diff --git a/config/opendkim/APKBUILD b/config/opendkim/APKBUILD index fd72833..bda6dae 100644 --- a/config/opendkim/APKBUILD +++ b/config/opendkim/APKBUILD @@ -1,36 +1,29 @@ # Contributor: Alex Denes # Maintainer: Alex Denes -pkgname=redxen-config-opendkim +_svcname=opendkim . ../APKBUILD-config.common -# Date is always changing due to constant key generation -# TODO: Split this into DNS subpackage and key subpackage +pkgver="2021.02.08" pkgrel=0 -pkgdesc="OpenDKIM configuration" +depends="redxen-secret-opendkim~$pkgver" makedepends="opendkim-utils" source=" trusted_hosts - signing_table - key_table opendkim.conf " build() { - opendkim-genkey -b 2048 -s mail -d redxen.eu - msg "Add this DNS TXT record" - cat mail.txt + echo "*@redxen.eu $pkgver-mail._domainkey.redxen.eu" > signing_table + echo "$pkgver-mail._domainkey.redxen.eu redxen.eu:mail:/etc/opendkim/redxen/$pkgver-mail.private" > key_table } package() { - install -Dm444 opendkim.conf "$pkgdir"/etc/opendkim/redxen/opendkim.conf - install -Dm400 mail.private "$pkgdir"/etc/opendkim/redxen/mail.private - install -Dm444 trusted_hosts "$pkgdir"/etc/opendkim/redxen/trusted_hosts - install -Dm444 signing_table "$pkgdir"/etc/opendkim/redxen/signing_table - install -Dm444 key_table "$pkgdir"/etc/opendkim/redxen/key_table + _files="$source signing_table" + for i in $_files; do + install -Dm444 "$i" "$pkgdir"/etc/opendkim/redxen/"$i" + done } sha512sums="6f23dfc823517db661cbe50b3f1f494a1b67e0c9928893f27a3fc5a8b74f0d1304933c79d1a8584be0f61ed0a40aa470fd524561a6b578ae0644bd9f05339952 trusted_hosts -5664c57b1fc5a60f1bab8bffd17265bf5ca6c1b8d2f716f853044e925cff67f9f067de171c75c730d108eee807d061fc2efb4498e741e146f879c956fd90c0d9 signing_table -710e2e0e26fd8de70600e60468936c21da2900cdfab926099dba268db54e54a5a825c2bdacc4740a412cb45c57a289dc8910e795b90ecfe6e09c4ea7c7d3a9d6 key_table -f866a220557210407c9fcb22fd67f59d7cf86ae39c9a0a80ae596b21c9b89a50ccbe1ea85da8dc7b33ee8ffdfc338b577c998e2ff30d7f122a9a35a363b5e2a1 opendkim.conf" +08be7b116306a86fac7cacd4771fa900a6e67ff2b8e33cf839ceecd24c8781763ee3b7b73b5a85da8758c17c62af3615cd0e570b161167c6a0fb13d83a1a90bc opendkim.conf" diff --git a/config/opendkim/key_table b/config/opendkim/key_table deleted file mode 100644 index da86eae..0000000 --- a/config/opendkim/key_table +++ /dev/null @@ -1 +0,0 @@ -mail._domainkey.redxen.eu redxen.eu:mail:/etc/opendkim/redxen/mail.private diff --git a/config/opendkim/signing_table b/config/opendkim/signing_table deleted file mode 100644 index b38e0ec..0000000 --- a/config/opendkim/signing_table +++ /dev/null @@ -1 +0,0 @@ -*@redxen.eu mail._domainkey.redxen.eu diff --git a/config/unbound/APKBUILD b/config/unbound/APKBUILD index 1d8a9c8..bc6e603 100644 --- a/config/unbound/APKBUILD +++ b/config/unbound/APKBUILD @@ -4,9 +4,10 @@ _svcname=unbound . ../APKBUILD-config.common -pkgver=2021.01.30 -pkgrel=4 +pkgver=2021.02.08 +pkgrel=0 depends="alpine-baselayout unbound ca-certificates-bundle dns-root-hints dnssec-root" +makedepends="redxen-secret-opendkim-dns" checkdepends="bind-tools" subpackages="$pkgname-acl $pkgname-rctrl $pkgname-internal $pkgname-auth" source=" @@ -30,7 +31,8 @@ check() { # Cannot be checked because it expects files in a read-only path, not crucial #/usr/sbin/unbound-checkconf auth-zones.conf - /usr/sbin/named-checkzone redxen.eu ./redxen.eu + cat redxen.eu /etc/opendkim/redxen/dns-record > redxen.eu-concat + /usr/sbin/named-checkzone redxen.eu ./redxen.eu-concat } package() { @@ -51,7 +53,7 @@ internal() { } auth() { - install -Dm644 "$srcdir"/redxen.eu "$subpkgdir"/etc/unbound/zones/redxen.eu + install -Dm644 "$srcdir"/redxen.eu-concat "$subpkgdir"/etc/unbound/zones/redxen.eu install -Dm644 "$srcdir"/auth-zones.conf "$subpkgdir"/etc/unbound/auth-zones.conf } @@ -61,4 +63,4 @@ d3754ced9d8055ff7f1d364a93c403bba3f220a60ea519bceee5e9c43112d6a00d20d15cf659fdd6 d94ad338e2ea43c3ecdc62c861eddc0bb706807b738dd985309bcdf0b5fb435d7260bf272e2bbe40a774ec5b8fa49cbf23624c2c5213eea94f4f14aa3720abfa rctrl.conf 8b42adfcd96b9bc38275a8e974fc1f2df2138e7a851e45ef466632610e282bfc8af2daae5996f468752c9b2c99d5765cb1dcaa85276b56781f59cf8007465251 internal.conf 28c917fe7f69643887097553312c4f1ffc747dffdbf150430e6c4b2e5833567922810716cb59a27887915664777ac3263be3c826956f504499f0ebdcc0b3aac5 auth-zones.conf -92d3b67fc9f662afde3f315adaf0982df27f87665334d36b8cb2710fb247abb87726c3143e7e696e300857243c178a6b4b6eb597740d8b8dba3302d356f80161 redxen.eu" +b82efa5e5c796a5cadf08ac5bf54a79211318662680eb48e4d680655deecd88c5aabc4bd674fd24a402900adeaad3703af2aee5af221a0baec8e422b4e1017d3 redxen.eu" diff --git a/config/unbound/zones/redxen.eu b/config/unbound/zones/redxen.eu index 206e4cd..38b903f 100644 --- a/config/unbound/zones/redxen.eu +++ b/config/unbound/zones/redxen.eu @@ -43,45 +43,47 @@ taro.nurnberg.hetzner 86400 IN CNAME 9804624.nbg1-dc3 ; ; Frontend -@ 86400 IN A 94.130.110.3 -@ 86400 IN A 78.46.207.237 -@ 86400 IN AAAA 2a01:4f8:c0c:9a10::1 -@ 86400 IN AAAA 2a01:4f8:c17:436e::1 +@ 10800 IN A 94.130.110.3 +@ 10800 IN A 78.46.207.237 +@ 10800 IN AAAA 2a01:4f8:c0c:9a10::1 +@ 10800 IN AAAA 2a01:4f8:c17:436e::1 ; ; Services ; ; Frontend -; social 86400 IN CNAME @ ; on HOLD -git 86400 IN CNAME @ -stats 86400 IN CNAME @ -sd 86400 IN CNAME @ -packages 86400 IN CNAME @ -seed 86400 IN CNAME @ +; social 10800 IN CNAME @ ; on HOLD +git 10800 IN CNAME @ +stats 10800 IN CNAME @ +sd 10800 IN CNAME @ +packages 10800 IN CNAME @ +seed 10800 IN CNAME @ ; Wireguard -wireguard 86400 IN CNAME 9013723.fsn1-dc14.hetzner +wireguard 10800 IN CNAME 9013723.fsn1-dc14.hetzner ; Mumble -mumble 86400 IN CNAME 8201371.fsn1-dc14.hetzner +mumble 10800 IN CNAME 8201371.fsn1-dc14.hetzner ; Xonotic -xonotic 86400 IN CNAME 9804624.nbg1-dc3.hetzner +xonotic 10800 IN CNAME 9804624.nbg1-dc3.hetzner ; Mail -@ 86400 IN MX 10 mail +@ 10800 IN MX 10 mail -mail 86400 IN CNAME 9227948.nbg1-dc3.hetzner -smtp 86400 IN CNAME 9227948.nbg1-dc3.hetzner -imap 86400 IN CNAME 9227948.nbg1-dc3.hetzner +; MX mustn't be a alias +mail 10800 IN A 168.119.232.42 +mail 10800 IN AAAA 2a01:4f8:1c0c:7ef6::1 -@ 86400 IN TXT "v=spf1 mx ip4:94.130.108.207 ip6:2a01:4f8:c0c:8d8d::1 -all" -_DMARC 86400 IN TXT "v=DMARC1; p=quarantine; rua=mailto:postmaster@redxen.eu; ruf=mailto:postmaster@redxen.eu; fo=1; pct=100" -mail._domainkey IN TXT ( "v=DKIM1; k=rsa; " - "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2QZUPJtwaXA2p2Wyjmdtq7qV7OpyVi7bNlR82P4v4F/FB+NlzE/qwQtlXoIHhwmpF7ChBt5EmYeH3G3NDgLEwJHVmqSPczLdHz6Z3U+BVjU8B8XsiQj9dXqMwIqIpMILMo3sXPe/g9/ojuqZkCHnFTxEu/JIyBqCtFDp8ax+5Yjh4OFJOVPpR4ifcHSA73MJ+w3Tsq97p3pnnS" - "rzUtL7N0Sm0MpESzak1v741I6LIZjYLbSUV558OD2hqfSd6fdoBoJPVa4mJt1BfdeQpHZPW61l9TJh6FdEjSfb7kIuvWddKMuth6f4Jt/bJ9OJM8K0A4y+lWpP5Al6onP1qNm3IQIDAQAB" ) +smtp 10800 IN CNAME 9227948.nbg1-dc3.hetzner +imap 10800 IN CNAME 9227948.nbg1-dc3.hetzner + +@ 10800 IN TXT "v=spf1 mx ip4:94.130.108.207 ip6:2a01:4f8:c0c:8d8d::1 -all" +_DMARC 10800 IN TXT "v=DMARC1; p=quarantine; rua=mailto:postmaster@redxen.eu; ruf=mailto:postmaster@redxen.eu; fo=1; pct=100" ; Mumble -_mumble._tcp 86400 IN SRV 0 5 64738 8101153.nbg1-dc3.hetzner -_mumble._tcp 86400 IN SRV 0 5 64738 8201371.fsn1-dc14.hetzner +_mumble._tcp 10800 IN SRV 0 5 64738 8101153.nbg1-dc3.hetzner +_mumble._tcp 10800 IN SRV 0 5 64738 8201371.fsn1-dc14.hetzner + +; Build-time records and custom ones diff --git a/secret/opendkim/APKBUILD b/secret/opendkim/APKBUILD new file mode 100644 index 0000000..107098e --- /dev/null +++ b/secret/opendkim/APKBUILD @@ -0,0 +1,29 @@ +# Contributor: Alex Denes +# Maintainer: Alex Denes +pkgname=redxen-secret-opendkim +pkgver="$(date +'%Y.%m.%d')" +pkgrel=0 +pkgdesc="Generated OpenDKIM keys" +url="https://git.redxen.eu/RedXen/aports" +arch="noarch" +license="none" +makedepends="opendkim-utils" +subpackages="$pkgname-dns" +options="!check" +builddir="$srcdir" +source="" + +build() { + opendkim-genkey -b 2048 -s "$pkgver-mail" -d redxen.eu + msg "Add this DNS TXT record" + cat "$pkgver-mail".txt +} + +package() { + install -Dm400 "$pkgver-mail".private "$pkgdir"/etc/opendkim/redxen/"$pkgver-mail".private +} + +dns() { + install -Dm644 "$builddir"/"$pkgver-mail".txt "$subpkgdir"/etc/opendkim/redxen/dns-record +} +