diff options
| -rw-r--r-- | frontends/Rexfile | 115 | ||||
| -rw-r--r-- | frontends/etc/acme-client.conf.tpl | 11 | ||||
| -rw-r--r-- | frontends/etc/httpd.conf.tpl | 55 | ||||
| -rw-r--r-- | frontends/etc/mail/virtualdomains | 1 | ||||
| -rw-r--r-- | frontends/etc/mail/virtualusers | 1 | ||||
| -rw-r--r-- | frontends/etc/relayd.conf.tpl | 11 | ||||
| -rw-r--r-- | frontends/etc/rsyncd.conf.tpl | 7 | ||||
| -rw-r--r-- | frontends/scripts/acme.sh.tpl | 13 | ||||
| -rw-r--r-- | frontends/scripts/gemtexter.sh.tpl | 14 | ||||
| -rw-r--r-- | frontends/scripts/rsync.sh.tpl | 6 | ||||
| -rw-r--r-- | frontends/var/nsd/zones/master/buetow.org.zone.tpl | 70 | ||||
| -rw-r--r-- | frontends/var/nsd/zones/master/dtail.dev.zone.tpl | 13 | ||||
| -rw-r--r-- | frontends/var/nsd/zones/master/foo.zone.zone.tpl | 16 | ||||
| -rw-r--r-- | frontends/var/nsd/zones/master/irregular.ninja.zone.tpl | 14 | ||||
| -rw-r--r-- | frontends/var/nsd/zones/master/paul.cyou.zone.tpl | 19 | ||||
| -rw-r--r-- | frontends/var/nsd/zones/master/snonux.foo.zone.tpl | 14 | ||||
| -rw-r--r-- | frontends/var/nsd/zones/master/snonux.land.zone.tpl | 18 |
17 files changed, 191 insertions, 207 deletions
diff --git a/frontends/Rexfile b/frontends/Rexfile index 5f27fee..3853500 100644 --- a/frontends/Rexfile +++ b/frontends/Rexfile @@ -19,6 +19,8 @@ group dnsmaster => 'blowfish.buetow.org:2'; group dnsslaves => 'fishfinger.buetow.org:2'; our $ircbouncer_server = 'fishfinger.buetow.org:2'; group ircbouncer => $ircbouncer_server; +group wgserver => 'fishfinger.buetow.org:2'; +group wgclient => 'blowfish.buetow.org:2'; group openbsd_canary => 'blowfish.buetow.org:2'; user 'rex'; @@ -30,29 +32,44 @@ parallelism 5; # Note we using anonymous subs here. This is so we can pass the subs as # Rex template variables too. +our %ips = ( + 'fishfinger' => { + 'ipv4' => '46.23.94.99', + 'ipv6' => '2a03:6000:6f67:624::99', + }, + 'blowfish' => { + 'ipv4' => '23.88.35.144', + 'ipv6' => '2a01:4f8:c17:20f1::42', + }, + 'domain' => 'buetow.org', +); + +$ips{current_master} = $ips{fishfinger}; +$ips{current_master}{fqdn} = 'fishfinger.' . $ips{domain}; + +$ips{current_standby} = $ips{blowfish}; +$ips{current_standby}{fqdn} = 'blowfish.' . $ips{domain}; + # Gather IPv6 addresses based on hostname. our $ipv6address = sub { my $hostname = shift; - return '2a01:4f8:c17:20f1::42' if $hostname eq 'blowfish'; - return '2a03:6000:6f67:624::99' if $hostname eq 'fishfinger'; - Rex::Logger::info("Unable to determine IPv6 address for $hostname", 'error'); - return '::1'; + my $ip = $ips{$hostname}{ipv6}; + unless (defined $ip) { + Rex::Logger::info("Unable to determine IPv6 address for $hostname", 'error'); + return '::1'; + } + return $ip; }; # Bootstrapping the FQDN based on the server IP as the hostname and domain # facts aren't set yet due to the myname file in the first place. our $fqdns = sub { my $ipv4 = shift; - return 'blowfish.buetow.org' if $ipv4 eq '23.88.35.144'; - return 'fishfinger.buetow.org' if $ipv4 eq '46.23.94.99'; + while (my ($hostname, $ips) = each %ips) { + return "$hostname." . $ips{domain} if $ips->{ipv4} eq $ipv4; + } Rex::Logger::info("Unable