From dcfd955e571189cf8ce22459044138def4697194 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Charlotte=20=F0=9F=A6=9D=20Delenk?= Date: Wed, 9 Feb 2022 09:47:35 +0100 Subject: [PATCH] move chir.rs zone to the server --- config/services/named.nix | 22 +++++++++++++--------- secrets/nixos-8gb-fsn1-1/secrets.yaml | 5 +++-- zones/chir.rs.nix | 1 - 3 files changed, 16 insertions(+), 12 deletions(-) diff --git a/config/services/named.nix b/config/services/named.nix index b7369cd9..8a0d1506 100644 --- a/config/services/named.nix +++ b/config/services/named.nix @@ -13,7 +13,7 @@ in ksk = "services/dns/rs/chir/32969"; zsk = "services/dns/rs/chir/51207"; zone = chir-rs; - zonename = "staging.chir.rs"; + zonename = "chir.rs"; }) ]; @@ -28,15 +28,17 @@ in file = "darkkirb.de.zone"; }; "chir.rs" = { - master = false; - masters = [ - "fd00:e621:e621::1" - ]; - file = "chir.rs.zone"; - }; - "staging.chir.rs" = { master = true; - file = "/var/lib/named/staging.chir.rs"; + file = "/var/lib/named/chir.rs"; + }; + "_acme-challenge.chir.rs" = { + master = true; + file = "_acme-challenge.chir.rs"; + extraConfig = '' + update-policy { + grant certbot. name _acme-challenge.chir.rs. txt; + } + ''; }; "int.chir.rs" = { master = false; @@ -57,6 +59,7 @@ in statistics-channels { ${toString listenEntries} }; + include "/run/secrets/services/dns/named-keys"; ''; extraOptions = '' allow-recursion { @@ -79,4 +82,5 @@ in bindURI = "http://${internalIP.listenIP}:8653/"; listenAddress = internalIP.listenIP; }; + sops.secrets."services/dns/named-keys" = { }; } diff --git a/secrets/nixos-8gb-fsn1-1/secrets.yaml b/secrets/nixos-8gb-fsn1-1/secrets.yaml index b436d35c..55110f84 100644 --- a/secrets/nixos-8gb-fsn1-1/secrets.yaml +++ b/secrets/nixos-8gb-fsn1-1/secrets.yaml @@ -24,6 +24,7 @@ services: virtual_alias_maps.cf: ENC[AES256_GCM,data:FgHuBbf2e/3Fq8A2WY0n8XWMjohpkHUsZdddG44PLHY4//UdFeWUzcGUyJ4G4RsqEZo3thTOPxMzkXEV+eWThtdDzEtw+njdFAzltP0HRM3VtKn0LhXVP4SvyAKwGAFtCPz3R/EiutHhOv5o/4NmbRQrWByIPvWMZCfTO1NYz/P6,iv:jYMHwhCSGMdUgolGxHJxPTaUu5U0Z3uc/+JHUNPjKXo=,tag:88THWp6r3SDNSd77uUBEbw==,type:str] virtual_mailbox_domains.cf: