diff options
| author | Paul Buetow <paul@buetow.org> | 2022-07-31 11:20:13 +0100 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2022-07-31 11:20:13 +0100 |
| commit | 23b88eada5e53e408a369e67bab58a7fc61a52f1 (patch) | |
| tree | a96b9225bb40043c25a6abffc0b3c03e712b4da1 /frontends | |
| parent | d32a317172229c7cad21d93dbc287716fb993a1b (diff) | |
use hostnames of the servers for mail TLS certs
Diffstat (limited to 'frontends')
| -rw-r--r-- | frontends/Rexfile | 3 | ||||
| -rw-r--r-- | frontends/etc/acme-client.conf.tpl | 7 | ||||
| -rw-r--r-- | frontends/etc/httpd.conf.tpl | 12 | ||||
| -rw-r--r-- | frontends/etc/mail/smtpd.conf.tpl | 11 | ||||
| -rw-r--r-- | frontends/scripts/acme.sh.tpl | 6 | ||||
| -rw-r--r-- | frontends/var/nsd/zones/master/buetow.org.zone.tpl | 8 | ||||
| -rw-r--r-- | frontends/var/nsd/zones/master/foo.surf.zone.tpl | 4 | ||||
| -rw-r--r-- | frontends/var/nsd/zones/master/foo.zone.zone.tpl | 5 | ||||
| -rw-r--r-- | frontends/var/nsd/zones/master/irregular.ninja.zone.tpl | 4 | ||||
| -rw-r--r-- | frontends/var/nsd/zones/master/sidewalk.ninja.zone.tpl | 4 | ||||
| -rw-r--r-- | frontends/var/nsd/zones/master/snonux.de.zone.tpl | 5 | ||||
| -rw-r--r-- | frontends/var/nsd/zones/master/snonux.land.zone.tpl | 4 | ||||
| -rw-r--r-- | frontends/var/nsd/zones/master/snonux.me.zone.tpl | 5 |
13 files changed, 47 insertions, 31 deletions
diff --git a/frontends/Rexfile b/frontends/Rexfile index f74959d..e61cfb1 100644 --- a/frontends/Rexfile +++ b/frontends/Rexfile @@ -223,8 +223,7 @@ task 'smtpd', group => 'frontends', Rex::Logger::info('Dealing with smtpd.conf'); file '/etc/mail/smtpd.conf', - content => template('./etc/mail/smtpd.conf.tpl', - is_primary => $is_primary), + content => template('./etc/mail/smtpd.conf.tpl'), owner => 'root', group => 'wheel', mode => '644', diff --git a/frontends/etc/acme-client.conf.tpl b/frontends/etc/acme-client.conf.tpl index 681f357..544bece 100644 --- a/frontends/etc/acme-client.conf.tpl +++ b/frontends/etc/acme-client.conf.tpl @@ -35,3 +35,10 @@ domain <%= $prefix.$host %> { sign with letsencrypt } <% } %> + +# Mail server domains +domain <%= "$hostname.$domain" %> { + domain key "/etc/ssl/private/<%= "$hostname.$domain" %>.key" + domain full chain certificate "/etc/ssl/<%= "$hostname.$domain" %>.fullchain.pem" + sign with letsencrypt +} diff --git a/frontends/etc/httpd.conf.tpl b/frontends/etc/httpd.conf.tpl index 013e779..d144f9f 100644 --- a/frontends/etc/httpd.conf.tpl +++ b/frontends/etc/httpd.conf.tpl @@ -17,6 +17,18 @@ server "<%= $prefix.$host %>" { } <% } %> +# Current server's FQDN (e.g. for mail server ACME cert requests) +server "<%= "$hostname.$domain" %>" { + listen on * port 80 + location "/.well-known/acme-challenge/*" { + root "/acme" + request strip 2 + } + location * { + block return 302 "https://<%= $prefix %>buetow.org" + } +} + # Gemtexter hosts <% for my $host (qw/foo.zone snonux.land/) { %> server "<%= $prefix.