to determine hostname for $ipv4", 'error'); - return 'HOSTNAME-UNKNOWN.buetow.org'; -}; - -# To determine whether te server is te primary or the secondary. -our $is_primary = sub { - my $ipv4 = shift; - $fqdns->($ipv4) eq 'blowfish.buetow.org'; + return 'HOSTNAME-UNKNOWN.' . $ips{domain}; }; # The secret store. Note to myself: "geheim cat rexfilesecrets.txt" @@ -60,7 +77,7 @@ our $secrets = sub { read_file './secrets/' . shift }; our @dns_zones = qw/buetow.org dtail.dev foo.zone irregular.ninja snonux.foo/; our @dns_zones_remove = qw/paul.cyou snonux.land/; -our @acme_hosts = qw/buetow.org paul.buetow.org tmp.buetow.org dory.buetow.org fotos.buetow.org znc.buetow.org dtail.dev foo.zone irregular.ninja snonux.foo/; +our @acme_hosts = qw/buetow.org paul.buetow.org dory.buetow.org fotos.buetow.org znc.buetow.org dtail.dev foo.zone irregular.ninja snonux.foo/; # UTILITY TASKS @@ -111,8 +128,7 @@ task 'rsync', group => 'frontends', mode => '644'; file '/usr/local/bin/rsync.sh', - content => template('./scripts/rsync.sh.tpl', - is_primary => $is_primary), + content => template('./scripts/rsync.sh.tpl'), owner => 'root', group => 'wheel', mode => '755'; @@ -124,8 +140,7 @@ desc 'Configure the gemtexter sites'; task 'gemtexter', group => 'frontends', sub { file '/usr/local/bin/gemtexter.sh', - content => template('./scripts/gemtexter.sh.tpl', - is_primary => $is_primary), + content => template('./scripts/gemtexter.sh.tpl'), owner => 'root', group => 'wheel', mode => '744'; @@ -162,21 +177,19 @@ task 'taskwarrior', group => 'frontends', desc 'Configure ACME client'; task 'acme', group => 'frontends', sub { - file '/etc/acme-client.conf', - content => template('./etc/acme-client.conf.tpl', - acme_hosts => \@acme_hosts, - is_primary => $is_primary), - owner => 'root', - group => 'wheel', - mode => '644'; - - file '/usr/local/bin/acme.sh', - content => template('./scripts/acme.sh.tpl', - acme_hosts => \@acme_hosts, - is_primary => $is_primary), - owner => 'root', - group => 'wheel', - mode => '744'; + file '/etc/acme-client.conf', + content => template('./etc/acme-client.conf.tpl', + acme_hosts => \@acme_hosts), + owner => 'root', + group => 'wheel', + mode => '644'; + + file '/usr/local/bin/acme.sh', + content => template('./scripts/acme.sh.tpl', + acme_hosts => \@acme_hosts), + owner => 'root', + group => 'wheel', + mode => '744'; file '/etc/daily.local', ensure => 'present', @@ -200,9 +213,7 @@ task 'httpd', group => 'frontends', #delete_lines_according_to qr{httpd_flags}, '/etc/rc.conf.local'; file '/etc/httpd.conf', - content => template('./etc/httpd.conf.tpl', - acme_hosts => \@acme_hosts, - is_primary => $is_primary), + content => template('./etc/httpd.conf.tpl', acme_hosts => \@acme_hosts), owner => 'root', group => 'wheel', mode => '644', @@ -238,9 +249,7 @@ task 'relayd', group => 'frontends', append_if_no_such_line '/etc/rc.conf.local', 'relayd_flags='; file '/etc/relayd.conf', - content => template('./etc/relayd.conf.tpl', - ipv6address => $ipv6address, - is_primary => $is_primary), + content => template('./etc/relayd.conf.tpl', ipv6address => $ipv6address), owner => 'root', group => 