RedXen
/
aports
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Split package secret and configs and integrate dns record in unbound build time

This commit is contained in:
Alex D. 2021-02-08 11:00:58 +00:00
parent c4587d7276
commit c9d98f68dd
Signed by: caskd
GPG Key ID: F92BA85F61F4C173
6 changed files with 72 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
config/opendkim/APKBUILD
View File

@ -1,36 +1,29 @@
# Contributor: Alex Denes <caskd@redxen.eu>
# Maintainer: Alex Denes <caskd@redxen.eu>
pkgname=redxen-config-opendkim
_svcname=opendkim
. ../APKBUILD-config.common
# Date is always changing due to constant key generation
# TODO: Split this into DNS subpackage and key subpackage
pkgver="2021.02.08"
pkgrel=0
pkgdesc="OpenDKIM configuration"
depends="redxen-secret-opendkim~$pkgver"
makedepends="opendkim-utils"
source="
trusted_hosts
signing_table
key_table
opendkim.conf
"
build() {
opendkim-genkey -b 2048 -s mail -d redxen.eu
msg "Add this DNS TXT record"
cat mail.txt
echo "*@redxen.eu $pkgver-mail._domainkey.redxen.eu" > signing_table
echo "$pkgver-mail._domainkey.redxen.eu redxen.eu:mail:/etc/opendkim/redxen/$pkgver-mail.private" > key_table
}
package() {
install -Dm444 opendkim.conf "$pkgdir"/etc/opendkim/redxen/opendkim.conf
install -Dm400 mail.private "$pkgdir"/etc/opendkim/redxen/mail.private
install -Dm444 trusted_hosts "$pkgdir"/etc/opendkim/redxen/trusted_hosts
install -Dm444 signing_table "$pkgdir"/etc/opendkim/redxen/signing_table
install -Dm444 key_table "$pkgdir"/etc/opendkim/redxen/key_table
_files="$source signing_table"
for i in $_files; do
install -Dm444 "$i" "$pkgdir"/etc/opendkim/redxen/"$i"
done
}
sha512sums="6f23dfc823517db661cbe50b3f1f494a1b67e0c9928893f27a3fc5a8b74f0d1304933c79d1a8584be0f61ed0a40aa470fd524561a6b578ae0644bd9f05339952 trusted_hosts
5664c57b1fc5a60f1bab8bffd17265bf5ca6c1b8d2f716f853044e925cff67f9f067de171c75c730d108eee807d061fc2efb4498e741e146f879c956fd90c0d9 signing_table
710e2e0e26fd8de70600e60468936c21da2900cdfab926099dba268db54e54a5a825c2bdacc4740a412cb45c57a289dc8910e795b90ecfe6e09c4ea7c7d3a9d6 key_table
f866a220557210407c9fcb22fd67f59d7cf86ae39c9a0a80ae596b21c9b89a50ccbe1ea85da8dc7b33ee8ffdfc338b577c998e2ff30d7f122a9a35a363b5e2a1 opendkim.conf"
08be7b116306a86fac7cacd4771fa900a6e67ff2b8e33cf839ceecd24c8781763ee3b7b73b5a85da8758c17c62af3615cd0e570b161167c6a0fb13d83a1a90bc opendkim.conf"

1
config/opendkim/key_table
View File

@ -1 +0,0 @@
mail._domainkey.redxen.eu redxen.eu:mail:/etc/opendkim/redxen/mail.private

