From 6562b2c5793c7329f08b1c6d14cf732cb6d41bb4 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Mon, 31 Jan 2022 16:58:50 +0100 Subject: ... --- hosts/surtr/tls.nix | 63 ++++++++++++++++++++++++++--------------------------- 1 file changed, 31 insertions(+), 32 deletions(-) (limited to 'hosts/surtr/tls.nix') diff --git a/hosts/surtr/tls.nix b/hosts/surtr/tls.nix index 97a9649d..d99e832c 100644 --- a/hosts/surtr/tls.nix +++ b/hosts/surtr/tls.nix @@ -6,48 +6,47 @@ let cfg = config.security.acme; knotCfg = config.services.knot; - knotDNSCredentials = zone: pkgs.writeText "lego-credentials" '' + knotDNSCredentials = domain: let + zone = if cfg.domains.${domain}.zone == null then domain else cfg.domains.${domain}.zone; + in pkgs.writeText "lego-credentials" '' EXEC_PATH=${knotDNSExec zone}/bin/update-dns.sh EXEC_PROPAGATION_TIMEOUT=300 EXEC_POLLING_INTERVAL=5 ''; - knotDNSExec = domain: - let - zone = if cfg.domains.${domain}.zone == null then domain else cfg.domains.${domain}.zone; - in pkgs.writeScriptBin "update-dns.sh" '' - #!${pkgs.zsh}/bin/zsh -xe + knotDNSExec = zone: pkgs.writeScriptBin "update-dns.sh" '' + #!${pkgs.zsh}/bin/zsh -xe - mode=$1 - fqdn=$2 - challenge=$3 + mode=$1 + fqdn=$2 + challenge=$3 - owner=''${fqdn%".${domain}."} + owner=''${fqdn%".${zone}."} - commited= - function abort() { - [[ -n "''${commited}" ]] || ${knotCfg.cliWrappers}/bin/knotc zone-abort "${zone}" - } + commited= + function abort() { + [[ -n "''${commited}" ]] || ${knotCfg.cliWrappers}/bin/knotc zone-abort "${zone}" + } - ${knotCfg.cliWrappers}/bin/knotc zone-begin "${zone}" - trap abort EXIT + ${knotCfg.cliWrappers}/bin/knotc zone-begin "${zone}" + trap abort EXIT - case "''${mode}" in - present) - ${knotCfg.cliWrappers}/bin/knotc zone-unset ${zone} "''${owner}" TXT '""' - ${knotCfg.cliWrappers}/bin/knotc zone-set ${zone} "''${owner}" 30 TXT "''${challenge}" - ;; - cleanup) - ${knotCfg.cliWrappers}/bin/knotc zone-unset ${zone} "''${owner}" TXT "''${challenge}" - ${knotCfg.cliWrappers}/bin/knotc zone-set ${zone} "''${owner}" 30 TXT '""' - ;; - *) - exit 2 - ;; - esac + case "''${mode}" in + present) + ${knotCfg.cliWrappers}/bin/knotc zone-unset ${zone} "''${owner}" TXT '""' + ${knotCfg.cliWrappers}/bin/knotc zone-set ${zone} "''${owner}" 30 TXT "''${challenge}" + ;; + cleanup) + ${knotCfg.cliWrappers}/bin/knotc zone-unset ${zone} "''${owner}" TXT "''${challenge}" + ${knotCfg.cliWrappers}/bin/knotc zone-set ${zone} "''${owner}" 30 TXT '""' + ;; + *) + exit 2 + ;; + esac - ${knotCfg.cliWrappers}/bin/knotc zone-commit "${zone}" - commited=yes - ''; + ${knotCfg.cliWrappers}/bin/knotc zone-commit "${zone}" + commited=yes + ''; domainOptions = { options = { -- cgit v1.2.3