$host %>" { diff --git a/frontends/etc/mail/smtpd.conf.tpl b/frontends/etc/mail/smtpd.conf.tpl index a3c324b..7764b34 100644 --- a/frontends/etc/mail/smtpd.conf.tpl +++ b/frontends/etc/mail/smtpd.conf.tpl @@ -2,21 +2,16 @@ # See smtpd.conf(5) for more information. # I used https://www.checktls.com/TestReceiver for testing. -# -<% - our $primary = $is_primary->($vio0_ip); - our $prefix = $primary ? '' : 'www.'; -%> -pki "buetow_org_tls" cert "/etc/ssl/<%= $prefix %>buetow.org.fullchain.pem" -pki "buetow_org_tls" key "/etc/ssl/private/<%= $prefix %>buetow.org.key" +pki "buetow_org_tls" cert "/etc/ssl/<%= "$hostname.$domain" %>.fullchain.pem" +pki "buetow_org_tls" key "/etc/ssl/private/<%= "$hostname.$domain" %>.key" table aliases file:/etc/mail/aliases table virtualdomains file:/etc/mail/virtualdomains table virtualusers file:/etc/mail/virtualusers listen on socket -listen on all tls pki "buetow_org_tls" hostname "<%= $prefix %>buetow.org" +listen on all tls pki "buetow_org_tls" hostname "<%= "$hostname.$domain" %>" #listen on all action localmail mbox alias <aliases> diff --git a/frontends/scripts/acme.sh.tpl b/frontends/scripts/acme.sh.tpl index 45be254..0d2dd3c 100644 --- a/frontends/scripts/acme.sh.tpl +++ b/frontends/scripts/acme.sh.tpl @@ -25,6 +25,12 @@ if [ $? -eq 0 ]; then fi <% } -%> +# Current server's FQDN (e.g. for mail server certs) +handle_cert <%= "$hostname.$domain" %> +if [ $? -eq 0 ]; then + has_update=yes +fi + # Pick up the new certs. if [ $has_update = yes ]; then /usr/sbin/rcctl reload httpd diff --git a/frontends/var/nsd/zones/master/buetow.org.zone.tpl b/frontends/var/nsd/zones/master/buetow.org.zone.tpl index 9643206..c9f58a6 100644 --- a/frontends/var/nsd/zones/master/buetow.org.zone.tpl +++ b/frontends/var/nsd/zones/master/buetow.org.zone.tpl @@ -9,13 +9,13 @@ $TTL 4h IN NS blowfish.buetow.org. IN NS twofish.buetow.org. - IN MX 10 buetow.org. - IN MX 20 www.buetow.org. + IN MX 10 blowfish.buetow.org. + IN MX 20 twofish.buetow.org. 86400 IN A 23.88.35.144 86400 IN AAAA 2a01:4f8:c17:20f1::42 -* IN MX 10 buetow.org. -* IN MX 20 www.buetow.org. +* IN MX 10 blowfish.buetow.org. +* IN MX 20 twofish.buetow.org. * 86400 IN A 23.88.35.144 * 86400 IN AAAA 2a01:4f8:c17:20f1::42 diff --git a/frontends/var/nsd/zones/master/foo.surf.zone.tpl b/frontends/var/nsd/zones/master/foo.surf.zone.tpl index e92b881..54c3bce 100644 --- a/frontends/var/nsd/zones/master/foo.surf.zone.tpl +++ b/frontends/var/nsd/zones/master/foo.surf.zone.tpl @@ -9,8 +9,8 @@ $TTL 4h IN NS blowfish.buetow.org. IN NS twofish.buetow.org. - IN MX 20 buetow.org. - IN MX 10 www.buetow.org. + IN MX 20 blowfish.buetow.org. + IN MX 10 twofish.buetow.org. 86400 IN A 108.160.134.135 86400 IN AAAA 2401:c080:1000:45af:5400:3ff:fec6:ca1d diff --git a/frontends/var/nsd/zones/master/foo.zone.zone.tpl b/frontends/var/nsd/zones/master/foo.zone.zone.tpl index a70c45c..41bd5c5 100644 --- a/frontends/var/nsd/zones/master/foo.zone.zone.tpl +++ b/frontends/var/nsd/zones/master/foo.zone.zone.tpl @@ -9,9 +9,8 @@ $TTL 4h IN NS blowfish.buetow.org. IN NS twofish.buetow.org. - IN MX 10 buetow.org. - IN MX 20 www.buetow.org. - + IN MX 10 blowfish.buetow.org. + IN MX 20 twofish.buetow.org. 300 IN A 23.88.35.144 300 IN AAAA 2a01:4f8:c17:20f1::42 diff --git a/frontends/var/nsd/zones/master/irregular.ninja.zone.tpl b/frontends/var/nsd/zones/master/irregular.ninja.zone.tpl index d3c55e5..413d7ec 100644 --- a/frontends/var/nsd/zones/master/irregular.ninja.zone.tpl +++ b/frontends/var/nsd/zones/master/irregular.ninja.zone.tpl @@ -9,8 +9,8 @@ $TTL 4h IN NS blowfish.buetow.org. IN NS twofish.buetow.org. - IN MX 10 buetow.org. - IN MX 20 www.buetow.org. + IN MX 10 blowfish.buetow.org. + IN MX 20 twofish.buetow.org. 86400 IN A 23.88.35.144 86400 IN AAAA 2a01:4f8:c17:20f1::42 diff --git a/frontends/var/nsd/zones/master/sidewalk.ninja.zone.tpl b/frontends/var/nsd/zones/master/sidewalk.ninja.zone.tpl index 42b1db7..7b8b126 100644 --- a/frontends/var/nsd/zones/master/sidewalk.ninja.zone.tpl +++ b/frontends/var/nsd/zones/master/sidewalk.ninja.zone.tpl @@ -9,8 +9,8 @@ $TTL 4h IN NS blowfish.buetow.org. IN NS twofish.buetow.org. - IN MX 10 buetow.org. - IN MX 20 www.buetow.org. + IN MX 10 blowfish.buetow.org. + IN MX 20 twofish.buetow.org. 86400 IN A 23.88.35.144 86400 IN AAAA 2a01:4f8:c17:20f1::42 diff --git a/frontends/var/nsd/zones/master/snonux.de.zone.tpl b/frontends/var/nsd/zones/master/snonux.de.zone.tpl index cc530b6..04f08c1 100644 --- a/frontends/var/nsd/zones/master/snonux.de.zone.tpl +++ b/frontends/var/nsd/zones/master/snonux.de.zone.tpl @@ -9,9 +9,8 @@ $TTL 4h IN NS blowfish.buetow.org. IN NS twofish.buetow.org. - IN MX 10 buetow.org. - IN MX 20 www.buetow.org. - + IN MX 10 blowfish.buetow.org. + IN MX 20 twofish.buetow.org. 86400 IN A 23.88.35.144 86400 IN AAAA 2a01:4f8:c17:20f1::42 diff --git a/frontends/var/nsd/zones/master/snonux.land.zone.tpl b/frontends/var/nsd/zones/master/snonux.land.zone.tpl index 6b860c1..845ca65 100644 --- a/frontends/var/nsd/zones/master/snonux.land.zone.tpl +++ b/frontends/var/nsd/zones/master/snonux.land.zone.tpl @@ -9,8 +9,8 @@ $TTL 4h IN NS blowfish.buetow.org. IN NS twofish.buetow.org. - IN MX 10 buetow.org. - IN MX 20 www.buetow.org. + IN MX 10 blowfish.buetow.org. + IN MX 20 twofish.buetow.org. 86400 IN A 23.88.35.144 86400 IN AAAA 2a01:4f8:c17:20f1::42 diff --git a/frontends/var/nsd/zones/master/snonux.me.zone.tpl b/frontends/var/nsd/zones/master/snonux.me.zone.tpl index e756998..6d2bdad 100644 --- a/frontends/var/nsd/zones/master/snonux.me.zone.tpl +++ b/frontends/var/nsd/zones/master/snonux.me.zone.tpl @@ -9,9 +9,8 @@ $TTL 4h IN NS blowfish.buetow.org. IN NS twofish.buetow.org. - IN MX 10 buetow.org. - IN MX 20 www.buetow.org. - + IN MX 10 blowfish.buetow.org. + IN MX 20 twofish.buetow.org. 86400 IN A 23.88.35.144 86400 IN AAAA 2a01:4f8:c17:20f1::42 |