From d880eb867798f24f44612f3cb5d8029f39651186 Mon Sep 17 00:00:00 2001 From: lilly Date: Sun, 3 May 2026 16:41:19 +0200 Subject: [PATCH 01/27] fix systemd-resolved not being installed closes https://git.hamburg.ccc.de/CCCHH/ansible-infra/issues/88 --- roles/deploy_systemd_resolved_config/tasks/enable.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/roles/deploy_systemd_resolved_config/tasks/enable.yaml b/roles/deploy_systemd_resolved_config/tasks/enable.yaml index 395ef0d..9a7438e 100644 --- a/roles/deploy_systemd_resolved_config/tasks/enable.yaml +++ b/roles/deploy_systemd_resolved_config/tasks/enable.yaml @@ -1,4 +1,11 @@ --- +- name: Ensure systemd-resolved is installed + tags: [ "deploy_systemd_resolved_config" ] + become: true + when: ansible_facts["distribution"] == "Debian" + ansible.builtin.package: + name: [ "systemd-resolved" ] + - name: Deploy systemd-resolved config tags: [ "deploy_systemd_resolved_config" ] become: true From adc34001770be1ddd67a397b10c5b6a634bc0c45 Mon Sep 17 00:00:00 2001 From: lilly Date: Wed, 6 May 2026 11:43:33 +0200 Subject: [PATCH 02/27] mute ansible discovered interpreter warning --- ansible.cfg | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible.cfg b/ansible.cfg index 805406f..dd28116 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -4,3 +4,4 @@ pipelining = True vars_plugins_enabled = host_group_vars,community.sops.sops collections_path = ./ roles_path = ./galaxy-roles +interpreter_python = python3 From fa94d59df60b892b71dfafe737256cb6dfe12611 Mon Sep 17 00:00:00 2001 From: lilly Date: Wed, 29 Apr 2026 22:44:20 +0200 Subject: [PATCH 03/27] add barebones knot config This configuration does not yet do much but it provisions a knot server that runs. --- .../chaosknoten/host_vars/auth-dns.yaml | 1 + playbooks/deploy.yaml | 5 ++ .../auth-dns/docker_compose/compose.yaml.j2 | 13 ++++ roles/auth-dns/handlers/main.yaml | 8 +++ roles/auth-dns/tasks/01-install.yaml | 11 ++++ roles/auth-dns/tasks/02-configure.yaml | 11 ++++ roles/auth-dns/tasks/main.yaml | 3 + roles/auth-dns/templates/knot.conf.j2 | 64 +++++++++++++++++++ 8 files changed, 116 insertions(+) create mode 100644 inventories/chaosknoten/host_vars/auth-dns.yaml create mode 100644 resources/chaosknoten/auth-dns/docker_compose/compose.yaml.j2 create mode 100644 roles/auth-dns/handlers/main.yaml create mode 100644 roles/auth-dns/tasks/01-install.yaml create mode 100644 roles/auth-dns/tasks/02-configure.yaml create mode 100644 roles/auth-dns/tasks/main.yaml create mode 100644 roles/auth-dns/templates/knot.conf.j2 diff --git a/inventories/chaosknoten/host_vars/auth-dns.yaml b/inventories/chaosknoten/host_vars/auth-dns.yaml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/inventories/chaosknoten/host_vars/auth-dns.yaml @@ -0,0 +1 @@ +--- diff --git a/playbooks/deploy.yaml b/playbooks/deploy.yaml index e032782..130d914 100644 --- a/playbooks/deploy.yaml +++ b/playbooks/deploy.yaml @@ -101,3 +101,8 @@ - name: Run ensure_eh22_styleguide_dir Playbook ansible.builtin.import_playbook: ensure_eh22_styleguide_dir.yaml + +- name: Setup authoritative dns servers + hosts: auth-dns + roles: + - auth-dns diff --git a/resources/chaosknoten/auth-dns/docker_compose/compose.yaml.j2 b/resources/chaosknoten/auth-dns/docker_compose/compose.yaml.j2 new file mode 100644 index 0000000..7ebc230 --- /dev/null +++ b/resources/chaosknoten/auth-dns/docker_compose/compose.yaml.j2 @@ -0,0 +1,13 @@ +# Links & Resources +# https://www.knot-dns.cz/docs/latest/html/index.html + +services: + knot: + image: docker.io/cznic/knot:v3.5.4 + restart: unless-stopped + command: "knotd" + network_mode: host + volumes: + - ./configs:/config:ro + - ./storage:/storage + diff --git a/roles/auth-dns/handlers/main.yaml b/roles/auth-dns/handlers/main.yaml new file mode 100644 index 0000000..5ee0a5d --- /dev/null +++ b/roles/auth-dns/handlers/main.yaml @@ -0,0 +1,8 @@ +- tags: [ 02-auth-dns ] + name: restart knot + become: true + notify: restart knot + ansible.builtin.systemd: + name: knot.service + state: restarted + diff --git a/roles/auth-dns/tasks/01-install.yaml b/roles/auth-dns/tasks/01-install.yaml new file mode 100644 index 0000000..0a269d6 --- /dev/null +++ b/roles/auth-dns/tasks/01-install.yaml @@ -0,0 +1,11 @@ +--- +- name: Install knot + tags: [ auth-dns ] + become: true + ansible.builtin.package: + name: + - knot + - knot-exporter + - knot-dnssecutils + - knot-dnsutils + - knot-host diff --git a/roles/auth-dns/tasks/02-configure.yaml b/roles/auth-dns/tasks/02-configure.yaml new file mode 100644 index 0000000..661864c --- /dev/null +++ b/roles/auth-dns/tasks/02-configure.yaml @@ -0,0 +1,11 @@ +- tags: [ auth-dns ] + name: Deploy knot configuration file + become: true + notify: restart knot + ansible.builtin.template: + src: knot.conf.j2 + dest: /etc/knot/knot.conf + owner: knot + group: knot + mode: u=rw,g=r,o= + diff --git a/roles/auth-dns/tasks/main.yaml b/roles/auth-dns/tasks/main.yaml new file mode 100644 index 0000000..cdf9511 --- /dev/null +++ b/roles/auth-dns/tasks/main.yaml @@ -0,0 +1,3 @@ +--- +- ansible.builtin.import_tasks: 01-install.yaml # noqa: name[missing] +- ansible.builtin.import_tasks: 02-configure.yaml # noqa: name[missing] diff --git a/roles/auth-dns/templates/knot.conf.j2 b/roles/auth-dns/templates/knot.conf.j2 new file mode 100644 index 0000000..d0e5a5a --- /dev/null +++ b/roles/auth-dns/templates/knot.conf.j2 @@ -0,0 +1,64 @@ +# {{ ansible_managed }} +# See knot.conf(5) or refer to the server documentation. + +server: + rundir: "/run/knot" + user: knot:knot + automatic-acl: on + listen: [ "0.0.0.0@53", "::@53" ] + +log: + - target: syslog + any: info + +database: + storage: "/var/lib/knot" + +key: + - id: auth-dns.hamburg.ccc.de + algorithm: hmac-sha512 + secret: "" + +remote: + - id: quad9 + address: "2620:fe::fe" + +# define how the presence of parent KSK keys is checked +# in this case, we just ask quad9 which is an open resolver +submission: + - id: default + parent: quad9 + parent-delay: 1h + +# define how dnssec signing is done +# in this case we don't do anything special but teach knot how to check of KSK presence +policy: + - id: default + ksk-submission: default + nsec3: true + nsec3-salt-length: 0 + +# define default settings that apply to all zones +template: + - id: default + storage: "/etc/knot/zones" + file: "%s.zone" + semantic-checks: on + zonefile-sync: -1 + zonefile-load: difference-no-serial + journal-content: all + default-ttl: 60 + catalog-role: member + catalog-zone: hamburg.ccc.de.catalog. + dnssec-signing: on + dnssec-policy: default + {# notify: ["ns1.hanse.de", "ns.bsd.network."] #} + + - id: minimal + {# notify: ["ns1.hanse.de", "ns.bsd.network."] #} + +zone: + {# - domain: onsite.eurofurence.catalog. #} + {# template: minimal #} + {# catalog-role: generate #} + {# - domain: "onsite.eurofurence.org" #} From becee70ab916662295e29a417ed88955de6548cb Mon Sep 17 00:00:00 2001 From: lilly Date: Thu, 30 Apr 2026 22:53:07 +0200 Subject: [PATCH 04/27] disable systemd-resolved on auth-dns --- inventories/chaosknoten/host_vars/auth-dns.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/inventories/chaosknoten/host_vars/auth-dns.yaml b/inventories/chaosknoten/host_vars/auth-dns.yaml index ed97d53..25b3de1 100644 --- a/inventories/chaosknoten/host_vars/auth-dns.yaml +++ b/inventories/chaosknoten/host_vars/auth-dns.yaml @@ -1 +1,2 @@ --- +deploy_systemd_resolved_config__enable: false From 6fa2d65db2755c9d11dd1cb0743c03c72b6afba3 Mon Sep 17 00:00:00 2001 From: lilly Date: Thu, 30 Apr 2026 22:53:07 +0200 Subject: [PATCH 05/27] enable auth-dns role to actually configure useful zones --- roles/auth-dns/defaults/main.yaml | 2 + roles/auth-dns/handlers/main.yaml | 14 ++++- roles/auth-dns/meta/argument_specs.yaml | 59 +++++++++++++++++++ roles/auth-dns/tasks/02-configure.yaml | 41 +++++++++++++ roles/auth-dns/templates/knot.conf.j2 | 55 +++++++++++++---- .../templates/netplan-disable-ra.yaml | 14 +++++ roles/auth-dns/templates/zone.j2 | 4 ++ 7 files changed, 175 insertions(+), 14 deletions(-) create mode 100644 roles/auth-dns/defaults/main.yaml create mode 100644 roles/auth-dns/meta/argument_specs.yaml create mode 100644 roles/auth-dns/templates/netplan-disable-ra.yaml create mode 100644 roles/auth-dns/templates/zone.j2 diff --git a/roles/auth-dns/defaults/main.yaml b/roles/auth-dns/defaults/main.yaml new file mode 100644 index 0000000..50a3ffb --- /dev/null +++ b/roles/auth-dns/defaults/main.yaml @@ -0,0 +1,2 @@ +--- +knot__remotes: [ ] diff --git a/roles/auth-dns/handlers/main.yaml b/roles/auth-dns/handlers/main.yaml index 5ee0a5d..0d74c51 100644 --- a/roles/auth-dns/handlers/main.yaml +++ b/roles/auth-dns/handlers/main.yaml @@ -1,8 +1,18 @@ -- tags: [ 02-auth-dns ] +- tags: [ auth-dns ] name: restart knot become: true - notify: restart knot ansible.builtin.systemd: name: knot.service state: restarted +- name: reload knot zones + tags: [ auth-dns ] + become: true + changed_when: true + ansible.builtin.command: "knotc zone-reload" + +- name: netplan apply + tags: [ auth-dns ] + become: true + changed_when: true + ansible.builtin.command: "netplan apply" diff --git a/roles/auth-dns/meta/argument_specs.yaml b/roles/auth-dns/meta/argument_specs.yaml new file mode 100644 index 0000000..40a5823 --- /dev/null +++ b/roles/auth-dns/meta/argument_specs.yaml @@ -0,0 +1,59 @@ +--- +argument_specs: + main: + options: + knot__dnssec_key_id: + description: The id of the TSIG key which knot will use for zone transfer signing + type: str + required: true + knot__dnssec_key_secret: + description: The secret value of the TSIG key which knot will use for zone transfer signing + type: str + required: true + knot__remotes: + description: + - A list of definitions for remote nameservers that are used for different purposes + - See https://www.knot-dns.cz/docs/latest/html/reference.html#remote-section for details + type: list + elements: dict + required: false + options: + id: + type: str + required: true + address: + type: list + required: true + elements: str + knot__catalog_zones: + description: A list of catalog zones that will be served by knot + type: list + elements: dict + required: true + options: + domain: + type: str + required: true + notify_targets: + type: list + elements: str + required: false + knot__zones: + description: A list of user zones that will be served by knot + type: list + elements: dict + required: true + options: + domain: + type: str + required: true + notify_targets: + type: list + elements: str + required: false + catalog_member: + type: str + required: false + content: + type: str + required: true diff --git a/roles/auth-dns/tasks/02-configure.yaml b/roles/auth-dns/tasks/02-configure.yaml index 661864c..89116a4 100644 --- a/roles/auth-dns/tasks/02-configure.yaml +++ b/roles/auth-dns/tasks/02-configure.yaml @@ -1,3 +1,14 @@ +- tags: [ auth-dns ] + name: Ensure required directories exist + become: true + loop: [ "/etc/knot", "/etc/knot/zones" ] + ansible.builtin.file: + path: "{{ item }}" + state: directory + owner: knot + group: knot + mode: u=rwx,g=rx,o= + - tags: [ auth-dns ] name: Deploy knot configuration file become: true @@ -9,3 +20,33 @@ group: knot mode: u=rw,g=r,o= +- name: Deploy configured zones + tags: [ auth-dns ] + become: true + notify: reload knot zones + loop: "{{ knot__zones }}" + loop_control: + label: "{{ item.domain }}" + vars: + zone_content: "{{ item.content }}" + ansible.builtin.template: + src: zone.j2 + dest: "/etc/knot/zones/{{ item.domain }}zone" + owner: knot + group: knot + mode: u=rw,g=r + +# this seems weird but hear me out: +# if we don't disable SLAAC, the node automatically gets an address based on IPv6 Router-Advertisements +# this results in outgoing zone transfers failing because knot will prefer to use the dynamic address over the statically configured one. +# so because we are configuring a DNS Nameserver where known IP-Addresses are actually important for ACL reasons, SLAAC is disabled +- name: Disable IPv6 SLAAC + tags: [ auth-dns ] + become: true + notify: netplan apply + ansible.builtin.template: + src: "netplan-disable-ra.yaml" + dest: "/etc/netplan/10-disable-ra.yaml" + owner: root + group: root + mode: u=rw,g=,o= diff --git a/roles/auth-dns/templates/knot.conf.j2 b/roles/auth-dns/templates/knot.conf.j2 index d0e5a5a..243c0b7 100644 --- a/roles/auth-dns/templates/knot.conf.j2 +++ b/roles/auth-dns/templates/knot.conf.j2 @@ -15,13 +15,21 @@ database: storage: "/var/lib/knot" key: - - id: auth-dns.hamburg.ccc.de + - id: {{ knot__dnssec_key_id }} algorithm: hmac-sha512 - secret: "" + secret: "{{ knot__dnssec_key_secret }}" remote: + # static, external and public remote used for DNSSEC KSK checking - id: quad9 address: "2620:fe::fe" + {% if knot__remotes -%} + # additional remotes used in the config + {% for i_remote in knot__remotes -%} + - id: "{{ i_remote.id }}" + address: [ {% for i_addr in i_remote.address %}"{{ i_addr}}"{% if not loop.last %},{% endif %} {% endfor %} ] + {% endfor %} + {% endif %} # define how the presence of parent KSK keys is checked # in this case, we just ask quad9 which is an open resolver @@ -31,7 +39,7 @@ submission: parent-delay: 1h # define how dnssec signing is done -# in this case we don't do anything special but teach knot how to check of KSK presence +# in this case we don't do anything special but teach knot how to check for KSK presence policy: - id: default ksk-submission: default @@ -40,25 +48,48 @@ policy: # define default settings that apply to all zones template: + # template for general-purpose user zones - id: default storage: "/etc/knot/zones" file: "%s.zone" semantic-checks: on zonefile-sync: -1 zonefile-load: difference-no-serial + serial-policy: dateserial journal-content: all - default-ttl: 60 - catalog-role: member - catalog-zone: hamburg.ccc.de.catalog. + default-ttl: 7200 dnssec-signing: on dnssec-policy: default - {# notify: ["ns1.hanse.de", "ns.bsd.network."] #} - - id: minimal - {# notify: ["ns1.hanse.de", "ns.bsd.network."] #} + {# catalog-role: member #} + {# catalog-zone: hamburg.ccc.de.catalog. #} + # template for automatically created special zones + - id: catalog + catalog-role: generate + dnssec-signing: on + dnssec-policy: default + + +# define zones on this server +# See https://www.knot-dns.cz/docs/3.4/html/reference.html#zone-section zone: - {# - domain: onsite.eurofurence.catalog. #} - {# template: minimal #} - {# catalog-role: generate #} + # catalog zones + {% for i_zone in knot__catalog_zones -%} + - domain: "{{ i_zone.domain }}" + template: catalog + notify: [ {% for i_notif in i_zone.notify_targets | default([]) %}"{{ i_notif }}"{% if not loop.last %}, {% endif %}{% endfor %} ] + {% endfor %} + + # normal zones + {% for i_zone in knot__zones -%} + - domain: "{{ i_zone.domain }}" + template: default + notify: [ {% for i_notif in i_zone.notify_targets | default([]) %}"{{ i_notif }}"{% if not loop.last %}, {% endif %}{% endfor %} ] + {% if i_zone.catalog_member | default(False) -%} + catalog-role: member + catalog-zone: "{{ i_zone.catalog_member }}" + {% endif %} + {% endfor %} + {# - domain: "onsite.eurofurence.org" #} diff --git a/roles/auth-dns/templates/netplan-disable-ra.yaml b/roles/auth-dns/templates/netplan-disable-ra.yaml new file mode 100644 index 0000000..505fba2 --- /dev/null +++ b/roles/auth-dns/templates/netplan-disable-ra.yaml @@ -0,0 +1,14 @@ +# {{ ansible_managed }} +network: + ethernets: + {%- for i_iface_name in ansible_interfaces -%} + {%- if i_iface_name != "lo" -%} + {%- set i_iface = ansible_facts[i_iface_name] %} + + {{ i_iface_name }}: + match: + macaddress: "{{ i_iface.macaddress }}" + accept-ra: false + {% endif %} + {% endfor %} + diff --git a/roles/auth-dns/templates/zone.j2 b/roles/auth-dns/templates/zone.j2 new file mode 100644 index 0000000..59edf5f --- /dev/null +++ b/roles/auth-dns/templates/zone.j2 @@ -0,0 +1,4 @@ +; {{ ansible_managed }} + +{{ zone_content }} + From c0a09cd2991e58dfd7a9a78e464f29e23c03c34e Mon Sep 17 00:00:00 2001 From: lilly Date: Thu, 30 Apr 2026 22:53:07 +0200 Subject: [PATCH 06/27] add old zones from ns-intern --- .../auth-dns/zones/0.0.127.in-addr.arpa.zone | 12 + .../chaosknoten/auth-dns/zones/127.0.0.zone | 11 + .../auth-dns/zones/168.192.in-addr.arpa.zone | 10 + .../zones/17.31.172.in-addr.arpa.zone | 49 ++ ....0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone | 16 + ....0.0.0.0.0.f.0.b.4.1.0.0.a.2.ip6.arpa.zone | 43 ++ ....0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone | 15 + ....0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone | 15 + ....0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone | 15 + ....0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone | 15 + resources/chaosknoten/auth-dns/zones/Makefile | 93 +++ .../chaosknoten/auth-dns/zones/ccchh.net.zone | 72 +++ .../auth-dns/zones/eh20.easterhegg.eu.zone | 27 + .../auth-dns/zones/eh22.easterhegg.eu.zone | 45 ++ .../auth-dns/zones/hamburg.ccc.de.zone | 590 ++++++++++++++++++ .../chaosknoten/auth-dns/zones/hh.ccc.de.zone | 69 ++ .../chaosknoten/auth-dns/zones/localhost.zone | 12 + .../auth-dns/zones/old-old/ccc.zone | 61 ++ .../auth-dns/zones/old-old/vpn.hh.ccc.zone | 37 ++ 19 files changed, 1207 insertions(+) create mode 100644 resources/chaosknoten/auth-dns/zones/0.0.127.in-addr.arpa.zone create mode 100644 resources/chaosknoten/auth-dns/zones/127.0.0.zone create mode 100644 resources/chaosknoten/auth-dns/zones/168.192.in-addr.arpa.zone create mode 100644 resources/chaosknoten/auth-dns/zones/17.31.172.in-addr.arpa.zone create mode 100644 resources/chaosknoten/auth-dns/zones/2.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone create mode 100644 resources/chaosknoten/auth-dns/zones/3.2.0.0.0.0.0.f.0.b.4.1.0.0.a.2.ip6.arpa.zone create mode 100644 resources/chaosknoten/auth-dns/zones/3.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone create mode 100644 resources/chaosknoten/auth-dns/zones/4.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone create mode 100644 resources/chaosknoten/auth-dns/zones/5.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone create mode 100644 resources/chaosknoten/auth-dns/zones/6.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone create mode 100644 resources/chaosknoten/auth-dns/zones/Makefile create mode 100644 resources/chaosknoten/auth-dns/zones/ccchh.net.zone create mode 100644 resources/chaosknoten/auth-dns/zones/eh20.easterhegg.eu.zone create mode 100644 resources/chaosknoten/auth-dns/zones/eh22.easterhegg.eu.zone create mode 100644 resources/chaosknoten/auth-dns/zones/hamburg.ccc.de.zone create mode 100644 resources/chaosknoten/auth-dns/zones/hh.ccc.de.zone create mode 100644 resources/chaosknoten/auth-dns/zones/localhost.zone create mode 100644 resources/chaosknoten/auth-dns/zones/old-old/ccc.zone create mode 100644 resources/chaosknoten/auth-dns/zones/old-old/vpn.hh.ccc.zone diff --git a/resources/chaosknoten/auth-dns/zones/0.0.127.in-addr.arpa.zone b/resources/chaosknoten/auth-dns/zones/0.0.127.in-addr.arpa.zone new file mode 100644 index 0000000..770447b --- /dev/null +++ b/resources/chaosknoten/auth-dns/zones/0.0.127.in-addr.arpa.zone @@ -0,0 +1,12 @@ +$ORIGIN 0.0.127.in-addr.arpa. +$TTL 7200 + +@ 1D IN SOA localhost. root.localhost. ( + 42 ; serial (d. adams) + 3H ; refresh + 15M ; retry + 1W ; expiry + 1D ) ; minimum + + 1D IN NS localhost. +1 1D IN PTR localhost. diff --git a/resources/chaosknoten/auth-dns/zones/127.0.0.zone b/resources/chaosknoten/auth-dns/zones/127.0.0.zone new file mode 100644 index 0000000..b9b7bf5 --- /dev/null +++ b/resources/chaosknoten/auth-dns/zones/127.0.0.zone @@ -0,0 +1,11 @@ +$ORIGIN 0.0.127.in-addr.arpa. + +@ 1D IN SOA localhost. root.localhost. ( + 42 ; serial (d. adams) + 3H ; refresh + 15M ; retry + 1W ; expiry + 1D ) ; minimum + + 1D IN NS localhost. +1 1D IN PTR localhost. diff --git a/resources/chaosknoten/auth-dns/zones/168.192.in-addr.arpa.zone b/resources/chaosknoten/auth-dns/zones/168.192.in-addr.arpa.zone new file mode 100644 index 0000000..910c596 --- /dev/null +++ b/resources/chaosknoten/auth-dns/zones/168.192.in-addr.arpa.zone @@ -0,0 +1,10 @@ +$TTL 7200 + +@ IN SOA ns.hamburg.ccc.de. hostmaster.ccc.de. ( + 2016111701 + 10800 + 3600 + 3600000 + 86400 ) + + IN NS ns.hamburg.ccc.de. diff --git a/resources/chaosknoten/auth-dns/zones/17.31.172.in-addr.arpa.zone b/resources/chaosknoten/auth-dns/zones/17.31.172.in-addr.arpa.zone new file mode 100644 index 0000000..ea2c1ce --- /dev/null +++ b/resources/chaosknoten/auth-dns/zones/17.31.172.in-addr.arpa.zone @@ -0,0 +1,49 @@ +$TTL 7200 + +@ IN SOA ns-intern.hamburg.ccc.de. haegar.ccc.de. ( + 2025020101 + 10800 + 3600 + 3600000 + 86400 ) + + IN NS ns-intern.hamburg.ccc.de. + +1 IN PTR turing-vzhost.hamburg.ccc.de. +14 IN PTR attraktor-intern.hamburg.ccc.de. +53 IN PTR ns-intern.hamburg.ccc.de. +122 IN PTR oldturing.hamburg.ccc.de. +129 IN PTR turing-router.hamburg.ccc.de. +131 IN PTR officemail.hh.ccc.de. +132 IN PTR turing-new.hamburg.ccc.de. +133 IN PTR gitlab-intern.hamburg.ccc.de. +134 IN PTR jabber-intern.hamburg.ccc.de. +135 IN PTR turing-db.hamburg.ccc.de. +136 IN PTR chaosvpn-dns.hamburg.ccc.de. +137 IN PTR attraktor-intern2.hamburg.ccc.de. +138 IN PTR gitlab-test-intern.hamburg.ccc.de. +139 IN PTR gitlab-runner.hamburg.ccc.de. +142 IN PTR turing-intern2.hamburg.ccc.de. +143 IN PTR cloud-intern.hamburg.ccc.de. +144 IN PTR keycloak-intern.hamburg.ccc.de. +145 IN PTR grafana-intern.hamburg.ccc.de. +146 IN PTR wiki-intern.hamburg.ccc.de. +147 IN PTR onlyoffice-intern.hamburg.ccc.de. +148 IN PTR tickets-intern.hamburg.ccc.de. +149 IN PTR netbox-intern.hamburg.ccc.de. +150 IN PTR matrix-intern.hamburg.ccc.de. +151 IN PTR public-web-static-intern.hamburg.ccc.de. +152 IN PTR zammad-intern.hamburg.ccc.de. +153 IN PTR ns-intern2.hamburg.ccc.de. +156 IN PTR ccchoir-intern.hamburg.ccc.de. +157 IN PTR pretalx-intern.hamburg.ccc.de. +163 IN PTR renovate-forgejo.hamburg.ccc.de +180 IN PTR rproxy-intern.hamburg.ccc.de. +199 IN PTR template.hamburg.ccc.de. +201 IN PTR cow-intern.hamburg.ccc.de. +202 IN PTR forgejo-runner-builder.hamburg.ccc.de. +202 IN PTR forgejo-runner-ubuntu.hamburg.ccc.de. +204 IN PTR eh22hub-intern.hamburg.ccc.de. +212 IN PTR eh20-intern.hamburg.ccc.de. +213 IN PTR cryptoparty-intern.hamburg.ccc.de. +254 IN PTR chaosknoten.hamburg.ccc.de. diff --git a/resources/chaosknoten/auth-dns/zones/2.