'wheel', mode => '600', @@ -296,7 +305,7 @@ task 'nsd_master', group => 'dnsmaster', Rex::Logger::info('Dealing with master DNS key'); file '/var/nsd/etc/key.conf', content => template('./var/nsd/etc/key.conf.tpl', - nsd_key => $secrets->('/var/nsd/etc/nsd_key.txt')), + nsd_key => $secrets->('/var/nsd/etc/nsd_key.txt')), owner => 'root', group => '_nsd', mode => '640', @@ -305,7 +314,8 @@ task 'nsd_master', group => 'dnsmaster', Rex::Logger::info('Dealing with master DNS config'); file '/var/nsd/etc/nsd.conf', content => template('./var/nsd/etc/nsd.conf.master.tpl', - dns_zones => \@dns_zones), + dns_zones => \@dns_zones, + ), owner => 'root', group => '_nsd', mode => '640', @@ -314,7 +324,9 @@ task 'nsd_master', group => 'dnsmaster', for my $zone (@dns_zones) { Rex::Logger::info("Dealing with DNS zone $zone"); file "/var/nsd/zones/master/$zone.zone", - content => template("./var/nsd/zones/master/$zone.zone.tpl"), + content => template("./var/nsd/zones/master/$zone.zone.tpl", + ips => \%ips, + ), owner => 'root', group => 'wheel', mode => '644', @@ -506,6 +518,25 @@ task 'gorum', group => 'frontends', service 'gorum', ensure => 'started'; }; +#desc 'Setup Wireguard server'; +#task 'wireguard_server', group => 'wgserver', +# sub { + # Following https://ianix.com/wireguard/openbsd-howto.html +# pkg 'wireguard-tools', ensure => present; + +# concat_fragment 'ipforwarding', +# target => '/etc/sysctl.conf', +# content => 'net.inet.ip.forwarding=1'; +# +# concat_fragment 'ip6forwarding', +# target => '/etc/sysctl.conf', +# content => 'net.inet6.ip6.forwarding=1'; +# +# concat '/etc/sysctl.conf', +# ensure => 'present', +# on_change => sub { say "Changed" }; +# }; + desc 'Setup IRC bouncer'; task 'ircbouncer', group => 'ircbouncer', sub { diff --git a/frontends/etc/acme-client.conf.tpl b/frontends/etc/acme-client.conf.tpl index 544bece..93f5837 100644 --- a/frontends/etc/acme-client.conf.tpl +++ b/frontends/etc/acme-client.conf.tpl @@ -23,18 +23,15 @@ authority buypass-test { contact "mailto:me@example.com" } -<% - our $primary = $is_primary->($vio0_ip); - our $prefix = $primary ? '' : 'www.'; -%> - -<% for my $host (@$acme_hosts) { %> +<% for my $host (@$acme_hosts) { -%> +<% for my $prefix ('', 'www.', 'mirror.') { -%> domain <%= $prefix.$host %> { domain key "/etc/ssl/private/<%= $prefix.$host %>.key" domain full chain certificate "/etc/ssl/<%= $prefix.$host %>.fullchain.pem" sign with letsencrypt } -<% } %> +<% } -%> +<% } -%> # Mail server domains domain <%= "$hostname.$domain" %> { diff --git a/frontends/etc/httpd.conf.tpl b/frontends/etc/httpd.conf.tpl index 4e8ae7c..1937b70 100644 --- a/frontends/etc/httpd.conf.tpl +++ b/frontends/etc/httpd.conf.tpl @@ -1,10 +1,10 @@ <% - our $primary = $is_primary->($vio0_ip); - our $prefix = $primary ? '' : 'www.'; + our @prefixes = ('', 'www.', 'mirror.'); %> # Plain HTTP for ACME and HTTPS redirect <% for my $host (@$acme_hosts) { %> +<% for my $prefix (@prefixes) { -%> server "<%= $prefix.$host %>" { listen on * port 80 location "/.well-known/acme-challenge/*" { @@ -15,6 +15,7 @@ server "<%= $prefix.