From b1ac827bf9e2513006c851d46dbba3b12687331d Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sun, 30 May 2021 17:22:05 +0200 Subject: acme@surtr: ... --- hosts/surtr/dns/zones/email.nights.soa | 4 +++- hosts/surtr/dns/zones/li.141.soa | 3 ++- hosts/surtr/dns/zones/li.kleen.soa | 4 +++- hosts/surtr/dns/zones/li.xmpp.soa | 4 +++- hosts/surtr/dns/zones/li.yggdrasil.soa | 4 +++- hosts/surtr/dns/zones/org.dirty-haskell.soa | 4 +++- hosts/surtr/dns/zones/org.praseodym.soa | 4 +++- hosts/surtr/dns/zones/org.rheperire.soa | 7 ++----- hosts/surtr/tls.nix | 2 ++ 9 files changed, 24 insertions(+), 12 deletions(-) (limited to 'hosts/surtr') diff --git a/hosts/surtr/dns/zones/email.nights.soa b/hosts/surtr/dns/zones/email.nights.soa index bad0d4cb..e0589dd3 100644 --- a/hosts/surtr/dns/zones/email.nights.soa +++ b/hosts/surtr/dns/zones/email.nights.soa @@ -1,7 +1,7 @@ $ORIGIN nights.email. $TTL 3600 @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( - 2021052916 ; serial + 2021053002 ; serial 10800 ; refresh 3600 ; retry 604800 ; expire @@ -22,6 +22,8 @@ $TTL 3600 * IN MX 0 ymir.yggdrasil.li. * IN TXT "v=spf1 redirect=yggdrasil.li" +_acme-challenge 30 IN TXT "" + ymir._domainkey IN TXT ( "v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq3cCKlk+VPhyAanLZTM0BCzUT/+fmxHioZcFk0uJk1akBYj7BRofR7eVNcLKpm3rwYMQgE+9vJH9p8SV6tws9EcWc8SMCqqGZlREYM7PmLDiTSK/vjCzkygfgFCb0EBNsY2A/fpP4rTeoxrbcBSvMkq97iY5rwyw4wXZVZXLiDaCj23s8POoxTk1ClqUJZJQ5x2" "qzrC0RfN5kLZ9A7Gq2jB09vNxpXHYqABA0bJv88JiZM7hfkp9IafJZ+yCVMaBcJs4DAxnTjNAuFD9gm+qSFVY8+yeXqL6Qjo5PbruhyZRBW8RgRYT8t5n07XRglMGKKGMwOGLanrltcyXqB+GsDZBD36RAAwjFadnxdpDyRv4SgRP7ff2tKRrORYpmpN+mKdqw5j3J/nP6bXV1oAkyh9XQkPEIDi81WT87EZziTElDzVp6A2qFOxqucAovoRk24" diff --git a/hosts/surtr/dns/zones/li.141.soa b/hosts/surtr/dns/zones/li.141.soa index 95ec8efb..6f974439 100644 --- a/hosts/surtr/dns/zones/li.141.soa +++ b/hosts/surtr/dns/zones/li.141.soa @@ -1,7 +1,7 @@ $ORIGIN 141.li. $TTL 3600 @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( - 2021052916 ; serial + 2021053001 ; serial 10800 ; refresh 3600 ; retry 604800 ; expire @@ -32,6 +32,7 @@ ymir IN AAAA 2a03:4000:6:d004:: ymir IN MX 0 ymir.yggdrasil.li ymir IN TXT "v=spf1 redirect=ymir.yggdrasil.li" +_acme-challenge 30 IN TXT "" ymir._domainkey IN TXT ( "v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq3cCKlk+VPhyAanLZTM0BCzUT/+fmxHioZcFk0uJk1akBYj7BRofR7eVNcLKpm3rwYMQgE+9vJH9p8SV6tws9EcWc8SMCqqGZlREYM7PmLDiTSK/vjCzkygfgFCb0EBNsY2A/fpP4rTeoxrbcBSvMkq97iY5rwyw4wXZVZXLiDaCj23s8POoxTk1ClqUJZJQ5x2" diff --git a/hosts/surtr/dns/zones/li.kleen.soa b/hosts/surtr/dns/zones/li.kleen.soa index 7ada53fd..5a3d2a11 100644 --- a/hosts/surtr/dns/zones/li.kleen.soa +++ b/hosts/surtr/dns/zones/li.kleen.soa @@ -1,7 +1,7 @@ $ORIGIN kleen.li. $TTL 3600 @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( - 2021052916 ; serial + 2021053001 ; serial 10800 ; refresh 3600 ; retry 604800 ; expire @@ -22,6 +22,8 @@ $TTL 3600 * IN MX 0 ymir.yggdrasil.li. * IN TXT "v=spf1 redirect=yggdrasil.li" +_acme-challenge 30 IN TXT "" + ymir._domainkey IN TXT ( "v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq3cCKlk+VPhyAanLZTM0BCzUT/+fmxHioZcFk0uJk1akBYj7BRofR7eVNcLKpm3rwYMQgE+9vJH9p8SV6tws9EcWc8SMCqqGZlREYM7PmLDiTSK/vjCzkygfgFCb0EBNsY2A/fpP4rTeoxrbcBSvMkq97iY5rwyw4wXZVZXLiDaCj23s8POoxTk1ClqUJZJQ5x2" "qzrC0RfN5kLZ9A7Gq2jB09vNxpXHYqABA0bJv88JiZM7hfkp9IafJZ+yCVMaBcJs4DAxnTjNAuFD9gm+qSFVY8+yeXqL6Qjo5PbruhyZRBW8RgRYT8t5n07XRglMGKKGMwOGLanrltcyXqB+GsDZBD36RAAwjFadnxdpDyRv4SgRP7ff2tKRrORYpmpN+mKdqw5j3J/nP6bXV1oAkyh9XQkPEIDi81WT87EZziTElDzVp6A2qFOxqucAovoRk24" diff --git a/hosts/surtr/dns/zones/li.xmpp.soa b/hosts/surtr/dns/zones/li.xmpp.soa index 0e7ffbae..b123f4a5 100644 --- a/hosts/surtr/dns/zones/li.xmpp.soa +++ b/hosts/surtr/dns/zones/li.xmpp.soa @@ -1,7 +1,7 @@ $ORIGIN xmpp.li. $TTL 3600 @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( - 2021052916 ; serial + 2021053001 ; serial 10800 ; refresh 3600 ; retry 604800 ; expire @@ -22,6 +22,8 @@ $TTL 3600 * IN MX 0 ymir.yggdrasil.li. * IN TXT "v=spf1 redirect=yggdrasil.li" +_acme-challenge 30 IN TXT "" + ymir._domainkey IN TXT ( "v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq3cCKlk+VPhyAanLZTM0BCzUT/+fmxHioZcFk0uJk1akBYj7BRofR7eVNcLKpm3rwYMQgE+9vJH9p8SV6tws9EcWc8SMCqqGZlREYM7PmLDiTSK/vjCzkygfgFCb0EBNsY2A/fpP4rTeoxrbcBSvMkq97iY5rwyw4wXZVZXLiDaCj23s8POoxTk1ClqUJZJQ5x2" "qzrC0RfN5kLZ9A7Gq2jB09vNxpXHYqABA0bJv88JiZM7hfkp9IafJZ+yCVMaBcJs4DAxnTjNAuFD9gm+qSFVY8+yeXqL6Qjo5PbruhyZRBW8RgRYT8t5n07XRglMGKKGMwOGLanrltcyXqB+GsDZBD36RAAwjFadnxdpDyRv4SgRP7ff2tKRrORYpmpN+mKdqw5j3J/nP6bXV1oAkyh9XQkPEIDi81WT87EZziTElDzVp6A2qFOxqucAovoRk24" diff --git a/hosts/surtr/dns/zones/li.yggdrasil.soa b/hosts/surtr/dns/zones/li.yggdrasil.soa index 4c918116..a9b87b76 100644 --- a/hosts/surtr/dns/zones/li.yggdrasil.soa +++ b/hosts/surtr/dns/zones/li.yggdrasil.soa @@ -1,7 +1,7 @@ $ORIGIN yggdrasil.li. $TTL 3600 @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( - 2021052916 ; serial + 2021053000 ; serial 10800 ; refresh 3600 ; retry 604800 ; expire @@ -40,6 +40,8 @@ mailout IN AAAA 2a03:4000:6:d004:: mailout IN MX 0 ymir.yggdrasil.li mailout IN TXT "v=spf1 redirect=yggdrasil.li" +_acme-challenge 30 IN TXT "" + ymir._domainkey IN TXT ( "v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq3cCKlk+VPhyAanLZTM0BCzUT/+fmxHioZcFk0uJk1akBYj7BRofR7eVNcLKpm3rwYMQgE+9vJH9p8SV6tws9EcWc8SMCqqGZlREYM7PmLDiTSK/vjCzkygfgFCb0EBNsY2A/fpP4rTeoxrbcBSvMkq97iY5rwyw4wXZVZXLiDaCj23s8POoxTk1ClqUJZJQ5x2" "qzrC0RfN5kLZ9A7Gq2jB09vNxpXHYqABA0bJv88JiZM7hfkp9IafJZ+yCVMaBcJs4DAxnTjNAuFD9gm+qSFVY8+yeXqL6Qjo5PbruhyZRBW8RgRYT8t5n07XRglMGKKGMwOGLanrltcyXqB+GsDZBD36RAAwjFadnxdpDyRv4SgRP7ff2tKRrORYpmpN+mKdqw5j3J/nP6bXV1oAkyh9XQkPEIDi81WT87EZziTElDzVp6A2qFOxqucAovoRk24" diff --git a/hosts/surtr/dns/zones/org.dirty-haskell.soa b/hosts/surtr/dns/zones/org.dirty-haskell.soa index cbfe3a66..74aed5fd 100644 --- a/hosts/surtr/dns/zones/org.dirty-haskell.soa +++ b/hosts/surtr/dns/zones/org.dirty-haskell.soa @@ -1,7 +1,7 @@ $ORIGIN dirty-haskell.org. $TTL 3600 @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( - 2021052916 ; serial + 2021053001 ; serial 10800 ; refresh 3600 ; retry 604800 ; expire @@ -23,6 +23,8 @@ $TTL 3600 * IN MX 0 ymir.yggdrasil.li. * IN TXT "v=spf1 redirect=yggdrasil.li" +_acme-challenge 30 IN TXT "" + ymir._domainkey IN TXT ( "v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq3cCKlk+VPhyAanLZTM0BCzUT/+fmxHioZcFk0uJk1akBYj7BRofR7eVNcLKpm3rwYMQgE+9vJH9p8SV6tws9EcWc8SMCqqGZlREYM7PmLDiTSK/vjCzkygfgFCb0EBNsY2A/fpP4rTeoxrbcBSvMkq97iY5rwyw4wXZVZXLiDaCj23s8POoxTk1ClqUJZJQ5x2" "qzrC0RfN5kLZ9A7Gq2jB09vNxpXHYqABA0bJv88JiZM7hfkp9IafJZ+yCVMaBcJs4DAxnTjNAuFD9gm+qSFVY8+yeXqL6Qjo5PbruhyZRBW8RgRYT8t5n07XRglMGKKGMwOGLanrltcyXqB+GsDZBD36RAAwjFadnxdpDyRv4SgRP7ff2tKRrORYpmpN+mKdqw5j3J/nP6bXV1oAkyh9XQkPEIDi81WT87EZziTElDzVp6A2qFOxqucAovoRk24" diff --git a/hosts/surtr/dns/zones/org.praseodym.soa b/hosts/surtr/dns/zones/org.praseodym.soa