From b3c4357df217f0d455846c6f98243b97a3e310b1 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Mon, 31 Jan 2022 16:57:39 +0100 Subject: ... --- hosts/surtr/http.nix | 4 +++- hosts/surtr/tls.nix | 63 +++++++++++++++++++++++++++++----------------------- 2 files changed, 38 insertions(+), 29 deletions(-) (limited to 'hosts') diff --git a/hosts/surtr/http.nix b/hosts/surtr/http.nix index a5f08dfe..bca89a4c 100644 --- a/hosts/surtr/http.nix +++ b/hosts/surtr/http.nix @@ -58,6 +58,8 @@ }; }; }; - security.acme.domains."webdav.141.li" = {}; + security.acme.domains."webdav.141.li" = { + zone = "141.li"; + }; }; } diff --git a/hosts/surtr/tls.nix b/hosts/surtr/tls.nix index 704941e2..97a9649d 100644 --- a/hosts/surtr/tls.nix +++ b/hosts/surtr/tls.nix @@ -11,40 +11,43 @@ let EXEC_PROPAGATION_TIMEOUT=300 EXEC_POLLING_INTERVAL=5 ''; - knotDNSExec = zone: pkgs.writeScriptBin "update-dns.sh" '' - #!${pkgs.zsh}/bin/zsh -xe + knotDNSExec = domain: + let + zone = if cfg.domains.${domain}.zone == null then domain else cfg.domains.${domain}.zone; + in pkgs.writeScriptBin "update-dns.sh" '' + #!${pkgs.zsh}/bin/zsh -xe - mode=$1 - fqdn=$2 - challenge=$3 + mode=$1 + fqdn=$2 + challenge=$3 - owner=''${fqdn%".${zone}."} + owner=''${fqdn%".${domain}."} - commited= - function abort() { - [[ -n "''${commited}" ]] || ${knotCfg.cliWrappers}/bin/knotc zone-abort "${zone}" - } + commited= + function abort() { + [[ -n "''${commited}" ]] || ${knotCfg.cliWrappers}/bin/knotc zone-abort "${zone}" + } - ${knotCfg.cliWrappers}/bin/knotc zone-begin "${zone}" - trap abort EXIT + ${knotCfg.cliWrappers}/bin/knotc zone-begin "${zone}" + trap abort EXIT - case "''${mode}" in - present) - ${knotCfg.cliWrappers}/bin/knotc zone-unset ${zone} "''${owner}" TXT '""' - ${knotCfg.cliWrappers}/bin/knotc zone-set ${zone} "''${owner}" 30 TXT "''${challenge}" - ;; - cleanup) - ${knotCfg.cliWrappers}/bin/knotc zone-unset ${zone} "''${owner}" TXT "''${challenge}" - ${knotCfg.cliWrappers}/bin/knotc zone-set ${zone} "''${owner}" 30 TXT '""' - ;; - *) - exit 2 - ;; - esac + case "''${mode}" in + present) + ${knotCfg.cliWrappers}/bin/knotc zone-unset ${zone} "''${owner}" TXT '""' + ${knotCfg.cliWrappers}/bin/knotc zone-set ${zone} "''${owner}" 30 TXT "''${challenge}" + ;; + cleanup) + ${knotCfg.cliWrappers}/bin/knotc zone-unset ${zone} "''${owner}" TXT "''${challenge}" + ${knotCfg.cliWrappers}/bin/knotc zone-set ${zone} "''${owner}" 30 TXT '""' + ;; + *) + exit 2 + ;; + esac - ${knotCfg.cliWrappers}/bin/knotc zone-commit "${zone}" - commited=yes - ''; + ${knotCfg.cliWrappers}/bin/knotc zone-commit "${zone}" + commited=yes + ''; domainOptions = { options = { @@ -52,6 +55,10 @@ let type = types.bool; default = false; }; + zone = mkOption { + type = types.nullOr types.str; + default = null; + }; }; }; in { -- cgit v1.2.3