$host %>" { block return 302 "https://$HTTP_HOST$REQUEST_URI" } } +<% } %> <% } %> # Current server's FQDN (e.g. for mail server ACME cert requests) @@ -25,12 +26,13 @@ server "<%= "$hostname.$domain" %>" { request strip 2 } location * { - block return 302 "https://<%= $prefix %>buetow.org" + block return 302 "https://<%= $hostname.'.'.$domain %>" } } # Gemtexter hosts -<% for my $host (qw/foo.zone paul.buetow.org/) { %> +<% for my $host (qw/foo.zone paul.buetow.org snonux.foo/) { %> +<% for my $prefix (@prefixes) { -%> server "<%= $prefix.$host %>" { listen on * tls port 443 tls { @@ -45,23 +47,25 @@ server "<%= $prefix.$host %>" { directory auto index } } + <% } %> <% } %> # Redirect to paul.buetow.org -<% for my $host (qw/snonux.foo/) { %> -server "<%= $prefix.$host %>" { +<% for my $prefix (@prefixes) { -%> +server "<%= $prefix %>buetow.org" { listen on * tls port 443 tls { - certificate "/etc/ssl/<%= $prefix.$host %>.fullchain.pem" - key "/etc/ssl/private/<%= $prefix.$host %>.key" + certificate "/etc/ssl/<%= $prefix %>buetow.org.fullchain.pem" + key "/etc/ssl/private/<%= $prefix %>buetow.org.key" } location * { - block return 302 "https://<%= $prefix %>paul.buetow.org$REQUEST_URI" + block return 302 "https://paul.buetow.org$REQUEST_URI" } } -<% } %> +<% } -%> -# Redirec to to gitub.dtail.dev +# Redirect to gitub.dtail.dev +<% for my $prefix (@prefixes) { -%> server "<%= $prefix %>dtail.dev" { listen on * tls port 443 tls { @@ -72,8 +76,10 @@ server "<%= $prefix %>dtail.dev" { block return 302 "https://github.dtail.dev$REQUEST_URI" } } +<% } -%> -# Irregular Ninja special host +# Irregular Ninja special hosts +<% for my $prefix (@prefixes) { -%> server "<%= $prefix %>irregular.ninja" { listen on * tls port 443 tls { @@ -85,8 +91,10 @@ server "<%= $prefix %>irregular.ninja" { directory auto index } } +<% } -%> # Dory special host +<% for my $prefix (@prefixes) { -%> server "<%= $prefix %>dory.buetow.org" { listen on * tls port 443 tls { @@ -98,27 +106,9 @@ server "<%= $prefix %>dory.buetow.org" { directory auto index } } +<% } -%> -server "<%= $prefix %>tmp.buetow.org" { - listen on * tls port 443 - tls { - certificate "/etc/ssl/<%= $prefix %>tmp.buetow.org.fullchain.pem" - key "/etc/ssl/private/<%= $prefix %>tmp.buetow.org.key" - } - root "/htdocs/buetow.org/tmp" - directory auto index -} - -server "<%= $prefix %>tmp.foo.zone" { - listen on * tls port 443 - tls { - certificate "/etc/ssl/<%= $prefix %>tmp.foo.zone.fullchain.pem" - key "/etc/ssl/private/<%= $prefix %>tmp.foo.zone.key" - } - root "/htdocs/buetow.org/tmp" - directory auto index -} - +<% for my $prefix (@prefixes) { -%> server "<%= $prefix %>fotos.buetow.org" { listen on * tls port 443 tls { @@ -128,6 +118,7 @@ server "<%= $prefix %>fotos.buetow.org" { root "/htdocs/buetow.org/fotos" directory auto index } +<% } -%> # Defaults server "default" { diff --git a/frontends/etc/mail/virtualdomains b/frontends/etc/mail/virtualdomains index db6917e..d8cd4a2 100644 --- a/frontends/etc/mail/virtualdomains +++ b/frontends/etc/mail/virtualdomains @@ -13,3 +13,4 @@ orders.buetow.org nospam.buetow.org snonux.foo dtail.dev +foo.zone diff --git a/frontends/etc/mail/virtualusers