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone b/resources/chaosknoten/auth-dns/zones/2.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone new file mode 100644 index 0000000..205bda5 --- /dev/null +++ b/resources/chaosknoten/auth-dns/zones/2.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone @@ -0,0 +1,16 @@ +$TTL 7200 + +@ IN SOA ns.hamburg.ccc.de. haegar.ccc.de. ( + 2023073001 + 10800 + 3600 + 3600000 + 86400 ) + + IN NS ns.hamburg.ccc.de. + IN NS ns.vie.ccc.de. + +; 2a00:14b0:4200:3000:122::1 + +1.0.0.0.0.0.0.0.0.0.0.0 IN PTR turing.hamburg.ccc.de. + diff --git a/resources/chaosknoten/auth-dns/zones/3.2.0.0.0.0.0.f.0.b.4.1.0.0.a.2.ip6.arpa.zone b/resources/chaosknoten/auth-dns/zones/3.2.0.0.0.0.0.f.0.b.4.1.0.0.a.2.ip6.arpa.zone new file mode 100644 index 0000000..240d783 --- /dev/null +++ b/resources/chaosknoten/auth-dns/zones/3.2.0.0.0.0.0.f.0.b.4.1.0.0.a.2.ip6.arpa.zone @@ -0,0 +1,43 @@ +$TTL 7200 + +@ IN SOA ns.hamburg.ccc.de. haegar.ccc.de. ( + 2025020102 + 10800 + 3600 + 3600000 + 86400 ) + + IN NS ns.hamburg.ccc.de. + IN NS ns.vie.ccc.de. + +; ccchh firewall / tunnelendpunkte: +1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR fwhh.hamburg.ccc.de. + +6.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR jabber.hamburg.ccc.de. +3.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR ns.hamburg.ccc.de. +0.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR rproxy.hamburg.ccc.de. +2.2.1.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR oldturing.hamburg.ccc.de. +3.3.1.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR gitlab-intern.hamburg.ccc.de. +5.3.1.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR fftest.hamburg.ccc.de. +4.1.0.0.0.0.0.0.0.0.0.0.8.4.0.0 IN PTR wiki.attraktor.org. +1.0.0.0.0.0.0.0.0.1.2.0.0.5.0.0 IN PTR lokal.ccc.de. +1.0.0.0.0.0.0.0.2.1.2.0.0.5.0.0 IN PTR eh20.hamburg.ccc.de. +1.0.0.0.0.0.0.0.3.1.2.0.0.5.0.0 IN PTR cryptoparty.hamburg.ccc.de. + +1.0.0.0.0.0.0.0.0.4.1.0.1.5.0.0 IN PTR shellhost.hamburg.ccc.de. + +1.0.0.0.0.0.0.0.0.3.1.0.1.5.0.0 IN PTR unallocated.hamburg.ccc.de. +1.0.0.0.0.0.0.0.1.3.1.0.1.5.0.0 IN PTR cms.hamburg.ccc.de. +1.0.0.0.0.0.0.0.2.3.1.0.1.5.0.0 IN PTR lists.hamburg.ccc.de. +1.0.0.0.0.0.0.0.3.3.1.0.1.5.0.0 IN PTR cow.hamburg.ccc.de. +1.0.0.0.0.0.0.0.4.3.1.0.1.5.0.0 IN PTR srv01.hamburg.freifunk.net. +1.0.0.0.0.0.0.0.5.3.1.0.1.5.0.0 IN PTR fftest.hamburg.ccc.de. +1.0.0.0.0.0.0.0.6.3.1.0.1.5.0.0 IN PTR git.hamburg.ccc.de. +1.0.0.0.0.0.0.0.7.3.1.0.1.5.0.0 IN PTR unallocated.hamburg.ccc.de. +1.0.0.0.0.0.0.0.8.3.1.0.1.5.0.0 IN PTR unallocated.hamburg.ccc.de. +1.0.0.0.0.0.0.0.9.3.1.0.1.5.0.0 IN PTR jitsi.hamburg.ccc.de. +1.0.0.0.0.0.0.0.0.4.1.0.1.5.0.0 IN PTR shells.hamburg.ccc.de. +1.0.0.0.0.0.0.0.1.4.1.0.1.5.0.0 IN PTR mumble.hamburg.ccc.de. +1.0.0.0.0.0.0.0.2.4.1.0.1.5.0.0 IN PTR regio-stage.hamburg.ccc.de. +1.0.0.0.0.0.0.0.4.0.2.0.1.5.0.0 IN PTR eh22hub.hamburg.ccc.de. +1.0.0.0.0.0.0.0.5.0.2.0.1.5.0.0 IN PTR eh22hub-meta.hamburg.ccc.de. diff --git a/resources/chaosknoten/auth-dns/zones/3.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone b/resources/chaosknoten/auth-dns/zones/3.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone new file mode 100644 index 0000000..3b3921c --- /dev/null +++ b/resources/chaosknoten/auth-dns/zones/3.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone @@ -0,0 +1,15 @@ +$TTL 7200 + +@ IN SOA ns.hamburg.ccc.de. haegar.ccc.de. ( + 2023072900 + 10800 + 3600 + 3600000 + 86400 ) + + IN NS ns.hamburg.ccc.de. + IN NS ns.vie.ccc.de. + +; 2a00:14b0:4200:3000:123::1 + +1.0.0.0.0.0.0.0.0.0.0.0 IN PTR unused.hamburg.ccc.de. diff --git a/resources/chaosknoten/auth-dns/zones/4.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone b/resources/chaosknoten/auth-dns/zones/4.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone new file mode 100644 index 0000000..4bba9bc --- /dev/null +++ b/resources/chaosknoten/auth-dns/zones/4.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone @@ -0,0 +1,15 @@ +$TTL 7200 + +@ IN SOA ns.hamburg.ccc.de. haegar.ccc.de. ( + 2023072900 + 10800 + 3600 + 3600000 + 86400 ) + + IN NS ns.hamburg.ccc.de. + IN NS ns.vie.ccc.de. + +; 2a00:14b0:4200:3000:124::1 + +1.0.0.0.0.0.0.0.0.0.0.0 IN PTR unused.hamburg.ccc.de. diff --git a/resources/chaosknoten/auth-dns/zones/5.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone b/resources/chaosknoten/auth-dns/zones/5.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone new file mode 100644 index 0000000..8eeaf64 --- /dev/null +++ b/resources/chaosknoten/auth-dns/zones/5.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone @@ -0,0 +1,15 @@ +$TTL 7200 + +@ IN SOA ns.hamburg.ccc.de. haegar.ccc.de. ( + 2023072900 + 10800 + 3600 + 3600000 + 86400 ) + + IN NS ns.hamburg.ccc.de. + IN NS ns.vie.ccc.de. + +; 2a00:14b0:4200:3000:125::1 + +1.0.0.0.0.0.0.0.0.0.0.0 IN PTR public-reverse-proxy.hamburg.ccc.de. diff --git a/resources/chaosknoten/auth-dns/zones/6.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone b/resources/chaosknoten/auth-dns/zones/6.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone new file mode 100644 index 0000000..1545084 --- /dev/null +++ b/resources/chaosknoten/auth-dns/zones/6.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone @@ -0,0 +1,15 @@ +$TTL 7200 + +@ IN SOA ns.hamburg.ccc.de. haegar.ccc.de. ( + 2023073001 + 10800 + 3600 + 3600000 + 86400 ) + + IN NS ns.hamburg.ccc.de. + IN NS ns.vie.ccc.de. + +; 2a00:14b0:4200:3000:126::1 + +1.0.0.0.0.0.0.0.0.0.0.0 IN PTR chaosknoten.hamburg.ccc.de. diff --git a/resources/chaosknoten/auth-dns/zones/Makefile b/resources/chaosknoten/auth-dns/zones/Makefile new file mode 100644 index 0000000..d3b6687 --- /dev/null +++ b/resources/chaosknoten/auth-dns/zones/Makefile @@ -0,0 +1,93 @@ + +CHANGED = $(shell git diff --name-only --relative -- '*.zone' ) + +export GIT_AUTHOR_NAME = "Bind Makefile" +#export GIT_AUTHOR_EMAIL = "$(shell whoami)@$(shell hostname -f)" +#export GIT_COMMITTER_NAME = $(GIT_AUTHOR_NAME) +#export GIT_COMMITTER_EMAIL = $(GIT_AUTHOR_EMAIL) + +all: rollover +install: rollover + +rollover: autoserial diff check reload eof + + +diff: + @echo "Diff Zones... " + @git diff -U0 -- $(CHANGED) \ + | grep -a -v -E '^(diff |index |---|@@)' \ + | sed -e 's/^[+]* .\/\([^ ]*\).*/=> \1/' + +autoserial: + @for file in $(CHANGED); do \ + perl -p -i -e 'if ($$p =~ /[\t\s]+IN[\t\s]+SOA[\t\s]+/) { $$stamp = sprintf("%4.4d%02.2d%02.2d", (localtime)[5]+1900, (localtime)[4]+1, (localtime)[3]); $$count = (/$$stamp([0-9]{2})/)? $$1 + 1: 1; s/[0-9]+/sprintf("%s%02.2d", $$stamp, $$count)/e; } $$p = $$_;' $$file; \ + done + +check: + @echo "Checking Configs... " + @if ! named-checkconf /etc/bind/named.conf; then \ + echo "FIX THE ERROR AND TRY AGAIN"; \ + exit 1 ; \ + fi + + @echo "Checking Zones... " + @named-checkconf -j -p /etc/bind/named.conf \ + | perl -e 'my $$zone = ""; while (<>) { if (/^\s+zone\s+\"(.*)\"/) { $$zone = $$1; } elsif (($$zone ne "") && /^\s+file\s+\"(.*?)\"/) { print "$$zone $$1\n"; $$zone = ""; } }' \ + | sort \ + | uniq \ + | while read zone file; do \ + echo "FOO: zone: $$zone file: $$file"; \ + if [ -z "$$file" -o "$$zone" = "key" ] ; then \ + continue ; \ + fi ; \ + if echo -n "$$zone" | grep -q -E '(sc-eur.com|db.root|named.dump|named.stats)'; then \ + continue; \ + fi; \ + if ! named-checkzone -q -i "full" $$zone $$file; then \ + named-checkzone -i "full" $$zone $$file; \ + echo "FIX THE ERROR AND TRY AGAIN"; \ + exit 1 ; \ + fi; \ + done + +#@echo "Checking CNAMEs and PTRs... " +#@grep -l -E '.*(PTR|CNAME).*[^.]*[.][^.]*[^.]$$' *.* \ +#| grep -v '\.sh$$' \ +#| while read file; do \ +# echo "$$file: DO NOT FORGET THE LAST DOT"; \ +# grep -E '.*(PTR|CNAME).*[^.]*[.][^.]*[^.]$$' $$file; \ +# exit 1 ; \ +#done + +reload: + @while [ "$$answer" = "" ]; do \ + echo -n "Do you want to reload all zones ? [yes] "; \ + read answer; \ + case $$answer in \ + [Yy]|[Yy][Ee][Ss]) \ + answer="yes"; \ + break; \ + ;; \ + [Nn]|[Nn][Oo]) \ + answer="no"; \ + break; \ + ;; \ + "") \ + answer="yes"; \ + break; \ + ;; \ + *) \ + answer=""; \ + ;; \ + esac; \ + done; \ + if [ "$$answer" = "yes" ]; then \ + etckeeper commit "Changed DNS Zones: $(CHANGED)" ; \ + rndc reload; \ + else \ + echo "Server reload aborted"; \ + exit 1 ; \ + fi + +eof: + @echo "DONE -- That's all folks!" diff --git a/resources/chaosknoten/auth-dns/zones/ccchh.net.zone b/resources/chaosknoten/auth-dns/zones/ccchh.net.zone new file mode 100644 index 0000000..f95ee63 --- /dev/null +++ b/resources/chaosknoten/auth-dns/zones/ccchh.net.zone @@ -0,0 +1,72 @@ +$ORIGIN . +$TTL 900 ; 15 minutes +ccchh.net IN SOA ns1.ccchh.net. noreply.ccchh.net. ( + 2026042801 ; serial + 86400 ; refresh (1 day) + 7200 ; retry (2 hours) + 3600000 ; expire (5 weeks 6 days 16 hours) + 7200 ; minimum (2 hours) + ) + NS ns.vie.ccc.de. + NS ns.hamburg.ccc.de. +$ORIGIN ccchh.net. +aes A 212.12.48.125 +club-assistant AAAA 2a07:c481:1:d0::a +;_acme-challenge.club-assistant CNAME d50ad73a-f82d-4244-87f0-6f5195b37d21.auth.acmedns.hamburg.ccc.de +club-assistant.z9 AAAA 2a07:c481:1:d0::a +;_acme-challenge.club-assistant.z9 CNAME 0efa74d1-7dcd-478b-bdc5-5b76d0f07642.auth.acmedns.hamburg.ccc.de +esphome AAAA 2a07:c481:1:d0::66 +esphome.z9 AAAA 2a07:c481:1:d0::66 +zigbee2mqtt A 185.161.129.132 +light AAAA 2a07:c481:1:d0::16 +_acme-challenge.light CNAME e59f55ee-9013-469d-a146-a159721b6fea.auth.acmedns.hamburg.ccc.de. +light.z9 AAAA 2a07:c481:1:d0::16 +_acme-challenge.light.z9 CNAME 3bc9e7ce-03dd-4533-a059-b5d38407eaa5.auth.acmedns.hamburg.ccc.de. +light-werkstatt AAAA 2a07:c481:1:d0::16 +_acme-challenge.light-werkstatt CNAME f408acc0-d9f5-4525-bb01-28938e3bb7d0.auth.acmedns.hamburg.ccc.de. +mailserver-endpoint A 82.165.121.46 +ns1 A 185.161.129.133 +send-only-mail MX 10 send-only-mailserver + TXT "v=spf1 mx -all" +send-only-mailserver A 82.165.121.46 +send-only-mailserver-access A 185.161.129.132 +thinkcccore0 AAAA 2a07:c481:1:f2::3 +thinkcccore0.z9 AAAA 2a07:c481:1:f2::3 +thinkcccore1 AAAA 2a07:c481:1:f2::4 +thinkcccore1.z9 AAAA 2a07:c481:1:f2::4 +opnsense AAAA 2a07:c481:1:f2::1 +opnsense.z9 AAAA 2a07:c481:1:f2::1 +pbs AAAA 2a07:c481:1:f2::4 +thinkcccore2 AAAA 2a07:c481:1:f2::5 +thinkcccore2.z9 AAAA 2a07:c481:1:f2::5 +thinkcccore3 AAAA 2a07:c481:1:f2::6 +thinkcccore3.z9 AAAA 2a07:c481:1:f2::6 +miniscccore0 AAAA 2a07:c481:1:f2::9 +miniscccore0.z9 AAAA 2a07:c481:1:f2::9 +uptime-kuma A 185.161.129.132 +status AAAA 2a07:c481:1:ce::a +status.z9 AAAA 2a07:c481:1:ce::a +wiki A 212.12.48.125 +hmdooris-ccu A 10.31.208.202 +buba A 10.31.211.137 +buba.z9 A 10.31.211.137 +dooris AAAA 2a07:c481:1:d0::1c +_acme-challenge.dooris CNAME 37caae1f-b77f-4eb1-aa71-dc3f7ed24360.auth.acmedns.hamburg.ccc.de +waybackproxy A 10.31.208.99 +yate A 10.31.208.12 +staubiv2 A 10.31.210.233 +staubiv2.z9 A 10.31.210.233 +; Mail: hosts.z9.ccchh.net +hosts.z9 MX 10 cow.hamburg.ccc.de + TXT "v=spf1 mx -all" +dkim._domainkey.hosts.z9 TXT ("v=DKIM1;k=rsa;t=s;s=email;" + "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvsdypQ/tlrzto5KVP" + "5o7tEblXK/hOVRFB683uODzo26XTFMSRGjumMuo/tej59GMePdUu0uIsdq8hfj8" + "ot0R2OQNazdyp4NW4TUWfFGJ4S2f6LR3lE3I5Lw7fHiYHz0GnCGTqZIItkHK+xQ" + "i5Fdhwd1YbFJtO0XiZ0jY5w6pvny6pEH8WaKX85rEmz2zqCtpiYPRPmoK/Tn+rV" + "2e8fVioMRm9W8E4PU42WLds66qOkFR0KjKIavE6y7JahESEoVGcVnSPdtMOX0Ln" + "KbSMQNrTvNbBoPdLYvNaXOw7TmVPKjDV+FRCIIdK+m0fL82/vm5jPBvDr5+WlM1" + "xV/P/KlSnQIDAQAB") +$ORIGIN send-only-mail.ccchh.net. +_dmarc TXT "v=DMARC1;p=quarantine;" +key._domainkey TXT "v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDqduM4+SQ+IQ2uAxbjFkd+0hAjohTgT3nM76jyrWGHJ8TizNU2PGkta0NjCq+m9VLBZUjIJphW2vrnlJsnN0JkGAdoLBL3Qs0kShT6V+xsxslZG2KHApihnJUp34tPSMES+aTnD+jEPGyxFLeoiK+3gywNhCGalHSQ+G88Z2n59wIDAQAB" diff --git a/resources/chaosknoten/auth-dns/zones/eh20.easterhegg.eu.zone b/resources/chaosknoten/auth-dns/zones/eh20.easterhegg.eu.zone new file mode 100644 index 0000000..ee28f2b --- /dev/null +++ b/resources/chaosknoten/auth-dns/zones/eh20.easterhegg.eu.zone @@ -0,0 +1,27 @@ +$TTL 7200 + +@ IN SOA ns.hamburg.ccc.de. mail.hamburg.ccc.de. ( + 2025021101 + 10800 + 3600 + 3600000 + 86400 ) + + IN NS ns.hamburg.ccc.de. + IN NS ns.vie.ccc.de. + + IN MX 5 nomail.ccc.de. + ;IN MX 10 local-mail.hamburg.ccc.de. + IN MX 10 vworker02.irz42.net. + IN MX 23 nomail2.ccc.de. + IN MX 42 nomail3.ccc.de. + + IN TXT "v=spf1 mx ip4:144.76.16.19/32 ip4:212.12.51.133/32 ip6:2a01:4f8:191:331::2/128 ip6:2a00:14b0:f000:23:51:133:0:1/128 ~all" + + IN A 212.12.48.125 + IN AAAA 2a00:14b0:4200:3000:125::1 + +localhost IN A 127.0.0.1 + +* IN CNAME @ +www IN CNAME @ diff --git a/resources/chaosknoten/auth-dns/zones/eh22.easterhegg.eu.zone b/resources/chaosknoten/auth-dns/zones/eh22.easterhegg.eu.zone new file mode 100644 index 0000000..0d936e6 --- /dev/null +++ b/resources/chaosknoten/auth-dns/zones/eh22.easterhegg.eu.zone @@ -0,0 +1,45 @@ +$TTL 600 + +@ IN SOA ns.hamburg.ccc.de. mail.hamburg.ccc.de. ( + 2026033101 + 10800 + 3600 + 3600000 + 86400 ) + + IN NS ns.hamburg.ccc.de. + IN NS ns.vie.ccc.de. + + IN A 212.12.48.125 + IN AAAA 2a00:14b0:4200:3000:125::1 + + IN MX 10 cow.hamburg.ccc.de. +;autodiscover IN CNAME cow.hamburg.ccc.de. +;_autodiscover._tcp IN SRV 10 cow.hamburg.ccc.de. 443 +;autoconfig IN CNAME cow.hamburg.ccc.de + + IN TXT "v=spf1 mx ip4:144.76.16.19/32 ip4:212.12.51.133/32 ip6:2a01:4f8:191:331::2/128 ip6:2a00:14b0:f000:23:51:133:0:1/128 ~all" +;_dmarc IN TXT **TODO** + +dkim._domainkey IN TXT ( "v=DKIM1;k=rsa;t=s;s=email;p=MIIBIjANBgkqhk" + "iG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoWo7mbis3REqBURP3ZQZwOY7RSsS7" + "TY9eFHvW/O83YseEHoIQmeKkHj1lRrP+6Jhow2XngveBzt/m5AQclLVMURt5" + "2zsLCtiXxOYMLIIAgFOfxGjMdfqh9+X0wuOqHgoZiP2uBfAWLKfV/CZcovI/" + "0d2d7vQvc+7PJwZ9htoIu3NesasOFsrhv1yfFJidC87focQdaVKfD9cF68/w" + "2Ri2TGzcSQHAiIxJq3MgawSJZiyVD+psZdzZDB1YIw8NJxmDskzFicTLrYyH" + "8XOf5f5lOWjRYrfe0H8sAe1NBb/OP2T7Qs3S9DQosMSPwyALC3FPZKsVMbtI" + "mr8F+J+M/H9QIDAQAB" ) + +localhost IN A 127.0.0.1 + +intern IN A 172.31.17.212 +cfp IN CNAME public-reverse-proxy.hamburg.ccc.de. +_acme-challenge.cfp CNAME 295a66d4-1d71-49f3-a80a-1f7527ec9cca.auth.acmedns.hamburg.ccc.de. +netbox IN CNAME public-reverse-proxy.hamburg.ccc.de. +presale IN A 78.47.203.122 + IN AAAA 2a01:4f8:1c17:b147::2 +pretix IN A 78.47.203.122 + IN AAAA 2a01:4f8:1c17:b147::2 +engel IN A 167.235.129.15 + IN AAAA 2a01:4f8:1c1b:e967::1 +radius IN A 94.45.254.130 diff --git a/resources/chaosknoten/auth-dns/zones/hamburg.ccc.de.zone b/resources/chaosknoten/auth-dns/zones/hamburg.ccc.de.zone new file mode 100644 index 0000000..17f4dd7 --- /dev/null +++ b/resources/chaosknoten/auth-dns/zones/hamburg.ccc.de.zone @@ -0,0 +1,590 @@ +; es wird jetzt der hostname mail.hamburg.ccc.de nicht mehr +; verwendet, sondern statt dessen local-mail.hamburg.ccc.de +; die popeye fuehlt sich immer noch unter mail.hamburg.ccc.de +; angesprochen, und nimmt daher keine mails mit absender-adressen +; die sie nicht kennt an. +; ich hoffe diese aenderung arbeitet um diesen bug herum. +; - haegar 2001.11.14 + +$TTL 7200 +@ IN SOA ns.hamburg.ccc.de. haegar.ccc.de. ( + 2026042903 + 10800 + 3600 + 3600000 + 86400 ) + + IN NS ns.hamburg.ccc.de. + IN NS ns.vie.ccc.de. + +$TTL 60 + IN MX 10 cow.hamburg.ccc.de. +; IN MX 10 local-mail.hamburg.ccc.de. +$TTL 7200 + IN TXT "v=spf1 mx ip4:212.12.51.133 ip6:2a00:14b0:f000:23:51:133:0:1 ip4:212.12.48.122 ip6:2a00:14b0:4200:3000:122::1 -all" + + IN A 212.12.48.125 + IN AAAA 2a00:14b0:4200:3000:125::1 + +dkim._domainkey IN TXT ("v=DKIM1;k=rsa;t=s;s=email;" + "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4wZRajtsQTrVgXco7" + "1E2T+UDRxzzXJ+0F7m1UHiPpsjGQJ4Njs4Zc6qC21FLxhUIRFURy9mZ2mGk6hnL" + "w6wi0xm0N3MOH8BG/omPfWJcH4C1XXMk6trYSjhKQb4FzNbusAFoldIdwtt/aa/" + "GJBvRD+XYulvuyqolD2SGY62tAiXqls4ik2ZiDrIv+Dglg8b8fD4kzqe/aXlUvD" + "j3hCMHmyjE8mn8lYnS0QfSnV8NlqKwOhF+iwqfrhMI2bZFCQ+td03RtQjaXw5W+" + "30NMcOv6Se4vPDl4nUIBJZ/wP3CBz1k66VShHB+un7SxoUQuW0+oDqN4QHH338b" + "2dDOoBJndwIDAQAB") +_dmarc IN TXT "v=DMARC1;p=none;sp=none;pct=100;rua=mailto:dmarc-report@hamburg.ccc.de;ruf=mailto:dmarc-report@hamburg.ccc.de;ri=86400;aspf=r;adkim=r;fo=1" + + +;_sip._udp IN SRV 10 0 5060 vermittlung +;_sip._tcp IN SRV 10 4 5060 vermittlung +;_sips._tcp IN SRV 10 4 5060 vermittlung + +_xmpp-client._tcp IN SRV 10 0 5222 jabber +_xmpp-server._tcp IN SRV 10 0 5269 jabber +_xmpp-client._tcp.jabber IN SRV 10 0 5222 jabber +_xmpp-server._tcp.jabber IN SRV 10 0 5269 jabber + +localhost IN A 127.0.0.1 + +dante._domainkey IN TXT ( "v=DKIM1;k=rsa;t=s;s=email;" + "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzMLFoEXbD/IgP6TIz2KDZudbnYtcJ4QjdWiwEP5NMvugymzDCiLaKTwNUFycKA1TvW0Y7/x0EEgqcSjfV87GU8xs6qsArgbQWBCs9gPBInbA8LBX9RN/JX30pESh+jGfdNWl7mWkkyVuONUgy/vFHWswJZ72Lg96gyBBCAR1ABC7qM8PYjoFFlRR76PfZNV8YHRBM/1ypQthtjPf" + "NKhV8MksNIXPKhcQwy6/JAVpkUunVpOrsuf2K6RFVMrVNUEtEYkpZUPtnoTYwaB0rRLg0f+InHzKZx2uv6JexyWZOwxsv8Bv1I+jdiEkQMw9kORZ81sv2mcUO+0PubeYVpvWAwIDAQAB" ) +hansenerd._domainkey IN TXT ( "v=DKIM1; k=rsa; " + "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDlxTgmc5Fe2aQc5razQYlk3OBGNePuevJQ7YVp5j5IM0ukBLM1erTR6DLZZvoGd2puKvfjlvejR3GRY4YXeZkCJoS0ZjwpR3Tfy8PzUbPNMt5e/buHGK1v+9E9zrl4vrxgYYYlYqjl1HF1K9oE5yPI1AIeUxzZpduheJASlxr9VwIDAQAB" ) ; + + +; VMWare ESXi Host: +worker IN A 212.12.48.123 +worker-ipmi IN A 212.12.51.136 +; Proxmox Host: +chaosknoten IN A 212.12.48.126 + IN AAAA 2a00:14b0:4200:3000::126:1 +;chaosknoten-ipmi IN A 212.12.51.137; unused public IP +chaosknoten-ipmi IN A 44.128.124.4 + +; DMZ-Server: +dmz-net IN A 212.12.50.208 + +turing IN A 212.12.48.122 + IN AAAA 2a00:14b0:4200:3000:122::1 + IN MX 10 cow.hamburg.ccc.de. +turing-chaosvpn IN AAAA 2001:6f8:126f:11::3 + IN A 172.31.17.1 +turing-vpn IN CNAME turing-chaosvpn +turing-vpngw IN A 212.12.48.122 + IN AAAA 2a00:14b0:4200:3000:122::1 +turing-vzhost IN A 172.31.17.1 + IN AAAA 2a00:14b0:4200:3000:122::1 + IN MX 10 cow.hamburg.ccc.de. +turing-vzhost2 IN CNAME turing-vzhost +turing-router IN A 172.31.17.129 + +turing-new IN A 172.31.17.132 + +oldturing IN A 172.31.17.122 + IN AAAA 2a00:14b0:f000:23::122 + IN MX 10 cow.hamburg.ccc.de. +turing-intern IN CNAME oldturing +turing-intern2 IN A 172.31.17.142 + IN AAAA 2a00:14b0:f000:23::122 + +ns IN A 212.12.48.122 + IN AAAA 2a00:14b0:f000:23::53 + IN MX 10 cow.hamburg.ccc.de. +ns-intern IN A 172.31.17.53 + IN AAAA 2a00:14b0:f000:23::53 +ns-intern2 IN A 172.31.17.153 + IN AAAA 2a00:14b0:f000:23::53 + +vpn IN A 212.12.48.122 + ; ipv4 only! +www.vpn IN CNAME vpn +cvpn-dns IN A 172.31.0.5 +chaosvpn-dns IN A 172.31.17.136 + +turing-db IN A 172.31.17.135 + IN MX 10 cow.hamburg.ccc.de. + +jabber IN A 212.12.48.122 + IN AAAA 2a00:14b0:f000:23::26 + IN MX 5 nomail.ccc.de. + IN MX 10 cow.hamburg.ccc.de. +jabber-intern IN A 172.31.17.134 + IN AAAA 2a00:14b0:f000:23::26 + IN MX 5 nomail.ccc.de. + IN MX 10 cow.hamburg.ccc.de. + +gitlab IN A 212.12.48.122 + IN AAAA 2a00:14b0:4200:3000:122::1 + ; ipv6 also has DNAT rules +gitlab-intern IN A 172.31.17.133 + IN AAAA 2a00:14b0:f000:23::133 + IN MX 5 nomail.ccc.de. + IN MX 10 cow.hamburg.ccc.de. + +gitlab-cr IN CNAME gitlab + +gitlab-test IN A 212.12.48.122 + IN AAAA 2a00:14b0:4200:3000:122::1 + ; ipv6 also has DNAT rules +gitlab-test-intern IN A 172.31.17.138 + IN AAAA 2a00:14b0:f000:23::138 + IN MX 5 nomail.ccc.de. + IN MX 10 cow.hamburg.ccc.de. + +gitlab-runner IN A 172.31.17.139 + IN MX 5 nomail.ccc.de. + IN MX 10 cow.hamburg.ccc.de. + +lists IN A 212.12.51.132 + IN AAAA 2a00:14b0:f000:23:51:132:0:1 + IN MX 10 lists + IN TXT "v=spf1 mx -all" +dkim._domainkey.lists IN TXT ( "v=DKIM1; h=sha256; k=rsa; " + "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvNlbGPBluV3q3eT1C6nJ" + "8KuSNAx9ycTO0urNkz4In1I2srmK8qPTfqfPU7y5kjHM1oC31+LwVNiyzeIQl" + "cdW00DMTHfzkQAjtdDXgKG5db4Dqw+2wtZfLGvBFOSfV0RspZmSDSN6ON81dk" + "lVABMMOA7Vd8wwIj0ms/gb/+AB0IQIDAQAB" ) +ccchoir-intern IN A 172.31.17.156 + +cow IN A 212.12.51.133 + IN AAAA 2a00:14b0:f000:23:51:133:0:1 + IN MX 10 cow +cow-intern IN A 172.31.17.201 +auth-dns IN A 212.12.48.124 +auth-dns IN AAAA 2a00:14b0:4200:3000:124::1 + +cowtest IN MX 10 cow + IN TXT "v=spf1 mx -all" +dkim._domainkey.cowtest IN TXT ("v=DKIM1;k=rsa;t=s;s=email;p=" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy5aAMRgFdGdG+Ewmn" + "OZb8gdCjSSoFjTxu/GW9edVWU0zsRRQT9r6oF82Cn05jEKNra3D8tE48jBaDQ" + "GOAFa4BgjxiIfP/D36CaN2JT5sno3faSBkqaKoBG0zRD2UsNj/ROfHB844BOf" + "AUt4KFMMHUfO03Gu6ps9nq/QBsrR5Iq6sMv9WiftKjh4twS4S+Wz7ZXymY3yd" + "jRLI8r48pASg6IoiByV8kR3r7OZw9dzmNgbTCOEyKaicB4KJDjgJvQut8af8g" + "sYQYTCSPVqkwb5Y+yJNKhQmsYBwUX23x5Yng2gDBY/pjGeWl28SxdGhm8C23a" + "0wVCz4kQGNvcULnrzifwIDAQAB") +_autodiscover._tcp.cowtest IN SRV 0 1 443 cow +_caldavs._tcp.cowtest IN SRV 0 1 443 cow +_caldavs._tcp.cowtest IN TXT "path=/SOGo/dav/" +_carddavs._tcp.cowtest IN SRV 0 1 443 cow +_carddavs._tcp.cowtest IN TXT "path=/SOGo/dav/" +_imap._tcp.cowtest IN SRV 0 1 143 cow +_imaps._tcp.cowtest IN SRV 0 1 993 cow +_pop3._tcp.cowtest IN SRV 0 1 110 cow +_pop3s._tcp.cowtest IN SRV 0 1 995 cow +_sieve._tcp.cowtest IN SRV 0 1 4190 cow +_smtps._tcp.cowtest IN SRV 0 1 465 cow +_submission._tcp.cowtest IN SRV 0 1 587 cow + + +mail IN A 212.12.48.122 + IN MX 10 cow.hamburg.ccc.de. +local-mail IN A 172.31.17.201 ; make hosts with relayhost=local-mail work +;local-mail IN A 212.12.48.122 +; IN AAAA 2a00:14b0:f000:23::122 +; IN MX 10 cow.hamburg.ccc.de. + +jitsi-old IN A 49.12.8.103 + IN AAAA 2a01:4f8:c17:392f::1 +jitsi IN A 212.12.51.139 + IN AAAA 2a00:14b0:f000:23:51:139:0:1 + +mumble IN A 212.12.51.141 + IN AAAA 2a00:14b0:f000:23:51:141:0:1 + + +id IN A 212.12.48.125 + IN AAAA 2a00:14b0:4200:3000:125::1 +keycloak-admin IN A 212.12.48.125 + IN AAAA 2a00:14b0:4200:3000:125::1 +invite IN A 212.12.48.125 + IN AAAA 2a00:14b0:4200:3000:125::1 +id IN MX 10 cow + IN TXT "v=spf1 mx -all" +dkim._domainkey.id IN TXT ("v=DKIM1;k=rsa;t=s;s=email;p=" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx6wcQjo7qgb1CMOv5" + "6odc7Ef8rocu3bv3JKBIqL/msuoEFOiXGpPZrwcWQJc7lS5tLTxR5XuP02D3D" + "Vif+8D3R8YzLsNMdLZ5moQacdJK2OFFiet2G3kWjBdKH1em9FwMa0MBWlk6LR" + "YWRgsByFBMNIItwkBmqmNrmrPRneRprLYQCf34McDmkzpzUpFdF5sgmbmDpdX" + "genmqXgBopvmnTeXa+kQnoVgrMyWE41zdWaXrDAtoYye3e31j0Nxhnfg+I7vO" + "XPfmatTH7yieDaLG+3kHjbA3WFyAkb/ZAqZaFM8k6cQJEZb7jDzdKlm1fuPrk" + "YUrfZ1V3pglzdm0QbM4wIDAQAB") + +aes-intern IN A 172.31.17.145 +tickets-intern IN A 172.31.17.148 +grafana-intern IN A 172.31.17.145 +loki-intern IN A 172.31.17.145 +eh22-netbox-intern IN A 172.31.17.166 +sunders-intern IN A 172.31.17.170 +renovate-intern IN A 172.31.17.171 +netbox-intern IN A 172.31.17.167 +matrix-intern IN A 172.31.17.150 +; have this for compatibility (like references in CI) +public-web-static-intern IN AAAA 2a00:14b0:42:102::17 +pretalx-intern IN A 172.31.17.157 +zammad-intern IN A 172.31.17.152 +nixos-template-intern IN A 172.31.17.200 +git-intern IN A 172.31.17.154 +forgejo-actions-runner-intern IN A 172.31.17.155 +nix-box-june-intern IN A 172.31.17.158 +woodpecker-intern IN A 172.31.17.160 +mjolnir-intern IN A 172.31.17.161 +mjolnir-ng-intern IN A 172.31.17.169 +penpot-intern IN A 172.31.17.162 +penpot-ng-intern IN A 172.31.17.168 +hydra-intern IN A 172.31.17.163 +forgejo-runner-builder IN A 172.31.17.202 +renovate-forgejo IN A 172.31.17.163 +ansible-testing-intern IN A 172.31.17.164 +ntfy-intern IN A 172.31.17.149 +status IN AAAA 2a00:14b0:f001:100::fd +status IN A 212.12.50.253 +design IN A 212.12.48.125 + IN AAAA 2a00:14b0:4200:3000:125::1 + IN MX 10 cow + IN TXT "v=spf1 mx -all" +dkim._domainkey.design IN TXT ("v=DKIM1;k=rsa;t=s;s=email;p=" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtod7q+mkIcZFe512v" + "jzXF0UfGmo8R6UxeJ/MCi/qjjN+sSqn4dohQx3NBhK3UF9/8Ze7FT5znTxeWj" + "Ks+le/dSS4CKxjSFAV1FjcaAqrUaxO1V8+fxcUSVzAQZXUVyNqqv+SAFUVJSE" + "3zZIuJim4F1HVVLvwbLJZ450ns8KQ7n3RNY2+mqQoxo8xmMg2QFOoQKlSYspC" + "TRTV4LM/n5Jm7Mm1F5DwJ+7Ie9s/WvTWKKKUExmoa5SNheGcfybC+sqnJu7L0" + "F5dWFwk0zzQDcVSY2m9qFWPEuO2fZmiB4IoG4yXkooSY2sH9Z8eX2+6i3k/ub" + "qx58Mav6VlkTxsOAdbbQIDAQAB") +hydra IN A 212.12.48.125 +regio-stage IN A 212.12.51.142 + AAAA 2a00:14b0:f000:23:51:142:0:1 + +public-reverse-proxy IN A 212.12.48.125 + IN AAAA 2a00:14b0:4200:3000:125::1 +public-reverse-proxy-intern IN A 172.31.17.140 +router IN A 212.12.48.123 + +rproxy IN A 212.12.48.122 + IN AAAA 2a00:14b0:4200:3000:122::1 + IN MX 10 cow.hamburg.ccc.de. +rproxy-intern IN A 172.31.17.180 + IN AAAA 2a00:14b0:f000:23::80 + IN MX 10 cow.hamburg.ccc.de. + +bildungsurlaub IN CNAME rproxy +doku IN CNAME rproxy +test IN CNAME rproxy +www.test IN CNAME rproxy +eh2003 IN CNAME public-reverse-proxy +www.eh2003 IN CNAME public-reverse-proxy +easterhegg2003 IN CNAME public-reverse-proxy +www.easterhegg2003 IN CNAME public-reverse-proxy +eh2005 IN CNAME public-reverse-proxy +www.eh2005 IN CNAME public-reverse-proxy +easterhegg2005 IN CNAME public-reverse-proxy +www.easterhegg2005 IN CNAME public-reverse-proxy +eh2007 IN CNAME public-reverse-proxy +www.eh2007 IN CNAME public-reverse-proxy +eh07 IN CNAME public-reverse-proxy +www.eh07 IN CNAME public-reverse-proxy +easterhegg2007 IN CNAME public-reverse-proxy +www.easterhegg2007 IN CNAME public-reverse-proxy +eh2009 IN CNAME public-reverse-proxy +www.eh2009 IN CNAME public-reverse-proxy +eh09 IN CNAME public-reverse-proxy +www.eh09 IN CNAME public-reverse-proxy +easterhegg2009 IN CNAME public-reverse-proxy +www.easterhegg2009 IN CNAME public-reverse-proxy +eh2011 IN CNAME public-reverse-proxy +www.eh2011 IN CNAME public-reverse-proxy +eh11 IN CNAME public-reverse-proxy +www.eh11 IN CNAME public-reverse-proxy +easterhegg2011 IN CNAME public-reverse-proxy +www.easterhegg2011 IN CNAME public-reverse-proxy +eh20 IN CNAME public-reverse-proxy + +oldwiki IN CNAME rproxy +nonpublic.wiki IN CNAME rproxy +www.nonpublic.wiki IN CNAME rproxy +planet IN CNAME rproxy +www.planet IN CNAME rproxy +chaos-macht-schule IN CNAME rproxy +www.chaos-macht-schule IN CNAME rproxy + +branding-resources IN CNAME public-reverse-proxy +element IN CNAME public-reverse-proxy +matrix IN CNAME public-reverse-proxy +mas IN CNAME public-reverse-proxy +element-admin IN CNAME public-reverse-proxy +netbox IN CNAME public-reverse-proxy +woodpecker IN CNAME public-reverse-proxy +onlyoffice IN CNAME public-reverse-proxy +pad IN CNAME public-reverse-proxy +pretalx IN CNAME public-reverse-proxy +spaceapi IN CNAME public-reverse-proxy +staging IN CNAME public-reverse-proxy +wiki IN CNAME public-reverse-proxy +www IN CNAME public-reverse-proxy +ntfy IN CNAME public-reverse-proxy +sunders IN CNAME public-reverse-proxy +spaceapiccc IN CNAME public-reverse-proxy +acmedns IN CNAME public-reverse-proxy +cpuccc IN CNAME public-reverse-proxy +did IN CNAME public-reverse-proxy + + +auth.acmedns IN NS acmedns.hosts.hamburg.ccc.de. + +git IN A 212.12.51.136 + IN AAAA 2a00:14b0:f000:23:51:136::1 +git IN MX 10 cow + IN TXT "v=spf1 mx -all" +dkim._domainkey.git IN TXT ("v=DKIM1;k=rsa;t=s;s=email;p=" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsUGmKDns/qokxyz2u" + "lcyKIcs/S+zf+0wHCfhSOK4lLnws8U/wIny5FAW3zM/7TliqIftzZ2B0Cz8W6" + "YvmtgLyKqBzvCSG0dNYyy9TVeGM4HyrmLBbUkQdGGQwmoJTnCe9gT9z6GO9k2" + "uFfHJsk/iffU75x9iXqLXPGL/CGmLKuBmkYGda2rQ9ATUIpQhIxnerZvVc3RA" + "qwD8/pYvMLOqvCStVHM5Zi+j1Jr0BC8mxU8pIY6rfOVt+h/V3wh0F6dL0z9nw" + "ZhDE53K8frGp2CC5dW/A37FrfMJv+ODw2tX8EdyL2hDBshBQ4r8WiYJTtIMPL" + "50A9UzZndyiLAHoeLrZQIDAQAB") +hackertours IN A 212.12.48.125 + IN AAAA 2a00:14b0:4200:3000:125::1 + MX 10 cow.hamburg.ccc.de. + IN TXT "v=spf1 mx -all" +dkim._domainkey.hackertours IN TXT ("v=DKIM1;k=rsa;t=s;s=email;" + "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnG5J6rMvbOy7mmV4mKfN" + "7SSrtxKP/jI0XWwO2njO3jM6DkAGDpmRH69B5sOW/53/yg7MMdGytGfNAk61YJknP+" + "NGZNSk7F2p2aB+zoksLVcIKdY1YwicYS7l6Q7qWBfv8ctmGTzcwO0UEAizD6xdINN8" + "YmhHorgnxR3HbHeUmaxIe4WM2wWRYiD+9tpY1f0O/NEEoHxmFecRhU9SVmuhLgiOyF" + "AWpPYBMOsKEHoKREENc+4VBj6H2GYTKIs+dYKDNEmVVdnRkgtAVO3FrjCkedBJ7RbR" + "RNHIqdt9u8AF+Vrs1Oq72ZQrNVR0ezEyBScJaxy5JphvBWkMSYSoDpvXLwIDAQAB") +staging.hackertours IN A 212.12.48.125 + IN AAAA 2a00:14b0:4200:3000:125::1 +grafana IN A 212.12.48.125 + IN AAAA 2a00:14b0:4200:3000:125::1 +tickets IN A 212.12.48.125 + IN AAAA 2a00:14b0:4200:3000:125::1 +zammad IN A 212.12.48.125 + IN AAAA 2a00:14b0:4200:3000:125::1 + +loki IN CNAME grafana.hosts +metrics IN CNAME grafana.hosts + +; attraktor openvz vm +attraktor IN A 172.31.17.14 + IN AAAA 2a00:14b0:f000:23:48::14 + IN MX 10 cow.hamburg.ccc.de. +attraktor-intern IN A 172.31.17.14 + IN AAAA 2a00:14b0:f000:23:48::14 + IN MX 10 cow.hamburg.ccc.de. +attraktor-intern2 IN A 172.31.17.137 + IN MX 10 cow.hamburg.ccc.de. + +erfafoo IN A 212.12.51.138 + IN AAAA 2a00:14b0:f000:23:50:210::1 + IN MX 10 cow.hamburg.ccc.de. +local IN CNAME erfafoo +lokal IN CNAME erfafoo + +; fuer vollkorn: +;webfoo IN A 212.12.51.138 +; IN AAAA 2a00:14b0:4200:3380:138::1 +; IN MX 5 nomail.ccc.de. +; IN MX 10 cow.hamburg.ccc.de. + +; chaos macht schule server +cms IN A 212.12.51.131 +www.cms IN CNAME cms +schule IN CNAME cms +www.schule IN CNAME cms + +; Firewall: +ovpn IN A 212.12.48.122 +fwhh-v6 IN A 212.12.50.214 + +; (irc) nat ip +chaoscafe IN A 212.12.50.209 + +cloud IN A 212.12.48.125 + IN AAAA 2a00:14b0:4200:3000:125::1 +cloud IN MX 10 cow + IN TXT "v=spf1 mx -all" +dkim._domainkey.cloud IN TXT ("v=DKIM1;k=rsa;t=s;s=email;p=" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvr7XIfOFt99cdEKeP" + "Qhz7miwN2tIZF+imJ3p/r/kam0TKN5pbRMDK0HH4Jl8ksBDozXrLo+U71TX+m" + "XBBeNca4QSfmJh6cAesibf4v/6ssGBdQR7efc2b3dFvZS5/qdS7oLYqYbGpuv" + "aUB0gzhatrAR0i6HdtXrsJxGemda4WvZXaPLPwcWByHLZsHQUbaD3doZOJGXI" + "7+HQs9BuDo4PKQs1/mE5BEWQ0ISEKZ4bk1p8U0ZsfcdQ8o9X53Tj+JxvJHgxi" + "h7yHMr4y9hCOAkvZTFZ/Z/r3KU+N+t9NrVYm995KEernSxE3MXYIsdaFKBDvX" + "Xq837yzJmv7D9S9We3YwIDAQAB") +; Mail: hosts.hamburg.ccc.de +hosts IN MX 10 cow + IN TXT "v=spf1 mx -all" +dkim._domainkey.hosts IN TXT ("v=DKIM1;k=rsa;t=s;s=email;p=" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyFnskyCW0420D+5PA" + "L6cKmPoZR2nrPaMPiJl0+DbDhnsLdXtt3cKZkAin2GYQRvZJvlcJ3JFkFljmQ" + "sZk7BJ02rV7S79DgeFhKMzjE0p/GaMBSdzDZJQEVkKhEK+KBbSfaZ0FM/4Qh0" + "beI26kBgbR6bc+SGdB7+LB2JLPxr5ipP0gJ7RtE+QWIoDaU0e9dSYhucJ4A4k" + "RMs3ECvcCVgsyhRPJahs8tzbKjhnp956ru6Jda3Yo/ubhy4AztP/7ZQayCv/W" + "06PfZNo/i2711F98L2ATQaDsOCKWhpskyrCRcR1nTWNSL7qYhOPD1hZonsd5I" + "f5WwrR4meWD3wmXbX29wIDAQAB") +; Mail: hosts-external.hamburg.ccc.de +external-hosts IN MX 10 cow + IN TXT "v=spf1 mx -all" +dkim._domainkey.external-hosts IN TXT ("v=DKIM1;k=rsa;t=s;s=email;p=" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkfdJvL7Tpdw6JLkuU" + "nOLwtxojWZ5Xq6rLDK3EzrX2Tyeq03nqgQuI3ruHgodHb1D7sieU61x30+g7y" + "8HnjrN1bfH1iQJUzEOCgOWHwQEbLdbQxcazmbEdowBuA0VuYrXL2tcCFJwdcZ" + "MKZAyuba7leeRgSngZJnesT7aaGvZSuzLa1/KaW4MRbOOmy5LlukBC3EZBpWn" + "/dL73spDajlDx4VRMUpZQq/PAoPPwCFdw/HNnzxBYBIdVloeJx91qBRaNyUIb" + "C/to8YSDVi2aMHiXhTBfoNd1VcxjlBYWqEZtdUhecUjwmbbAO4f0ECO4bs0Yz" + "d/EgJB70ry1quA0MqgZQIDAQAB") + +; for thw: +orga IN A 212.12.51.130 + IN MX 23 nomail.ccc.de. + IN MX 42 orga + +shellhost IN A 212.12.51.140 + IN AAAA 2a00:14b0:f000:23:51:140:0:1 + IN MX 5 nomail.ccc.de. + IN MX 10 cow.hamburg.ccc.de. +shells IN CNAME shellhost + +; chaos vpn-hub on haegars hetzner machine +vpnhub1 IN A 136.243.3.60 + IN MX 5 nomail.ccc.de. + IN MX 10 mail.sdinet.de. +vpnhub1.ipv4 IN A 136.243.3.60 +vpnhub1-intern IN A 172.31.2.1 + +; special +ccchh IN MX 5 nomail.ccc.de. + IN MX 10 cow.hamburg.ccc.de. + +office IN CNAME office.hh.ccc.de. +officemail IN CNAME officemail.hh.ccc.de. + +template IN A 172.31.17.199 + IN AAAA 2a00:14b0:f000:23::199 + IN MX 10 cow.hamburg.ccc.de. + +irc IN A 176.56.239.136 + IN AAAA 2a00:d880:8:1::1aa + IN MX 5 nomail.ccc.de. + +;anonymizer IN A 192.162.102.224 +; IN MX 5 nomail.ccc.de. +; IN MX 10 anonymizer +;mixminion IN A 192.162.102.225 +; IN MX 5 nomail.ccc.de. +; IN MX 10 mixminion + +cryptoparty IN CNAME public-reverse-proxy +staging.cryptoparty IN CNAME public-reverse-proxy +cryptoparty-intern IN A 172.31.17.213 + +; Freifunk Gateways +freifunk-gw01 IN CNAME gw01.hamburg.freifunk.net. +freifunk-gw02 IN CNAME gw02.hamburg.freifunk.net. +freifunk-gw03 IN CNAME gw03.hamburg.freifunk.net. +freifunk-gw04 IN CNAME gw04.hamburg.freifunk.net. +freifunk-gw05 IN CNAME gw05.hamburg.freifunk.net. +freifunk-gw06 IN CNAME gw06.hamburg.freifunk.net. +freifunk-gw07 IN CNAME gw07.hamburg.freifunk.net. +freifunk-gw08 IN CNAME gw08.hamburg.freifunk.net. +freifunk-gw09 IN CNAME gw09.hamburg.freifunk.net. +freifunk-gw10 IN CNAME gw10.hamburg.freifunk.net. +freifunk-gw11 IN CNAME gw11.hamburg.freifunk.net. +freifunk-gw12 IN CNAME gw12.hamburg.freifunk.net. +freifunk-gw13 IN CNAME gw13.hamburg.freifunk.net. +freifunk-gw14 IN CNAME gw14.hamburg.freifunk.net. +freifunk-gw15 IN CNAME gw15.hamburg.freifunk.net. +freifunk-gw16 IN CNAME gw16.hamburg.freifunk.net. +freifunk-gw17 IN CNAME gw17.hamburg.freifunk.net. +freifunk-gw18 IN CNAME gw18.hamburg.freifunk.net. +freifunk-gw19 IN CNAME gw19.hamburg.freifunk.net. +freifunk-gw20 IN CNAME gw20.hamburg.freifunk.net. + +fftest IN A 212.12.51.135 + IN AAAA 2a00:14b0:f000:23::135 + +; Shellbordell +colossus IN A 212.12.51.133 + +; generic aliases +LAN-212-12-50-208.dmz-net IN A 