index 34c2118d..6f2c676f 100644 --- a/hosts/surtr/dns/zones/org.praseodym.soa +++ b/hosts/surtr/dns/zones/org.praseodym.soa @@ -1,7 +1,7 @@ $ORIGIN praseodym.org. $TTL 3600 @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( - 2021052916 ; serial + 2021053000 ; serial 10800 ; refresh 3600 ; retry 604800 ; expire @@ -27,6 +27,8 @@ surtr IN AAAA 2a03:4000:52:ada:: surtr IN MX 0 ymir.yggdrasil.li surtr IN TXT "v=spf1 redirect=ullr.yggdrasil.li" +_acme-challenge 30 IN TXT "" + ymir._domainkey IN TXT ( "v=DKIM1;k=rsa;p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq3cCKlk+VPhyAanLZTM0BCzUT/+fmxHioZcFk0uJk1akBYj7BRofR7eVNcLKpm3rwYMQgE+9vJH9p8SV6tws9EcWc8SMCqqGZlREYM7PmLDiTSK/vjCzkygfgFCb0EBNsY2A/fpP4rTeoxrbcBSvMkq97iY5rwyw4wXZVZXLiDaCj23s8POoxTk1ClqUJZJQ5x2" "qzrC0RfN5kLZ9A7Gq2jB09vNxpXHYqABA0bJv88JiZM7hfkp9IafJZ+yCVMaBcJs4DAxnTjNAuFD9gm+qSFVY8+yeXqL6Qjo5PbruhyZRBW8RgRYT8t5n07XRglMGKKGMwOGLanrltcyXqB+GsDZBD36RAAwjFadnxdpDyRv4SgRP7ff2tKRrORYpmpN+mKdqw5j3J/nP6bXV1oAkyh9XQkPEIDi81WT87EZziTElDzVp6A2qFOxqucAovoRk24" diff --git a/hosts/surtr/dns/zones/org.rheperire.soa b/hosts/surtr/dns/zones/org.rheperire.soa index 7b6b6988..43b1e862 100644 --- a/hosts/surtr/dns/zones/org.rheperire.soa +++ b/hosts/surtr/dns/zones/org.rheperire.soa @@ -1,7 +1,7 @@ $ORIGIN rheperire.org. $TTL 3600 @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( - 2021053008 ; serial + 2021053010 ; serial 10800 ; refresh 3600 ; retry 604800 ; expire @@ -22,7 +22,4 @@ $TTL 3600 * IN MX 0 ymir.yggdrasil.li. * IN TXT "v=spf1 redirect=yggdrasil.li" -_acme-challenge IN A 188.68.51.254 -_acme-challenge IN AAAA 2a03:4000:6:d004:: -_acme-challenge IN MX 0 ymir.yggdrasil.li. -_acme-challenge 30 IN TXT "v=spf1 redirect=yggdrasil.li" +_acme-challenge 30 IN TXT "" diff --git a/hosts/surtr/tls.nix b/hosts/surtr/tls.nix index d087c9f5..c95ae493 100644 --- a/hosts/surtr/tls.nix +++ b/hosts/surtr/tls.nix @@ -20,10 +20,12 @@ let case "''${mode}" in present) + ${knotCfg.cliWrappers}/bin/knotc zone-unset ${zone} "''${owner}" TXT "" ${knotCfg.cliWrappers}/bin/knotc zone-set ${zone} "''${owner}" 30 TXT "''${challenge}" ;; cleanup) ${knotCfg.cliWrappers}/bin/knotc zone-unset ${zone} "''${owner}" TXT "''${challenge}" + ${knotCfg.cliWrappers}/bin/knotc zone-set ${zone} "''${owner}" 30 TXT "" ;; *) exit 2 -- cgit v1.2.3