b/frontends/etc/mail/virtualusers index d4db8b5..8373b4d 100644 --- a/frontends/etc/mail/virtualusers +++ b/frontends/etc/mail/virtualusers @@ -1,3 +1,4 @@ albena@buetow.org albena.buetow@protonmail.com dory@buetow.org df2hbradio@gmail.com +solarcat@buetow.org df2hbradio@gmail.com @ paul.buetow@protonmail.com diff --git a/frontends/etc/relayd.conf.tpl b/frontends/etc/relayd.conf.tpl index 8d1a56f..bda9f52 100644 --- a/frontends/etc/relayd.conf.tpl +++ b/frontends/etc/relayd.conf.tpl @@ -1,14 +1,9 @@ -<% - our $primary = $is_primary->($vio0_ip); - our $prefix = $primary ? '' : 'www.'; -%> - log connection tcp protocol "gemini" { - tls keypair <%= $prefix %>foo.zone - tls keypair <%= $prefix %>buetow.org - tls keypair <%= $prefix %>paul.buetow.org + tls keypair foo.zone + tls keypair snonux.foo + tls keypair paul.buetow.org } relay "gemini4" { diff --git a/frontends/etc/rsyncd.conf.tpl b/frontends/etc/rsyncd.conf.tpl index 693d6c5..2798695 100644 --- a/frontends/etc/rsyncd.conf.tpl +++ b/frontends/etc/rsyncd.conf.tpl @@ -19,3 +19,10 @@ list = yes uid = www gid = www hosts allow = <%= $allow %> + +[sslcerts] +comment = TLS certificates +path = /etc/ssl +read only = yes +list = yes +hosts allow = <%= $allow %> diff --git a/frontends/scripts/acme.sh.tpl b/frontends/scripts/acme.sh.tpl index 0d2dd3c..2b588f4 100644 --- a/frontends/scripts/acme.sh.tpl +++ b/frontends/scripts/acme.sh.tpl @@ -1,12 +1,15 @@ #!/bin/sh -<% - our $primary = $is_primary->($vio0_ip); - our $prefix = $primary ? '' : 'www.'; --%> +MY_IP=`ifconfig vio0 | awk '$1 == "inet" { print $2 }'` function handle_cert { host=$1 + host_ip=`host $host | awk '/has address/ { print $(NF) }'` + if [ "$MY_IP" != "$host_ip" ]; then + echo "Not serving $host, skipping..." + return + fi + # Create symlink, so that relayd also can read it. crt_path=/etc/ssl/$host if [ -e $crt_path.crt ]; then @@ -19,10 +22,12 @@ function handle_cert { has_update=no <% for my $host (@$acme_hosts) { -%> +<% for my $prefix ('', 'www.', 'mirror.') { -%> handle_cert <%= $prefix.$host %> if [ $? -eq 0 ]; then has_update=yes fi +<% } -%> <% } -%> # Current server's FQDN (e.g. for mail server certs) diff --git a/frontends/scripts/gemtexter.sh.tpl b/frontends/scripts/gemtexter.sh.tpl index df6fca9..ebd25d8 100644 --- a/frontends/scripts/gemtexter.sh.tpl +++ b/frontends/scripts/gemtexter.sh.tpl @@ -19,6 +19,10 @@ function ensure_site { ln -s $basename www.$basename fi + if [ ! -e mirror.$basename ]; then + ln -s $basename mirror.$basename + fi + if [ ! -d $basename ]; then git clone $repo -b $branch --single-branch $basename else @@ -43,10 +47,13 @@ function ensure_links { if [ ! -e www.$target ]; then ln -s $basename www.$target fi + + if [ ! -e mirror.$target ]; then + ln -s $basename mirror.