbIUGlNT2Jcvsc3Z9\nIkMISOK4wcTj/KvCXfPsN0KiedEKYEj4pq80h1hIWu2910yicSKVNjfL7lARUgTk\n=qTBm\n-----END PGP MESSAGE-----\n", + "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.7.2" + } +} \ No newline at end of file diff --git a/hosts/surtr/dns/zones/email.bouncy.soa b/hosts/surtr/dns/zones/email.bouncy.soa index 77ac7064..77acee8b 100644 --- a/hosts/surtr/dns/zones/email.bouncy.soa +++ b/hosts/surtr/dns/zones/email.bouncy.soa @@ -1,7 +1,7 @@ $ORIGIN bouncy.email. $TTL 3600 @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( - 2022050600 ; serial + 2022051500 ; serial 10800 ; refresh 3600 ; retry 604800 ; expire @@ -57,3 +57,9 @@ _acme-challenge.imap IN NS ns.yggdrasil.li. _imaps._tcp IN SRV 5 0 993 imap.bouncy.email. _sieve._tcp IN SRV 5 0 4190 imap.bouncy.email. + +spm IN A 202.61.241.61 +spm IN AAAA 2a03:4000:52:ada:: +spm IN MX 0 mailin.bouncy.email. +spm IN TXT "v=spf1 redirect=bouncy.email" +_acme-challenge.spm IN NS ns.yggdrasil.li. -- cgit v1.2.3