1
config/opendkim/signing_table
View File

@ -1 +0,0 @@
*@redxen.eu mail._domainkey.redxen.eu

12
config/unbound/APKBUILD
View File

@ -4,9 +4,10 @@ _svcname=unbound
. ../APKBUILD-config.common
pkgver=2021.01.30
pkgrel=4
pkgver=2021.02.08
pkgrel=0
depends="alpine-baselayout unbound ca-certificates-bundle dns-root-hints dnssec-root"
makedepends="redxen-secret-opendkim-dns"
checkdepends="bind-tools"
subpackages="$pkgname-acl $pkgname-rctrl $pkgname-internal $pkgname-auth"
source="
@ -30,7 +31,8 @@ check() {
# Cannot be checked because it expects files in a read-only path, not crucial
#/usr/sbin/unbound-checkconf auth-zones.conf
/usr/sbin/named-checkzone redxen.eu ./redxen.eu
cat redxen.eu /etc/opendkim/redxen/dns-record > redxen.eu-concat
/usr/sbin/named-checkzone redxen.eu ./redxen.eu-concat
}
package() {
@ -51,7 +53,7 @@ internal() {
}
auth() {
install -Dm644 "$srcdir"/redxen.eu "$subpkgdir"/etc/unbound/zones/redxen.eu
install -Dm644 "$srcdir"/redxen.eu-concat "$subpkgdir"/etc/unbound/zones/redxen.eu
install -Dm644 "$srcdir"/auth-zones.conf "$subpkgdir"/etc/unbound/auth-zones.conf
}
@ -61,4 +63,4 @@ d3754ced9d8055ff7f1d364a93c403bba3f220a60ea519bceee5e9c43112d6a00d20d15cf659fdd6
d94ad338e2ea43c3ecdc62c861eddc0bb706807b738dd985309bcdf0b5fb435d7260bf272e2bbe40a774ec5b8fa49cbf23624c2c5213eea94f4f14aa3720abfa rctrl.conf
8b42adfcd96b9bc38275a8e974fc1f2df2138e7a851e45ef466632610e282bfc8af2daae5996f468752c9b2c99d5765cb1dcaa85276b56781f59cf8007465251 internal.conf
28c917fe7f69643887097553312c4f1ffc747dffdbf150430e6c4b2e5833567922810716cb59a27887915664777ac3263be3c826956f504499f0ebdcc0b3aac5 auth-zones.conf
92d3b67fc9f662afde3f315adaf0982df27f87665334d36b8cb2710fb247abb87726c3143e7e696e300857243c178a6b4b6eb597740d8b8dba3302d356f80161 redxen.eu"
b82efa5e5c796a5cadf08ac5bf54a79211318662680eb48e4d680655deecd88c5aabc4bd674fd24a402900adeaad3703af2aee5af221a0baec8e422b4e1017d3 redxen.eu"