$target + fi } -<% if ($is_primary->($vio0_ip)) { %> -for site in foo.zone paul.buetow.org; do +for site in foo.zone paul.buetow.org snonux.foo; do ensure_site \ /var/gemini/$site \ https://codeberg.org/snonux/$site \ @@ -58,6 +65,3 @@ for site in foo.zone paul.buetow.org; do done ensure_links /var/gemini/paul.buetow.org buetow.org -ensure_links /var/gemini/paul.buetow.org snonux.foo -<% } %> - diff --git a/frontends/scripts/rsync.sh.tpl b/frontends/scripts/rsync.sh.tpl index c55a86b..8d7004b 100644 --- a/frontends/scripts/rsync.sh.tpl +++ b/frontends/scripts/rsync.sh.tpl @@ -2,7 +2,5 @@ PATH=$PATH:/usr/local/bin -<% unless ($is_primary->($vio0_ip)) { %> -/usr/local/bin/rsync -av --delete rsync://blowfish.buetow.org/publicgemini/ /var/gemini -/usr/local/bin/rsync -av --delete rsync://blowfish.buetow.org/publichttp/ /var/www/htdocs -<% } %> +# disabled, as pulled directly from codeberg now +exit 0 diff --git a/frontends/var/nsd/zones/master/buetow.org.zone.tpl b/frontends/var/nsd/zones/master/buetow.org.zone.tpl index 2e12e8a..03b0de7 100644 --- a/frontends/var/nsd/zones/master/buetow.org.zone.tpl +++ b/frontends/var/nsd/zones/master/buetow.org.zone.tpl @@ -9,31 +9,41 @@ $TTL 4h IN NS blowfish.buetow.org. IN NS fishfinger.buetow.org. + IN A <%= $ips->{current_master}{ipv4} %> + IN AAAA <%= $ips->{current_master}{ipv6} %> + + IN MX 10 fishfinger.buetow.org. + IN MX 20 blowfish.buetow.org. + cool IN NS ns-75.awsdns-09.com. cool IN NS ns-707.awsdns-24.net. cool IN NS ns-1081.awsdns-07.org. cool IN NS ns-1818.awsdns-35.co.uk. - - IN MX 10 blowfish.buetow.org. - IN MX 20 fishfinger.buetow.org. - 1800 IN A 23.88.35.144 - 1800 IN AAAA 2a01:4f8:c17:20f1::42 -* IN MX 10 blowfish.buetow.org. -* IN MX 20 fishfinger.buetow.org. -* 1800 IN A 23.88.35.144 -* 1800 IN AAAA 2a01:4f8:c17:20f1::42 -@ 1800 IN A 23.88.35.144 -@ 1800 IN AAAA 2a01:4f8:c17:20f1::42 +www.paul 1800 IN CNAME <%= $ips->{current_master}{fqdn} %>. +www.dory 1800 IN CNAME <%= $ips->{current_master}{fqdn} %>. +www.solarcat 1800 IN CNAME <%= $ips->{current_master}{fqdn} %>. + +blowfish 14400 IN A 23.88.35.144 +blowfish 14400 IN AAAA 2a01:4f8:c17:20f1::42 +fishfinger 14400 IN A 46.23.94.99 +fishfinger 14400 IN AAAA 2a03:6000:6f67:624::99 -blowfish 86400 IN A 23.88.35.144 -blowfish 86400 IN AAAA 2a01:4f8:c17:20f1::42 -git1 1800 IN CNAME blowfish -tmp 1800 IN CNAME blowfish -dory 1800 IN CNAME blowfish -fotos 1800 IN CNAME blowfish -paul 1800 IN A 23.88.35.144 -paul 1800 IN AAAA 2a01:4f8:c17:20f1::42 +git1 1800 IN CNAME blowfish +git2 1800 IN CNAME fishfinger + +mirror 1800 IN CNAME <%= $ips->{current_standby}{fqdn} %>. +mirror.paul 1800 IN CNAME <%= $ips->{current_standby}{fqdn} %>. +mirror.dory 1800 IN CNAME <%= $ips->{current_standby}{fqdn} %>. +mirror.solarcat 1800 IN CNAME <%= $ips->{current_standby}{fqdn} %>. +mirror.fotos 1800 IN CNAME <%= $ips->{current_standby}{fqdn} %>. + +zapad.sofia 14400 IN CNAME 79-100-3-54.ip.btc-net.bg. +www2 14400 IN CNAME snonux.codeberg.page. + +protonmail._domainkey.paul IN CNAME protonmail.domainkey.d4xua2siwqfhvecokhuacmyn5fyaxmjk6q3hu2omv2z43zzkl73yq.domains.proton.ch. +protonmail2._domainkey.paul IN CNAME protonmail2.domainkey.d4xua2siwqfhvecokhuacmyn5fyaxmjk6q3hu2omv2z43zzkl73yq.domains.proton.ch. +protonmail3._domainkey.paul IN CNAME protonmail3.domainkey.d4xua2siwqfhvecokhuacmyn5fyaxmjk6q3hu2omv2z43zzkl73yq.domains.proton.ch. paul IN TXT protonmail-verification=a42447901e320064d13e536db4d73ce600d715b7 paul IN TXT v=spf1 include:_spf.protonmail.ch mx ~all paul IN TXT v=DMARC1; p=none @@ -41,25 +51,5 @@ paul IN MX 10 mail.protonmail.ch. paul IN MX 20 mailsec.protonmail.ch. paul IN MX 42 blowfish paul IN MX 42 fishfinger -protonmail._domainkey.paul IN CNAME protonmail.domainkey.d4xua2siwqfhvecokhuacmyn5fyaxmjk6q3hu2omv2z43zzkl73yq.domains.proton.ch. -protonmail2._domainkey.paul IN CNAME protonmail2.domainkey.d4xua2siwqfhvecokhuacmyn5fyaxmjk6q3hu2omv2z43zzkl73yq.domains.proton.ch. -protonmail3._domainkey.paul IN CNAME protonmail3.domainkey.d4xua2siwqfhvecokhuacmyn5fyaxmjk6q3hu2omv2z43zzkl73yq.domains.proton.ch. - -fishfinger 86400 IN A 46.23.94.99 -fishfinger 86400 IN AAAA 2a03:6000:6f67:624::99 -git2 1800 IN CNAME fishfinger -www 1800 IN CNAME fishfinger -www.tmp 1800 IN CNAME fishfinger -www.znc 1800 IN CNAME fishfinger -bnc 1800 IN CNAME www.znc -www.dory 1800 IN CNAME fishfinger -www.fotos 1800 IN CNAME fishfinger -www.paul 1800 IN CNAME fishfinger - -vulcan 86400 IN A 95.216.174.192 -vulcan 86400 IN AAAA 2a01:4f9:c010:250e::1 -vu 86400 IN CNAME vulcan -edge 1800 IN CNAME vulcan -zapad.sofia 86400 IN CNAME 79-100-3-54.ip.btc-net.bg. -www2 1800 IN CNAME snonux.codeberg.page. +* 1800 IN CNAME <%= $ips->{current_master}{fqdn} %>. diff --git a/frontends/var/nsd/zones/master/dtail.dev.zone.tpl b/frontends/var/nsd/zones/master/dtail.dev.zone.tpl index dea0f5d..a0005e9 100644 --- a/frontends/var/nsd/zones/master/dtail.dev.zone.tpl +++ b/frontends/var/nsd/zones/master/dtail.dev.zone.tpl @@ -6,12 +6,15 @@ $TTL 4h 30m ; retry 7d ; expire 1h ) ; negative - IN NS blowfish.buetow.org. IN NS fishfinger.buetow.org. + IN NS blowfish.buetow.org. + + IN MX 10 fishfinger.buetow.org. + IN MX 20 blowfish.buetow.org. - 86400 IN A 23.88.35.144 - 86400 IN AAAA 2a01:4f8:c17:20f1::42 -* 86400 IN CNAME blowfish.buetow.org. -www 86400 IN CNAME fishfinger.buetow.org. + 1800 IN A <%= $ips->{current_master}{ipv4} %> + 1800 IN AAAA <%= $ips->{current_master}{ipv6} %> +* 1800 IN CNAME <%= $ips->{current_master}{fqdn} %>. +mirror 1800 IN CNAME <%= $ips->{current_standby}{fqdn} %>. github 86400 IN CNAME mimecast.github.io. diff --git a/frontends/var/nsd/zones/master/foo.zone.zone.tpl b/frontends/var/nsd/zones/master/foo.zone.zone.tpl index 998ac2f..173bbd1 100644 --- a/frontends/var/nsd/zones/master/foo.zone.zone.tpl +++ b/frontends/var/nsd/zones/master/foo.zone.zone.tpl @@ -6,15 +6,13 @@ $TTL 4h 30m ; retry 7d ; expire 1h ) ; negative - IN NS blowfish.buetow.org. IN NS fishfinger.buetow.org. + IN NS blowfish.buetow.org. - IN MX 10 blowfish.buetow.org. - IN MX 20 fishfinger.buetow.org. + IN MX 10 fishfinger.buetow.org. + IN MX 20 blowfish.buetow.org. - 1800 IN A 23.88.35.144 - 1800 IN AAAA 2a01:4f8:c17:20f1::42 -* 1800 IN CNAME blowfish.buetow.org. -www 1800 IN CNAME fishfinger.buetow.org. -www.tmp 1800 IN CNAME fishfinger.buetow.org. -codeberg 1800 IN CNAME snonux.codeberg.page. + 1800 IN A <%= $ips->{current_master}{ipv4} %> + 1800 IN AAAA <%= $ips->{current_master}{ipv6} %> +* 1800 IN CNAME <%= $ips->{current_master}{fqdn} %>. +mirror 1800 IN CNAME <%= $ips->{current_standby}{fqdn} %>. diff --git a/frontends/var/nsd/zones/master/irregular.ninja.zone.tpl b/frontends/var/nsd/zones/master/irregular.ninja.zone.tpl