ENC[AES256_GCM,data:mu0oxzRVddXcue7e7XHuulAYgJDpKA+TZd5l7jPzK8xRHxdfzD+fsqm/Kl/bDWGAOlXsltbiBoaIruddywhAOGWwSgMJ8iu2NMx1u1aMvBC2qI4usfjVhp9N0jOkWmIG8YAgYgQaA6qhQorJFXeJjDNX86J5JNBdKAxwQFk20+fOZ1MtVg==,iv:5llgcXLkoRzXwHIDvwZ1qRTf/TBwMgjsxfNGo9I7Blc=,tag:AcCz4LJxacYVButRO/zl9A==,type:str] dns: + named-keys: ENC[AES256_GCM,data:0xYRsg7+8uFmEnMBpi1kee9IuZLlSKeIGmslUKU2gdesfXQbgtT5uh+fPMz0EgPVmTyw6JWBIe+j+lbmdc1jlCihh6uq8GJ6CxvYjwdBM5Mqgk2bLTtLC9UPuVNcl7sH3j7cPt7mjQYdoEzIurEosDhw1/IwTB8/2RoFmoKd9IGVQeufxqO5ifwOxPN7kuS+PGviU6A=,iv:b5jWkbLCxKeNt+fV5zW+3mjIxKWCW1ar6ZjECOo8K6c=,tag:KZyqQAuasCeG3SZiYjx4QA==,type:str] de: darkkirb: 53136.key: ENC[AES256_GCM,data:etA17O4C2t186i4epPKXwXFVqCZPsu84LaTh4aI4AVfcbK9It0n6d5ynCbwK2/ckbLP3pZqegY70LXNfh6eWhUNw6Ni+cZr06eER1o672tVPwbI7f8pbTGdO7nQzbycwvlXusBYXdp9OHrleJ8PdfmWdlyVrIWMpf1GOAHsdaA5sCTx/qEo4rxnp6viHqC5fRcYRoZRtI1tYcW1O2/dXlDvZLE45lRO0ys7GkXpKT5kvTOnvXmg/m9QjsHGI98qXN/SBQWOybqlNdnZYJY6WEtlLw2AOVKyOsq7sL6l/gEYwB0/kmhrIwbxLw+/Ev82+HvrYskfNWqF5rUmve+7x0KhWcdySbyfuu7sTZlqVagv7jtdyXmEjNGCxwQZt62nttlHUmO34s79OJqy2vQPGJqDBoheagMsug+xmcSx8x2zd7Qg2Ji21tR6y7kQQ7tZKj63o3yc=,iv:BFWbN2G1EyHohOBCIDGst7T0Ceiz+9XRT4L8/qM4Lv4=,tag:pI+osFnPdBemZXKftuSPDg==,type:str] @@ -60,8 +61,8 @@ sops: N1lNTTRhSDFsczd4VjNudUU2NEt4MUEKdVJIJmaoGcwUHa0BGB45jqYnm9aPVZxP dl1vkMx8EAiKhWKbBwQm5fFZcNh371rspGE7KOXmwNbNWef5bVfHpQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-02-09T08:24:21Z" - mac: ENC[AES256_GCM,data:40/Z9j5+W+cY5lRqyGjrflpAVoWOAG3tVy7btWD+snI7UIeqhDtvRKzpayBdltA4X+kPgegS+haElUFRykfYB8asUBlzU+D0tBGbCQV/MasGxvVGL+1MCSpJFullVtUIWJ+qnmpfgRqdI0m9xZdeTp0BGf3DBrURiUmCfMfyfK8=,iv:1NKn9YJsMxTmKAexpXjJIWqkK8gR+en0XBw6jwNxKg0=,tag:J7i7Zt6eFJceP7EL1qCb5w==,type:str] + lastmodified: "2022-02-09T08:45:20Z" + mac: ENC[AES256_GCM,data:6MI/0X1lcULre/8dImg2iSNrNy6hZlnhIGca0K7eaZiC+DLDjp8d7GGKQfxaGX+DFSx7mPvwseQp52dWVgRfAQARyPitRahe7wPFZG1nbCHwzOck/LQ88KzQQ0h9f9hXIaQRfI53fGsPZR+O2NB1RlLls8EFHZvT065qpZjPHt0=,iv:TI8zreHbGTTSuMNvN5aKFHRQUu6TPga0xzC9vvOqx3w=,tag:tsx+lkRY6ZpZUQ97Fn7nOg==,type:str] pgp: - created_at: "2022-02-02T17:50:42Z" enc: | diff --git a/zones/chir.rs.nix b/zones/chir.rs.nix index fcf49283..e3691667 100644 --- a/zones/chir.rs.nix +++ b/zones/chir.rs.nix @@ -166,7 +166,6 @@ let mail = createZone { }; int = delegateTo [ - "ns1.darkkirb.de." "ns2.darkkirb.de." ] // { DS = [{