212.12.50.208 +ip208 IN A 212.12.50.208 +ip209 IN A 212.12.50.209 +ip210 IN A 212.12.50.210 +ip211 IN A 212.12.50.211 +ip212 IN A 212.12.50.212 +ip213 IN A 212.12.50.213 +ip214 IN A 212.12.50.214 +ENDE-212-12-50-215.dmz-broadcast IN A 212.12.50.215 +ip215 IN A 212.12.50.215 + +; ChaosVPN +hack IN NS cvpn-dns.hack +cvpn-dns.hack IN A 172.31.0.5 + +; IPv4 Reverse DNS + +122.48.12.212.rdns IN PTR turing.hamburg.ccc.de. +123.48.12.212.rdns IN PTR ip-48-123.hamburg.ccc.de. +124.48.12.212.rdns IN PTR ip-48-124.hamburg.ccc.de. +125.48.12.212.rdns IN PTR public-reverse-proxy.hamburg.ccc.de. +126.48.12.212.rdns IN PTR chaosknoten.hamburg.ccc.de. + +208.50.12.212.rdns IN PTR net-12-50-212.hamburg.ccc.de. +209.50.12.212.rdns IN PTR turing.hamburg.ccc.de. +;210.50.12.212.rdns IN PTR erfafoo.hamburg.ccc.de. +211.50.12.212.rdns IN PTR ip-50-12-211.hamburg.ccc.de. +213.50.12.212.rdns IN PTR cryptoparty.hamburg.ccc.de. +214.50.12.212.rdns IN PTR ip-50-12-214.hamburg.ccc.de. +215.50.12.212.rdns IN PTR broadcast-12-15-212.hamburg.ccc.de. + +128.51.12.212.rdns IN PTR net-12-51-128.hamburg.ccc.de. +129.51.12.212.rdns IN PTR ip-51-129.hamburg.ccc.de. +130.51.12.212.rdns IN PTR ip-51-130.hamburg.ccc.de. +131.51.12.212.rdns IN PTR cms.hamburg.ccc.de. +132.51.12.212.rdns IN PTR lists.hamburg.ccc.de. +133.51.12.212.rdns IN PTR cow.hamburg.ccc.de. +134.51.12.212.rdns IN PTR srv01.hamburg.freifunk.net. +135.51.12.212.rdns IN PTR fftest.hamburg.ccc.de. +136.51.12.212.rdns IN PTR git.hamburg.ccc.de. +137.51.12.212.rdns IN PTR ip-51-137.hamburg.ccc.de. +138.51.12.212.rdns IN PTR erfafoo.hamburg.ccc.de. +139.51.12.212.rdns IN PTR jitsi.hamburg.ccc.de. +140.51.12.212.rdns IN PTR ip-51-140.hamburg.ccc.de. +141.51.12.212.rdns IN PTR mumble.hamburg.ccc.de. +142.51.12.212.rdns IN PTR regio-stage.hamburg.ccc.de. +143.51.12.212.rdns IN PTR broadcast-12-15-128.hamburg.ccc.de. + +; hosts.hamburg.ccc.de +wiki.hosts IN AAAA 2a00:14b0:42:102::2 +cloud.hosts IN AAAA 2a00:14b0:42:102::3 +eh22-wiki.hosts IN AAAA 2a00:14b0:42:102::4 +pad.hosts IN AAAA 2a00:14b0:42:102::5 +keycloak.hosts IN AAAA 2a00:14b0:42:102::6 +onlyoffice.hosts IN AAAA 2a00:14b0:42:102::7 +renovate.hosts IN AAAA 2a00:14b0:42:102::8 +sunders.hosts IN AAAA 2a00:14b0:42:102::9 +mjolnir.hosts IN AAAA 2a00:14b0:42:102::a +netbox.hosts IN AAAA 2a00:14b0:42:102::b +tickets.hosts IN AAAA 2a00:14b0:42:102::c +zammad.hosts IN AAAA 2a00:14b0:42:102::d +grafana.hosts IN AAAA 2a00:14b0:42:102::e +ccchoir.hosts IN AAAA 2a00:14b0:42:102::f +pretalx.hosts IN AAAA 2a00:14b0:42:102::10 +ntfy.hosts IN AAAA 2a00:14b0:42:102::11 +spaceapiccc.hosts IN AAAA 2a00:14b0:42:102::12 +acmedns.hosts IN AAAA 2a00:14b0:42:102::13 +www2.hosts IN AAAA 2a00:14b0:42:102::14 +www3.hosts IN AAAA 2a00:14b0:42:102::15 +diday-staging-runner.hosts IN AAAA 2a00:14b0:42:102::16 +public-web-static.hosts IN AAAA 2a00:14b0:42:102::17 +forgejo-actions-runner.hosts IN AAAA 2a00:14b0:42:102::18 + +; acme-challenges +_acme-challenge.sunders CNAME a5ee8a99-3cdf-4212-972e-c0b6fda1242f.auth.acmedns +_acme-challenge.pretalx CNAME 295a66d4-1d71-49f3-a80a-1f7527ec9cca.auth.acmedns diff --git a/resources/chaosknoten/auth-dns/zones/hh.ccc.de.zone b/resources/chaosknoten/auth-dns/zones/hh.ccc.de.zone new file mode 100644 index 0000000..8705e3f --- /dev/null +++ b/resources/chaosknoten/auth-dns/zones/hh.ccc.de.zone @@ -0,0 +1,69 @@ +$TTL 7200 + +; es wird jetzt der hostname mail.hamburg.ccc.de nicht mehr +; verwendet, sondern statt dessen local-mail.hamburg.ccc.de +; die popeye fuehlt sich immer noch unter mail.hamburg.ccc.de +; angesprochen, und nimmt daher keine mails mit absender-adressen +; die sie nicht kennt an. +; ich hoffe diese aenderung arbeitet um diesen bug herum. +; - haegar 2001.11.14 + +@ IN SOA ns.hamburg.ccc.de. haegar.ccc.de. ( + 2024012601 + 10800 + 3600 + 3600000 + 86400 ) + + IN NS ns.hamburg.ccc.de. + IN NS ns.vie.ccc.de. + + IN MX 5 nomail.ccc.de. +; IN MX 10 local-mail.hamburg.ccc.de. + IN MX 23 nomail2.ccc.de. + IN MX 42 nomail3.ccc.de. + + IN A 212.12.48.125 + IN AAAA 2a00:14b0:4200:3000:125::1 + +localhost IN A 127.0.0.1 + + +; DMZ-Server: +dmz-net IN A 212.12.50.208 + +turing IN CNAME turing.hamburg.ccc.de. +www IN CNAME www.hamburg.ccc.de. + +LAN-212-12-51-128 IN A 212.12.51.128 +gate IN A 212.12.51.129 +END-212-12-51-143 IN A 212.12.51.143 + + +; convience and email + +backup IN A 172.31.16.3 + IN AAAA 2001:6f8:126f:1:16:20:0:3 +; IN MX 5 nomail.ccc.de. + IN MX 10 local-mail.hamburg.ccc.de. + +officemail IN A 172.31.17.131 + IN MX 5 nomail.ccc.de. +; IN MX 10 local-mail.hamburg.ccc.de. + IN MX 23 nomail2.ccc.de. + IN MX 42 nomail3.ccc.de. + +orga IN CNAME orga.hamburg.ccc.de. + + +; Die alte World, aka popeye.crew-gmbh.de +; Legacy-Names, do not delete +world IN A 192.76.134.7 + IN MX 10 world +popeye IN A 192.76.134.7 + IN MX 10 world +uucp IN A 192.76.134.7 + +; ChaosVPN +hack IN NS cvpn-dns.hack +cvpn-dns.hack IN A 172.31.0.5 diff --git a/resources/chaosknoten/auth-dns/zones/localhost.zone b/resources/chaosknoten/auth-dns/zones/localhost.zone new file mode 100644 index 0000000..0ef6b01 --- /dev/null +++ b/resources/chaosknoten/auth-dns/zones/localhost.zone @@ -0,0 +1,12 @@ +$ORIGIN localhost. +$TTL 7200 + +@ 1D IN SOA @ root ( + 42 ; serial (d. adams) + 3H ; refresh + 15M ; retry + 1W ; expiry + 1D ) ; minimum + + 1D IN NS @ + 1D IN A 127.0.0.1 diff --git a/resources/chaosknoten/auth-dns/zones/old-old/ccc.zone b/resources/chaosknoten/auth-dns/zones/old-old/ccc.zone new file mode 100644 index 0000000..cd64c12 --- /dev/null +++ b/resources/chaosknoten/auth-dns/zones/old-old/ccc.zone @@ -0,0 +1,61 @@ +$ORIGIN ccc. +$TTL 7200 +@ IN SOA turing.hamburg.ccc.de. haegar.ccc.de. ( + 2002101507 + 10800 + 3600 + 3600000 + 86400 ) + + IN NS turing.hamburg.ccc.de. + +localhost IN A 127.0.0.1 + +www IN A 195.21.255.248 + +hh IN NS ccchh.hh.ccc. + IN NS turing.hamburg.ccc.de. +ccchh.hh IN A 192.168.16.2 + +vpn.hh IN NS turing.hamburg.ccc.de. + +; haegar: +sdinet IN NS ns.sdinet.ccc. +ns.sdinet IN A 192.168.18.41 + +; falk: +valhalla IN NS thor.valhalla.ccc. +thor.valhalla IN A 192.168.21.1 + +; jeedi: +ghetto IN NS semaphore.ghetto.ccc. +semaphore.ghetto IN A 192.168.20.2 + +; count +flatline IN NS aleph.flatline.de. +flatline IN NS pulse.flatline.de. + +; thalunil (Alex Bihlmaier) +core.kallisti IN A 194.122.183.51 +fnord IN NS core.kallisti +kallisti IN NS core.kallisti + +; sz +vogsphere IN A 212.12.48.51 +datenknoten IN A 212.12.48.49 +znet IN NS datenknoten.ccc. +sz IN NS datenknoten.ccc. +chaos IN NS datenknoten.ccc. +funk IN NS datenknoten.ccc. +presse IN NS datenknoten.ccc. +weltregierung IN NS datenknoten.ccc. + +; migri +migri IN CNAME migri.homeip.net. + +; Enno +enno IN CNAME home.verbrennung.org. + +; Dennis +desc IN NS freya.ainex.net. + diff --git a/resources/chaosknoten/auth-dns/zones/old-old/vpn.hh.ccc.zone b/resources/chaosknoten/auth-dns/zones/old-old/vpn.hh.ccc.zone new file mode 100644 index 0000000..cc76768 --- /dev/null +++ b/resources/chaosknoten/auth-dns/zones/old-old/vpn.hh.ccc.zone @@ -0,0 +1,37 @@ +$ORIGIN vpn.hh.ccc. +$TTL 7200 + +@ IN SOA vpn.hh.ccc. haegar.ccc.de. ( + 2002101502 + 10800 + 3600 + 3600000 + 86400 ) + + IN NS turing.hamburg.ccc.de. + +localhost IN A 127.0.0.1 + +network IN A 192.168.0.64 +fwhh IN A 192.168.0.65 +worf IN A 192.168.0.66 +sdinet-cut IN A 192.168.0.67 +migri IN A 192.168.0.68 +cemil IN A 192.168.0.69 +fw IN A 192.168.0.70 +fw-server IN A 192.168.0.71 + +broadcast IN A 192.168.0.127 + +net.znet IN A 192.168.23.0 +gate.znet IN A 192.168.23.23 +bc.znet IN A 192.168.23.255 + +net.no-maam IN A 192.168.24.0 +gate.no-maam IN A 192.168.24.1 +bc.no-maam IN A 192.168.24.255 + +net.loom IN A 192.168.33.0 +gate.loom IN A 192.168.33.1 +bc.loom IN A 192.168.33.255 + From 9ca4eb14e17833c0c07058f5ad8e8dab09ffaeef Mon Sep 17 00:00:00 2001 From: lilly Date: Thu, 30 Apr 2026 22:53:07 +0200 Subject: [PATCH 07/27] configure hh.ccc.de on auth-dns --- .../chaosknoten/host_vars/auth-dns.sops.yaml | 5 +++-- inventories/chaosknoten/host_vars/auth-dns.yaml | 17 +++++++++++++++++ .../chaosknoten/auth-dns/zones/hh.ccc.de.zone | 6 +++++- 3 files changed, 25 insertions(+), 3 deletions(-) diff --git a/inventories/chaosknoten/host_vars/auth-dns.sops.yaml b/inventories/chaosknoten/host_vars/auth-dns.sops.yaml index 1899a27..b69debc 100644 --- a/inventories/chaosknoten/host_vars/auth-dns.sops.yaml +++ b/inventories/chaosknoten/host_vars/auth-dns.sops.yaml @@ -1,4 +1,5 @@ ansible_pull__age_private_key: ENC[AES256_GCM,data:2kBG8j8JHa/dlXgWMdbSobulFdVunf052T1QQfm1X2vpEZx2HPCL87fWea+O0WOg7+eoMYbiShu0Vw1eTjb+687LjU8l4cj2JWIajnYfDGH+ipWXojxj613C3RZV3JfDOclVTwP8fCHu7z7P3fKrsKWb5d3t2ohTT+sGdVdimakAOf192CkufcVIthq2imiWbntiMTOdMGJxyIjqT2Io2H89nSbJXkONsuHCF/PbxhryB2LZbl8aZV32knk=,iv:hpscVc7iO4r/h31vS6Zno2pkEsgA2uR7wD/1PjH1znM=,tag:ypiwFtgeXuj4gOsgTCRTBw==,type:str] +knot__dnssec_key_secret: ENC[AES256_GCM,data:WPFTLyJIttFtqqTZV2fGN0Tt1vRS318TGmd2YqNzYisE3TBi6Z2aClxuYh56Q+j7TUQwCvga3jd5w017sEz3kA==,iv:umaFHBCy9AZgNFv7uXLCtO0o/NZDAZ1QNg5DcGHWEW8=,tag:oR92C1Uj5iXU9L02MqzGSQ==,type:str] sops: age: - recipient: age18zgt4y2sd75hxnpe333zz39048ctxpr0q8a3uqh3jajjkyawsdrq8yg5ve @@ -10,8 +11,8 @@ sops: MEZQTHZXNExsSnl0WW9Vb29sajE1YzAKoYU7rGuR+52+U02uf3eTH9hkIECWdcJv wN9JTwsUn0c6mi/d4AHgv5O04Uw7NxUyGVmFlDZzjxLwPzZyR73SvA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-04-29T19:21:55Z" - mac: ENC[AES256_GCM,data:RLXsIsSdrCuElYQ3x2YpwYzQx0V0zoYP6h9FLD+RqmZ1pWhlk6Ijp9WxCAlEWps9n5rPYYyhZ3ldSJluTVeroPwpzrmwW+xXCGsCC0BFk6PuB4UynfHwWR/3jEK47nAdPbNfONhzGfOeTObYp22c3iHiKL8YochOSlBToA8mFr4=,iv:fZZEa3C/BsNKGdTKlR/hexrzhmLxiMVxgL9nXjX2Q1E=,tag:I5M8SNbSw4w1crsl0z/5+Q==,type:str] + lastmodified: "2026-05-01T17:08:09Z" + mac: ENC[AES256_GCM,data:TaMWf1ESs8nYzxkElMYtsz+/Be0PtI7FA0q6IFK+ob4dl/EN+AeTD7Pp0MZF8zcRvZ4hF0Ybimet5bwVR+d7UIXlXz3qP//pX68JDCvcLMQuhNtm6Ws+mwVxkpxEvBr1PtxlSvcQ76vH3ryEsXkP84gmlCDEdX1GAZYZ9ZS3Cfk=,iv:g3tzUfTPNUQyOAxWJEFPHg0IAPAzQgwYABHm4mFOOrI=,tag:C6KE/bg/3jS7Wc56y6YOJQ==,type:str] pgp: - created_at: "2026-04-29T19:18:43Z" enc: |- diff --git a/inventories/chaosknoten/host_vars/auth-dns.yaml b/inventories/chaosknoten/host_vars/auth-dns.yaml index 25b3de1..1534e4a 100644 --- a/inventories/chaosknoten/host_vars/auth-dns.yaml +++ b/inventories/chaosknoten/host_vars/auth-dns.yaml @@ -1,2 +1,19 @@ --- deploy_systemd_resolved_config__enable: false + +knot__dnssec_key_id: "auth-dns.hamburg.ccc.de-1" +knot__remotes: + - id: ns-intern.hamburg.ccc.de + address: [ "2a00:14b0:f000:23::53", "172.31.17.53" ] + +knot__catalog_zones: + - domain: "hamburg.ccc.de.catalog." + +knot__zones: + # - domain: "hamburg.ccc.de." + # catalog_member: "hamburg.ccc.de.catalog." + # content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/hamburg.ccc.de.zone') }}" + - domain: "hh.ccc.de." + catalog_member: "hamburg.ccc.de.catalog." + notify_targets: [ "ns-intern.hamburg.ccc.de" ] + content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/hh.ccc.de.zone') }}" diff --git a/resources/chaosknoten/auth-dns/zones/hh.ccc.de.zone b/resources/chaosknoten/auth-dns/zones/hh.ccc.de.zone index 8705e3f..35794ba 100644 --- a/resources/chaosknoten/auth-dns/zones/hh.ccc.de.zone +++ b/resources/chaosknoten/auth-dns/zones/hh.ccc.de.zone @@ -8,7 +8,7 @@ $TTL 7200 ; ich hoffe diese aenderung arbeitet um diesen bug herum. ; - haegar 2001.11.14 -@ IN SOA ns.hamburg.ccc.de. haegar.ccc.de. ( +@ IN SOA auth-dns.hamburg.ccc.de. noc.hamburg.ccc.de. ( 2024012601 10800 3600 @@ -67,3 +67,7 @@ uucp IN A 192.76.134.7 ; ChaosVPN hack IN NS cvpn-dns.hack cvpn-dns.hack IN A 172.31.0.5 + + +; tmp test +merz.leck.eier IN TXT "kann er mal" From 8c1553c707cf08b534f4a0ca80d304c495351eb7 Mon Sep 17 00:00:00 2001 From: lilly Date: Thu, 30 Apr 2026 22:53:07 +0200 Subject: [PATCH 08/27] fix role name auth-dns -> auth_dns --- playbooks/deploy.yaml | 2 +- roles/{auth-dns => auth_dns}/defaults/main.yaml | 0 roles/{auth-dns => auth_dns}/handlers/main.yaml | 5 +++-- roles/{auth-dns => auth_dns}/meta/argument_specs.yaml | 0 roles/{auth-dns => auth_dns}/tasks/01-install.yaml | 0 roles/{auth-dns => auth_dns}/tasks/02-configure.yaml | 9 +++++---- roles/{auth-dns => auth_dns}/tasks/main.yaml | 0 roles/{auth-dns => auth_dns}/templates/knot.conf.j2 | 0 .../templates/netplan-disable-ra.yaml | 0 roles/{auth-dns => auth_dns}/templates/zone.j2 | 0 10 files changed, 9 insertions(+), 7 deletions(-) rename roles/{auth-dns => auth_dns}/defaults/main.yaml (100%) rename roles/{auth-dns => auth_dns}/handlers/main.yaml (88%) rename roles/{auth-dns => auth_dns}/meta/argument_specs.yaml (100%) rename roles/{auth-dns => auth_dns}/tasks/01-install.yaml (100%) rename roles/{auth-dns => auth_dns}/tasks/02-configure.yaml (91%) rename roles/{auth-dns => auth_dns}/tasks/main.yaml (100%) rename roles/{auth-dns => auth_dns}/templates/knot.conf.j2 (100%) rename roles/{auth-dns => auth_dns}/templates/netplan-disable-ra.yaml (100%) rename roles/{auth-dns => auth_dns}/templates/zone.j2 (100%) diff --git a/playbooks/deploy.yaml b/playbooks/deploy.yaml index 130d914..ff9110d 100644 --- a/playbooks/deploy.yaml +++ b/playbooks/deploy.yaml @@ -105,4 +105,4 @@ - name: Setup authoritative dns servers hosts: auth-dns roles: - - auth-dns + - auth_dns diff --git a/roles/auth-dns/defaults/main.yaml b/roles/auth_dns/defaults/main.yaml similarity index 100% rename from roles/auth-dns/defaults/main.yaml rename to roles/auth_dns/defaults/main.yaml diff --git a/roles/auth-dns/handlers/main.yaml b/roles/auth_dns/handlers/main.yaml similarity index 88% rename from roles/auth-dns/handlers/main.yaml rename to roles/auth_dns/handlers/main.yaml index 0d74c51..11944a0 100644 --- a/roles/auth-dns/handlers/main.yaml +++ b/roles/auth_dns/handlers/main.yaml @@ -1,5 +1,6 @@ -- tags: [ auth-dns ] - name: restart knot +--- +- name: restart knot + tags: [ auth-dns ] become: true ansible.builtin.systemd: name: knot.service diff --git a/roles/auth-dns/meta/argument_specs.yaml b/roles/auth_dns/meta/argument_specs.yaml similarity index 100% rename from roles/auth-dns/meta/argument_specs.yaml rename to roles/auth_dns/meta/argument_specs.yaml diff --git a/roles/auth-dns/tasks/01-install.yaml b/roles/auth_dns/tasks/01-install.yaml similarity index 100% rename from roles/auth-dns/tasks/01-install.yaml rename to roles/auth_dns/tasks/01-install.yaml diff --git a/roles/auth-dns/tasks/02-configure.yaml b/roles/auth_dns/tasks/02-configure.yaml similarity index 91% rename from roles/auth-dns/tasks/02-configure.yaml rename to roles/auth_dns/tasks/02-configure.yaml index 89116a4..12b5732 100644 --- a/roles/auth-dns/tasks/02-configure.yaml +++ b/roles/auth_dns/tasks/02-configure.yaml @@ -1,5 +1,6 @@ -- tags: [ auth-dns ] - name: Ensure required directories exist +--- +- name: Ensure required directories exist + tags: [ auth-dns ] become: true loop: [ "/etc/knot", "/etc/knot/zones" ] ansible.builtin.file: @@ -9,8 +10,8 @@ group: knot mode: u=rwx,g=rx,o= -- tags: [ auth-dns ] - name: Deploy knot configuration file +- name: Deploy knot configuration file + tags: [ auth-dns ] become: true notify: restart knot ansible.builtin.template: diff --git a/roles/auth-dns/tasks/main.yaml b/roles/auth_dns/tasks/main.yaml similarity index 100% rename from roles/auth-dns/tasks/main.yaml rename to roles/auth_dns/tasks/main.yaml diff --git a/roles/auth-dns/templates/knot.conf.j2 b/roles/auth_dns/templates/knot.conf.j2 similarity index 100% rename from roles/auth-dns/templates/knot.conf.j2 rename to roles/auth_dns/templates/knot.conf.j2 diff --git a/roles/auth-dns/templates/netplan-disable-ra.yaml b/roles/auth_dns/templates/netplan-disable-ra.yaml similarity index 100% rename from roles/auth-dns/templates/netplan-disable-ra.yaml rename to roles/auth_dns/templates/netplan-disable-ra.yaml diff --git a/roles/auth-dns/templates/zone.j2 b/roles/auth_dns/templates/zone.j2 similarity index 100% rename from roles/auth-dns/templates/zone.j2 rename to roles/auth_dns/templates/zone.j2 From 416ca85b119e4d66c008a06cc7e43547d4bfebb3 Mon Sep 17 00:00:00 2001 From: lilly Date: Wed, 6 May 2026 11:52:10 +0200 Subject: [PATCH 09/27] rename auth_dns -> knot role --- playbooks/deploy.yaml | 2 +- roles/{auth_dns => knot}/defaults/main.yaml | 0 roles/{auth_dns => knot}/handlers/main.yaml | 0 roles/{auth_dns => knot}/meta/argument_specs.yaml | 0 roles/{auth_dns => knot}/tasks/01-install.yaml | 0 roles/{auth_dns => knot}/tasks/02-configure.yaml | 0 roles/{auth_dns => knot}/tasks/main.yaml | 0 roles/{auth_dns => knot}/templates/knot.conf.j2 | 0 roles/{auth_dns => knot}/templates/netplan-disable-ra.yaml | 0 roles/{auth_dns => knot}/templates/zone.j2 | 0 10 files changed, 1 insertion(+), 1 deletion(-) rename roles/{auth_dns => knot}/defaults/main.yaml (100%) rename roles/{auth_dns => knot}/handlers/main.yaml (100%) rename roles/{auth_dns => knot}/meta/argument_specs.yaml (100%) rename roles/{auth_dns => knot}/tasks/01-install.yaml (100%) rename roles/{auth_dns => knot}/tasks/02-configure.yaml (100%) rename roles/{auth_dns => knot}/tasks/main.yaml (100%) rename roles/{auth_dns => knot}/templates/knot.conf.j2 (100%) rename roles/{auth_dns => knot}/templates/netplan-disable-ra.yaml (100%) rename roles/{auth_dns => knot}/templates/zone.j2 (100%) diff --git a/playbooks/deploy.yaml b/playbooks/deploy.yaml index ff9110d..a3b047b 100644 --- a/playbooks/deploy.yaml +++ b/playbooks/deploy.yaml @@ -105,4 +105,4 @@ - name: Setup authoritative dns servers hosts: auth-dns roles: - - auth_dns + - knot diff --git a/roles/auth_dns/defaults/main.yaml b/roles/knot/defaults/main.yaml similarity index 100% rename from roles/auth_dns/defaults/main.yaml rename to roles/knot/defaults/main.yaml diff --git a/roles/auth_dns/handlers/main.yaml b/roles/knot/handlers/main.yaml similarity index 100% rename from roles/auth_dns/handlers/main.yaml rename to roles/knot/handlers/main.yaml diff --git a/roles/auth_dns/meta/argument_specs.yaml b/roles/knot/meta/argument_specs.yaml similarity index 100% rename from roles/auth_dns/meta/argument_specs.yaml rename to roles/knot/meta/argument_specs.yaml diff --git a/roles/auth_dns/tasks/01-install.yaml b/roles/knot/tasks/01-install.yaml similarity index 100% rename from roles/auth_dns/tasks/01-install.yaml rename to roles/knot/tasks/01-install.yaml diff --git a/roles/auth_dns/tasks/02-configure.yaml b/roles/knot/tasks/02-configure.yaml similarity index 100% rename from roles/auth_dns/tasks/02-configure.yaml rename to roles/knot/tasks/02-configure.yaml diff --git a/roles/auth_dns/tasks/main.yaml b/roles/knot/tasks/main.yaml similarity index 100% rename from roles/auth_dns/tasks/main.yaml rename to roles/knot/tasks/main.yaml diff --git a/roles/auth_dns/templates/knot.conf.j2 b/roles/knot/templates/knot.conf.j2 similarity index 100% rename from roles/auth_dns/templates/knot.conf.j2 rename to roles/knot/templates/knot.conf.j2 diff --git a/roles/auth_dns/templates/netplan-disable-ra.yaml b/roles/knot/templates/netplan-disable-ra.yaml similarity index 100% rename from roles/auth_dns/templates/netplan-disable-ra.yaml rename to roles/knot/templates/netplan-disable-ra.yaml diff --git a/roles/auth_dns/templates/zone.j2 b/roles/knot/templates/zone.j2 similarity index 100% rename from roles/auth_dns/templates/zone.j2 rename to roles/knot/templates/zone.j2 From 91005230458721e2254c70ba9f48bbbdc8b2afa2 Mon Sep 17 00:00:00 2001 From: lilly Date: Wed, 6 May 2026 11:59:49 +0200 Subject: [PATCH 10/27] remove obsolete auth-dns compose file --- .../auth-dns/docker_compose/compose.yaml.j2 | 13 ------------- 1 file changed, 13 deletions(-) delete mode 100644 resources/chaosknoten/auth-dns/docker_compose/compose.yaml.j2 diff --git a/resources/chaosknoten/auth-dns/docker_compose/compose.yaml.j2 b/resources/chaosknoten/auth-dns/docker_compose/compose.yaml.j2 deleted file mode 100644 index 7ebc230..0000000 --- a/resources/chaosknoten/auth-dns/docker_compose/compose.yaml.j2 +++ /dev/null @@ -1,13 +0,0 @@ -# Links & Resources -# https://www.knot-dns.cz/docs/latest/html/index.html - -services: - knot: - image: docker.io/cznic/knot:v3.5.4 - restart: unless-stopped - command: "knotd" - network_mode: host - volumes: - - ./configs:/config:ro - - ./storage:/storage - From fa021fb73705a38e3c6e05564f2cc98423a37fa8 Mon Sep 17 00:00:00 2001 From: lilly Date: Wed, 6 May 2026 12:05:05 +0200 Subject: [PATCH 11/27] migrate dns zone ccchh.net. to new auth-dns server --- inventories/chaosknoten/host_vars/auth-dns.yaml | 4 ++++ resources/chaosknoten/auth-dns/zones/ccchh.net.zone | 2 +- roles/knot/templates/knot.conf.j2 | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/inventories/chaosknoten/host_vars/auth-dns.yaml b/inventories/chaosknoten/host_vars/auth-dns.yaml index 1534e4a..1e0e317 100644 --- a/inventories/chaosknoten/host_vars/auth-dns.yaml +++ b/inventories/chaosknoten/host_vars/auth-dns.yaml @@ -17,3 +17,7 @@ knot__zones: catalog_member: "hamburg.ccc.de.catalog." notify_targets: [ "ns-intern.hamburg.ccc.de" ] content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/hh.ccc.de.zone') }}" + - domain: "ccchh.net." + catalog_member: "hamburg.ccc.de.catalog." + notify_targets: [ "ns-intern.hamburg.ccc.de" ] + content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/ccchh.net.zone') }}" diff --git a/resources/chaosknoten/auth-dns/zones/ccchh.net.zone b/resources/chaosknoten/auth-dns/zones/ccchh.net.zone index f95ee63..b112bc8 100644 --- a/resources/chaosknoten/auth-dns/zones/ccchh.net.zone +++ b/resources/chaosknoten/auth-dns/zones/ccchh.net.zone @@ -1,6 +1,6 @@ $ORIGIN . $TTL 900 ; 15 minutes -ccchh.net IN SOA ns1.ccchh.net. noreply.ccchh.net. ( +ccchh.net IN SOA auth-dns.hamburg.ccc.de. noc.hamburg.ccc.de. ( 2026042801 ; serial 86400 ; refresh (1 day) 7200 ; retry (2 hours) diff --git a/roles/knot/templates/knot.conf.j2 b/roles/knot/templates/knot.conf.j2 index 243c0b7..c661e25 100644 --- a/roles/knot/templates/knot.conf.j2 +++ b/roles/knot/templates/knot.conf.j2 @@ -90,6 +90,6 @@ zone: catalog-role: member catalog-zone: "{{ i_zone.catalog_member }}" {% endif %} + {% endfor %} - {# - domain: "onsite.eurofurence.org" #} From 04a6c685d1d511868686c276b6ac1ed592ce3cf6 Mon Sep 17 00:00:00 2001 From: lilly Date: Wed, 6 May 2026 12:16:22 +0200 Subject: [PATCH 12/27] migrate dns zone hamburg.ccc.de. to