50
config/unbound/zones/redxen.eu
View File

@ -43,45 +43,47 @@ taro.nurnberg.hetzner 86400 IN CNAME 9804624.nbg1-dc3
;
; Frontend
@ 86400 IN A 94.130.110.3
@ 86400 IN A 78.46.207.237
@ 86400 IN AAAA 2a01:4f8:c0c:9a10::1
@ 86400 IN AAAA 2a01:4f8:c17:436e::1
@ 10800 IN A 94.130.110.3
@ 10800 IN A 78.46.207.237
@ 10800 IN AAAA 2a01:4f8:c0c:9a10::1
@ 10800 IN AAAA 2a01:4f8:c17:436e::1
;
; Services
;
; Frontend
; social 86400 IN CNAME @ ; on HOLD
git 86400 IN CNAME @
stats 86400 IN CNAME @
sd 86400 IN CNAME @
packages 86400 IN CNAME @
seed 86400 IN CNAME @
; social 10800 IN CNAME @ ; on HOLD
git 10800 IN CNAME @
stats 10800 IN CNAME @
sd 10800 IN CNAME @
packages 10800 IN CNAME @
seed 10800 IN CNAME @
; Wireguard
wireguard 86400 IN CNAME 9013723.fsn1-dc14.hetzner
wireguard 10800 IN CNAME 9013723.fsn1-dc14.hetzner
; Mumble
mumble 86400 IN CNAME 8201371.fsn1-dc14.hetzner
mumble 10800 IN CNAME 8201371.fsn1-dc14.hetzner
; Xonotic
xonotic 86400 IN CNAME 9804624.nbg1-dc3.hetzner
xonotic 10800 IN CNAME 9804624.nbg1-dc3.hetzner
; Mail
@ 86400 IN MX 10 mail
@ 10800 IN MX 10 mail
mail 86400 IN CNAME 9227948.nbg1-dc3.hetzner
smtp 86400 IN CNAME 9227948.nbg1-dc3.hetzner
imap 86400 IN CNAME 9227948.nbg1-dc3.hetzner
; MX mustn't be a alias
mail 10800 IN A 168.119.232.42
mail 10800 IN AAAA 2a01:4f8:1c0c:7ef6::1
@ 86400 IN TXT "v=spf1 mx ip4:94.130.108.207 ip6:2a01:4f8:c0c:8d8d::1 -all"
_DMARC 86400 IN TXT "v=DMARC1; p=quarantine; rua=mailto:postmaster@redxen.eu; ruf=mailto:postmaster@redxen.eu; fo=1; pct=100"
mail._domainkey IN TXT ( "v=DKIM1; k=rsa; "
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2QZUPJtwaXA2p2Wyjmdtq7qV7OpyVi7bNlR82P4v4F/FB+NlzE/qwQtlXoIHhwmpF7ChBt5EmYeH3G3NDgLEwJHVmqSPczLdHz6Z3U+BVjU8B8XsiQj9dXqMwIqIpMILMo3sXPe/g9/ojuqZkCHnFTxEu/JIyBqCtFDp8ax+5Yjh4OFJOVPpR4ifcHSA73MJ+w3Tsq97p3pnnS"
"rzUtL7N0Sm0MpESzak1v741I6LIZjYLbSUV558OD2hqfSd6fdoBoJPVa4mJt1BfdeQpHZPW61l9TJh6FdEjSfb7kIuvWddKMuth6f4Jt/bJ9OJM8K0A4y+lWpP5Al6onP1qNm3IQIDAQAB" )
smtp 10800 IN CNAME 9227948.nbg1-dc3.hetzner
imap 10800 IN CNAME 9227948.nbg1-dc3.hetzner
@ 10800 IN TXT "v=spf1 mx ip4:94.130.108.207 ip6:2a01:4f8:c0c:8d8d::1 -all"
_DMARC 10800 IN TXT "v=DMARC1; p=quarantine; rua=mailto:postmaster@redxen.eu; ruf=mailto:postmaster@redxen.eu; fo=1; pct=100"
; Mumble
_mumble._tcp 86400 IN SRV 0 5 64738 8101153.nbg1-dc3.hetzner
_mumble._tcp 86400 IN SRV 0 5 64738 8201371.fsn1-dc14.hetzner
_mumble._tcp 10800 IN SRV 0 5 64738 8101153.nbg1-dc3.hetzner
_mumble._tcp 10800 IN SRV 0 5 64738 8201371.fsn1-dc14.hetzner
; Build-time records and custom ones

29
secret/opendkim/APKBUILD Normal file
View File

@ -0,0 +1,29 @@
# Contributor: Alex Denes <caskd@redxen.eu>
# Maintainer: Alex Denes <caskd@redxen.eu>
pkgname=redxen-secret-opendkim
pkgver="$(date +'%Y.%m.%d')"
pkgrel=0
pkgdesc="Generated OpenDKIM keys"
url="https://git.redxen.eu/RedXen/aports"
arch="noarch"
license="none"
makedepends="opendkim-utils"
subpackages="$pkgname-dns"
options="!check"
builddir="$srcdir"
source=""
build() {
opendkim-genkey -b 2048 -s "$pkgver-mail" -d redxen.eu
msg "Add this DNS TXT record"
cat "$pkgver-mail".txt
}
package() {
install -Dm400 "$pkgver-mail".private "$pkgdir"/etc/opendkim/redxen/"$pkgver-mail".private
}
dns() {
install -Dm644 "$builddir"/"$pkgver-mail".txt "$subpkgdir"/etc/opendkim/redxen/dns-record
}