From 38cad40790ec5c980ae617ca86d9fb811aea377f Mon Sep 17 00:00:00 2001 From: lilly Date: Thu, 30 Apr 2026 22:53:07 +0200 Subject: [PATCH] configure hh.ccc.de on auth-dns --- .../chaosknoten/host_vars/auth-dns.sops.yaml | 5 +++-- inventories/chaosknoten/host_vars/auth-dns.yaml | 17 +++++++++++++++++ .../chaosknoten/auth-dns/zones/hh.ccc.de.zone | 6 +++++- 3 files changed, 25 insertions(+), 3 deletions(-) diff --git a/inventories/chaosknoten/host_vars/auth-dns.sops.yaml b/inventories/chaosknoten/host_vars/auth-dns.sops.yaml index 1899a27..b69debc 100644 --- a/inventories/chaosknoten/host_vars/auth-dns.sops.yaml +++ b/inventories/chaosknoten/host_vars/auth-dns.sops.yaml @@ -1,4 +1,5 @@ ansible_pull__age_private_key: ENC[AES256_GCM,data:2kBG8j8JHa/dlXgWMdbSobulFdVunf052T1QQfm1X2vpEZx2HPCL87fWea+O0WOg7+eoMYbiShu0Vw1eTjb+687LjU8l4cj2JWIajnYfDGH+ipWXojxj613C3RZV3JfDOclVTwP8fCHu7z7P3fKrsKWb5d3t2ohTT+sGdVdimakAOf192CkufcVIthq2imiWbntiMTOdMGJxyIjqT2Io2H89nSbJXkONsuHCF/PbxhryB2LZbl8aZV32knk=,iv:hpscVc7iO4r/h31vS6Zno2pkEsgA2uR7wD/1PjH1znM=,tag:ypiwFtgeXuj4gOsgTCRTBw==,type:str] +knot__dnssec_key_secret: ENC[AES256_GCM,data:WPFTLyJIttFtqqTZV2fGN0Tt1vRS318TGmd2YqNzYisE3TBi6Z2aClxuYh56Q+j7TUQwCvga3jd5w017sEz3kA==,iv:umaFHBCy9AZgNFv7uXLCtO0o/NZDAZ1QNg5DcGHWEW8=,tag:oR92C1Uj5iXU9L02MqzGSQ==,type:str] sops: age: - recipient: age18zgt4y2sd75hxnpe333zz39048ctxpr0q8a3uqh3jajjkyawsdrq8yg5ve @@ -10,8 +11,8 @@ sops: MEZQTHZXNExsSnl0WW9Vb29sajE1YzAKoYU7rGuR+52+U02uf3eTH9hkIECWdcJv wN9JTwsUn0c6mi/d4AHgv5O04Uw7NxUyGVmFlDZzjxLwPzZyR73SvA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-04-29T19:21:55Z" - mac: ENC[AES256_GCM,data:RLXsIsSdrCuElYQ3x2YpwYzQx0V0zoYP6h9FLD+RqmZ1pWhlk6Ijp9WxCAlEWps9n5rPYYyhZ3ldSJluTVeroPwpzrmwW+xXCGsCC0BFk6PuB4UynfHwWR/3jEK47nAdPbNfONhzGfOeTObYp22c3iHiKL8YochOSlBToA8mFr4=,iv:fZZEa3C/BsNKGdTKlR/hexrzhmLxiMVxgL9nXjX2Q1E=,tag:I5M8SNbSw4w1crsl0z/5+Q==,type:str] + lastmodified: "2026-05-01T17:08:09Z" + mac: ENC[AES256_GCM,data:TaMWf1ESs8nYzxkElMYtsz+/Be0PtI7FA0q6IFK+ob4dl/EN+AeTD7Pp0MZF8zcRvZ4hF0Ybimet5bwVR+d7UIXlXz3qP//pX68JDCvcLMQuhNtm6Ws+mwVxkpxEvBr1PtxlSvcQ76vH3ryEsXkP84gmlCDEdX1GAZYZ9ZS3Cfk=,iv:g3tzUfTPNUQyOAxWJEFPHg0IAPAzQgwYABHm4mFOOrI=,tag:C6KE/bg/3jS7Wc56y6YOJQ==,type:str] pgp: - created_at: "2026-04-29T19:18:43Z" enc: |- diff --git a/inventories/chaosknoten/host_vars/auth-dns.yaml b/inventories/chaosknoten/host_vars/auth-dns.yaml index 25b3de1..1534e4a 100644 --- a/inventories/chaosknoten/host_vars/auth-dns.yaml +++ b/inventories/chaosknoten/host_vars/auth-dns.yaml @@ -1,2 +1,19 @@ --- deploy_systemd_resolved_config__enable: false + +knot__dnssec_key_id: "auth-dns.hamburg.ccc.de-1" +knot__remotes: + - id: ns-intern.hamburg.ccc.de + address: [ "2a00:14b0:f000:23::53", "172.31.17.53" ] + +knot__catalog_zones: + - domain: "hamburg.ccc.de.catalog." + +knot__zones: + # - domain: "hamburg.ccc.de." + # catalog_member: "hamburg.ccc.de.catalog." + # content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/hamburg.ccc.de.zone') }}" + - domain: "hh.ccc.de." + catalog_member: "hamburg.ccc.de.catalog." + notify_targets: [ "ns-intern.hamburg.ccc.de" ] + content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/hh.ccc.de.zone') }}" diff --git a/resources/chaosknoten/auth-dns/zones/hh.ccc.de.zone b/resources/chaosknoten/auth-dns/zones/hh.ccc.de.zone index 8705e3f..35794ba 100644 --- a/resources/chaosknoten/auth-dns/zones/hh.ccc.de.zone +++ b/resources/chaosknoten/auth-dns/zones/hh.ccc.de.zone @@ -8,7 +8,7 @@ $TTL 7200 ; ich hoffe diese aenderung arbeitet um diesen bug herum. ; - haegar 2001.11.14 -@ IN SOA ns.hamburg.ccc.de. haegar.ccc.de. ( +@ IN SOA auth-dns.hamburg.ccc.de. noc.hamburg.ccc.de. ( 2024012601 10800 3600 @@ -67,3 +67,7 @@ uucp IN A 192.76.134.7 ; ChaosVPN hack IN NS cvpn-dns.hack cvpn-dns.hack IN A 172.31.0.5 + + +; tmp test +merz.leck.eier IN TXT "kann er mal"