index 8454cc3..6157bd4 100644 --- a/frontends/var/nsd/zones/master/irregular.ninja.zone.tpl +++ b/frontends/var/nsd/zones/master/irregular.ninja.zone.tpl @@ -6,13 +6,13 @@ $TTL 4h 30m ; retry 7d ; expire 1h ) ; negative - IN NS blowfish.buetow.org. IN NS fishfinger.buetow.org. + IN NS blowfish.buetow.org. - IN MX 10 blowfish.buetow.org. - IN MX 20 fishfinger.buetow.org. + IN MX 10 fishfinger.buetow.org. + IN MX 20 blowfish.buetow.org. - 1800 IN A 23.88.35.144 - 1800 IN AAAA 2a01:4f8:c17:20f1::42 -* 1800 IN CNAME blowfish.buetow.org. -www 1800 IN CNAME fishfinger.buetow.org. + 1800 IN A <%= $ips->{current_master}{ipv4} %> + 1800 IN AAAA <%= $ips->{current_master}{ipv6} %> +* 1800 IN CNAME <%= $ips->{current_master}{fqdn} %>. +mirror 1800 IN CNAME <%= $ips->{current_standby}{fqdn} %>. diff --git a/frontends/var/nsd/zones/master/paul.cyou.zone.tpl b/frontends/var/nsd/zones/master/paul.cyou.zone.tpl deleted file mode 100644 index f5b46f2..0000000 --- a/frontends/var/nsd/zones/master/paul.cyou.zone.tpl +++ /dev/null @@ -1,19 +0,0 @@ -$ORIGIN paul.cyou. -$TTL 4h -@ IN SOA blowfish.buetow.org. hostmaster.buetow.org. ( - <%= time() %> ; serial - 1h ; refresh - 30m ; retry - 7d ; expire - 1h ) ; negative - IN NS blowfish.buetow.org. - IN NS fishfinger.buetow.org. - IN TXT da9a0a283c847df507efd4cd9c5332aa766e1ed6 - - IN MX 10 blowfish.buetow.org. - IN MX 20 fishfinger.buetow.org. - - 1800 IN A 23.88.35.144 - 1800 IN AAAA 2a01:4f8:c17:20f1::42 -* 1800 IN CNAME blowfish.buetow.org. -www 1800 IN CNAME fishfinger.buetow.org. diff --git a/frontends/var/nsd/zones/master/snonux.foo.zone.tpl b/frontends/var/nsd/zones/master/snonux.foo.zone.tpl index b057f20..e765cbe 100644 --- a/frontends/var/nsd/zones/master/snonux.foo.zone.tpl +++ b/frontends/var/nsd/zones/master/snonux.foo.zone.tpl @@ -6,13 +6,13 @@ $TTL 4h 30m ; retry 7d ; expire 1h ) ; negative - IN NS blowfish.buetow.org. IN NS fishfinger.buetow.org. + IN NS blowfish.buetow.org. - IN MX 10 blowfish.buetow.org. - IN MX 20 fishfinger.buetow.org. + IN MX 10 fishfinger.buetow.org. + IN MX 20 blowfish.buetow.org. - 1800 IN A 23.88.35.144 - 1800 IN AAAA 2a01:4f8:c17:20f1::42 -* 1800 IN CNAME blowfish.buetow.org. -www 1800 IN CNAME fishfinger.buetow.org. + 1800 IN A <%= $ips->{current_master}{ipv4} %> + 1800 IN AAAA <%= $ips->{current_master}{ipv6} %> +* 1800 IN CNAME <%= $ips->{current_master}{fqdn} %>. +mirror 1800 IN CNAME <%= $ips->{current_standby}{fqdn} %>. diff --git a/frontends/var/nsd/zones/master/snonux.land.zone.tpl b/frontends/var/nsd/zones/master/snonux.land.zone.tpl deleted file mode 100644 index 8e4fe80..0000000 --- a/frontends/var/nsd/zones/master/snonux.land.zone.tpl +++ /dev/null @@ -1,18 +0,0 @@ -$ORIGIN snonux.land. -$TTL 4h -@ IN SOA blowfish.buetow.org. hostmaster.buetow.org. ( - <%= time() %> ; serial - 1h ; refresh - 30m ; retry - 7d ; expire - 1h ) ; negative - IN NS blowfish.buetow.org. - IN NS fishfinger.buetow.org. - - IN MX 10 blowfish.buetow.org. - IN MX 20 fishfinger.buetow.org. - - 1800 IN A 23.88.35.144 - 1800 IN AAAA 2a01:4f8:c17:20f1::42 -* 1800 IN CNAME blowfish.buetow.org. -www 1800 IN CNAME fishfinger.buetow.org. |