new auth-dns server --- inventories/chaosknoten/host_vars/auth-dns.yaml | 6 ++++++ resources/chaosknoten/auth-dns/zones/hamburg.ccc.de.zone | 6 +++--- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/inventories/chaosknoten/host_vars/auth-dns.yaml b/inventories/chaosknoten/host_vars/auth-dns.yaml index 1e0e317..50f5fc8 100644 --- a/inventories/chaosknoten/host_vars/auth-dns.yaml +++ b/inventories/chaosknoten/host_vars/auth-dns.yaml @@ -17,7 +17,13 @@ knot__zones: catalog_member: "hamburg.ccc.de.catalog." notify_targets: [ "ns-intern.hamburg.ccc.de" ] content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/hh.ccc.de.zone') }}" + - domain: "ccchh.net." catalog_member: "hamburg.ccc.de.catalog." notify_targets: [ "ns-intern.hamburg.ccc.de" ] content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/ccchh.net.zone') }}" + + - domain: "hamburg.ccc.de." + catalog_member: "hamburg.ccc.de.catalog." + notify_targets: [ "ns-intern.hamburg.ccc.de" ] + content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/hamburg.ccc.de.zone') }}" diff --git a/resources/chaosknoten/auth-dns/zones/hamburg.ccc.de.zone b/resources/chaosknoten/auth-dns/zones/hamburg.ccc.de.zone index 17f4dd7..02360c9 100644 --- a/resources/chaosknoten/auth-dns/zones/hamburg.ccc.de.zone +++ b/resources/chaosknoten/auth-dns/zones/hamburg.ccc.de.zone @@ -7,7 +7,7 @@ ; - haegar 2001.11.14 $TTL 7200 -@ IN SOA ns.hamburg.ccc.de. haegar.ccc.de. ( +@ IN SOA auth-dns.hamburg.ccc.de. noc.hamburg.ccc.de. ( 2026042903 10800 3600 @@ -239,7 +239,7 @@ hydra-intern IN A 172.31.17.163 forgejo-runner-builder IN A 172.31.17.202 renovate-forgejo IN A 172.31.17.163 ansible-testing-intern IN A 172.31.17.164 -ntfy-intern IN A 172.31.17.149 +ntfy-intern IN A 172.31.17.149 status IN AAAA 2a00:14b0:f001:100::fd status IN A 212.12.50.253 design IN A 212.12.48.125 @@ -329,7 +329,7 @@ sunders IN CNAME public-reverse-proxy spaceapiccc IN CNAME public-reverse-proxy acmedns IN CNAME public-reverse-proxy cpuccc IN CNAME public-reverse-proxy -did IN CNAME public-reverse-proxy +did IN CNAME public-reverse-proxy auth.acmedns IN NS acmedns.hosts.hamburg.ccc.de. From d535607ae6b4f26c78f4299a6f8465a3544d5a5b Mon Sep 17 00:00:00 2001 From: lilly Date: Wed, 6 May 2026 12:30:22 +0200 Subject: [PATCH 13/27] migrate dns zone eh20.easterhegg.eu. to new auth-dns server --- inventories/chaosknoten/host_vars/auth-dns.yaml | 6 ++++++ .../chaosknoten/auth-dns/zones/eh20.easterhegg.eu.zone | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/inventories/chaosknoten/host_vars/auth-dns.yaml b/inventories/chaosknoten/host_vars/auth-dns.yaml index 50f5fc8..75f332d 100644 --- a/inventories/chaosknoten/host_vars/auth-dns.yaml +++ b/inventories/chaosknoten/host_vars/auth-dns.yaml @@ -27,3 +27,9 @@ knot__zones: catalog_member: "hamburg.ccc.de.catalog." notify_targets: [ "ns-intern.hamburg.ccc.de" ] content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/hamburg.ccc.de.zone') }}" + + - domain: "eh20.easterhegg.eu." + catalog_member: "hamburg.ccc.de.catalog." + notify_targets: [ "ns-intern.hamburg.ccc.de" ] + content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/eh20.easterhegg.eu.zone') }}" + diff --git a/resources/chaosknoten/auth-dns/zones/eh20.easterhegg.eu.zone b/resources/chaosknoten/auth-dns/zones/eh20.easterhegg.eu.zone index ee28f2b..5103c2a 100644 --- a/resources/chaosknoten/auth-dns/zones/eh20.easterhegg.eu.zone +++ b/resources/chaosknoten/auth-dns/zones/eh20.easterhegg.eu.zone @@ -1,6 +1,6 @@ $TTL 7200 -@ IN SOA ns.hamburg.ccc.de. mail.hamburg.ccc.de. ( +@ IN SOA auth-intern.hamburg.ccc.de. noc.hamburg.ccc.de. ( 2025021101 10800 3600 From 46b0a49eb8d1d9acbda10df57555b6a7c38cb59c Mon Sep 17 00:00:00 2001 From: lilly Date: Wed, 6 May 2026 12:33:23 +0200 Subject: [PATCH 14/27] migrate dns zone eh22.easterhegg.eu to new auth-dns server --- inventories/chaosknoten/host_vars/auth-dns.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/inventories/chaosknoten/host_vars/auth-dns.yaml b/inventories/chaosknoten/host_vars/auth-dns.yaml index 75f332d..007ff0e 100644 --- a/inventories/chaosknoten/host_vars/auth-dns.yaml +++ b/inventories/chaosknoten/host_vars/auth-dns.yaml @@ -33,3 +33,8 @@ knot__zones: notify_targets: [ "ns-intern.hamburg.ccc.de" ] content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/eh20.easterhegg.eu.zone') }}" + - domain: "eh22.easterhegg.eu." + catalog_member: "hamburg.ccc.de.catalog." + notify_targets: [ "ns-intern.hamburg.ccc.de" ] + content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/eh22.easterhegg.eu.zone') }}" + From 3aa146d72334cf58666cdaaf4d94c6869891f09e Mon Sep 17 00:00:00 2001 From: June Date: Wed, 6 May 2026 14:19:38 +0200 Subject: [PATCH 15/27] nftables(role): reload instead of restart This should make the role more robust against misconfigurations. --- roles/nftables/handlers/main.yaml | 4 ++-- roles/nftables/tasks/main.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/nftables/handlers/main.yaml b/roles/nftables/handlers/main.yaml index 3b72c54..45f20c9 100644 --- a/roles/nftables/handlers/main.yaml +++ b/roles/nftables/handlers/main.yaml @@ -1,5 +1,5 @@ -- name: Restart nftables service +- name: Reload nftables service ansible.builtin.systemd_service: name: nftables - state: restarted + state: reloaded become: true diff --git a/roles/nftables/tasks/main.yaml b/roles/nftables/tasks/main.yaml index 46ea18d..6a72800 100644 --- a/roles/nftables/tasks/main.yaml +++ b/roles/nftables/tasks/main.yaml @@ -12,4 +12,4 @@ owner: root group: root become: true - notify: Restart nftables service + notify: Reload nftables service From 5283d2da951629c6213e6acc9dcba7e986dc451a Mon Sep 17 00:00:00 2001 From: lilly Date: Wed, 6 May 2026 14:14:17 +0200 Subject: [PATCH 16/27] improve knot roles reloading behavior With this change, the nameserver is not restarted on configuration updates but only reloaded instead. --- roles/knot/handlers/main.yaml | 10 ++-------- roles/knot/tasks/02-configure.yaml | 4 ++-- 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/roles/knot/handlers/main.yaml b/roles/knot/handlers/main.yaml index 11944a0..f89fedd 100644 --- a/roles/knot/handlers/main.yaml +++ b/roles/knot/handlers/main.yaml @@ -1,16 +1,10 @@ --- -- name: restart knot +- name: reload knot tags: [ auth-dns ] become: true ansible.builtin.systemd: name: knot.service - state: restarted - -- name: reload knot zones - tags: [ auth-dns ] - become: true - changed_when: true - ansible.builtin.command: "knotc zone-reload" + state: reloaded - name: netplan apply tags: [ auth-dns ] diff --git a/roles/knot/tasks/02-configure.yaml b/roles/knot/tasks/02-configure.yaml index 12b5732..2b0b0fa 100644 --- a/roles/knot/tasks/02-configure.yaml +++ b/roles/knot/tasks/02-configure.yaml @@ -13,7 +13,7 @@ - name: Deploy knot configuration file tags: [ auth-dns ] become: true - notify: restart knot + notify: reload knot ansible.builtin.template: src: knot.conf.j2 dest: /etc/knot/knot.conf @@ -24,7 +24,7 @@ - name: Deploy configured zones tags: [ auth-dns ] become: true - notify: reload knot zones + notify: reload knot loop: "{{ knot__zones }}" loop_control: label: "{{ item.domain }}" From 021843b5cebcdd46409c8cc3e6ca1fcff242d338 Mon Sep 17 00:00:00 2001 From: lilly Date: Wed, 6 May 2026 14:14:17 +0200 Subject: [PATCH 17/27] migrate reverse dns zones to new auth-dns server --- .../chaosknoten/host_vars/auth-dns.yaml | 23 +++++++++++++++++++ .../zones/17.31.172.in-addr.arpa.zone | 2 +- ....0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone | 2 +- ....0.0.0.0.0.f.0.b.4.1.0.0.a.2.ip6.arpa.zone | 2 +- ....0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone | 2 +- ....0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone | 2 +- ....0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone | 2 +- 7 files changed, 29 insertions(+), 6 deletions(-) diff --git a/inventories/chaosknoten/host_vars/auth-dns.yaml b/inventories/chaosknoten/host_vars/auth-dns.yaml index 007ff0e..2fa8f91 100644 --- a/inventories/chaosknoten/host_vars/auth-dns.yaml +++ b/inventories/chaosknoten/host_vars/auth-dns.yaml @@ -38,3 +38,26 @@ knot__zones: notify_targets: [ "ns-intern.hamburg.ccc.de" ] content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/eh22.easterhegg.eu.zone') }}" + - domain: "3.2.0.0.0.0.0.f.0.b.4.1.0.0.a.2.ip6.arpa." + notify_targets: [ "ns-intern.hamburg.ccc.de" ] + content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/3.2.0.0.0.0.0.f.0.b.4.1.0.0.a.2.ip6.arpa.zone') }}" + + - domain: "2.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa." + notify_targets: [ "ns-intern.hamburg.ccc.de" ] + content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/2.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone') }}" + + - domain: "3.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa." + notify_targets: [ "ns-intern.hamburg.ccc.de" ] + content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/3.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone') }}" + + - domain: "4.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa." + notify_targets: [ "ns-intern.hamburg.ccc.de" ] + content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/4.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone') }}" + + - domain: "5.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa." + notify_targets: [ "ns-intern.hamburg.ccc.de" ] + content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/5.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone') }}" + + - domain: "6.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa." + notify_targets: [ "ns-intern.hamburg.ccc.de" ] + content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/6.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone') }}" diff --git a/resources/chaosknoten/auth-dns/zones/17.31.172.in-addr.arpa.zone b/resources/chaosknoten/auth-dns/zones/17.31.172.in-addr.arpa.zone index ea2c1ce..dd13af3 100644 --- a/resources/chaosknoten/auth-dns/zones/17.31.172.in-addr.arpa.zone +++ b/resources/chaosknoten/auth-dns/zones/17.31.172.in-addr.arpa.zone @@ -1,6 +1,6 @@ $TTL 7200 -@ IN SOA ns-intern.hamburg.ccc.de. haegar.ccc.de. ( +@ IN SOA auth-dns.hamburg.ccc.de. noc.hamburg.ccc.de. ( 2025020101 10800 3600 diff --git a/resources/chaosknoten/auth-dns/zones/2.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone b/resources/chaosknoten/auth-dns/zones/2.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone index 205bda5..d7e02c3 100644 --- a/resources/chaosknoten/auth-dns/zones/2.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone +++ b/resources/chaosknoten/auth-dns/zones/2.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone @@ -1,6 +1,6 @@ $TTL 7200 -@ IN SOA ns.hamburg.ccc.de. haegar.ccc.de. ( +@ IN SOA auth-dns.hamburg.ccc.de. noc.hamburg.ccc.de. ( 2023073001 10800 3600 diff --git a/resources/chaosknoten/auth-dns/zones/3.2.0.0.0.0.0.f.0.b.4.1.0.0.a.2.ip6.arpa.zone b/resources/chaosknoten/auth-dns/zones/3.2.0.0.0.0.0.f.0.b.4.1.0.0.a.2.ip6.arpa.zone index 240d783..59fc28f 100644 --- a/resources/chaosknoten/auth-dns/zones/3.2.0.0.0.0.0.f.0.b.4.1.0.0.a.2.ip6.arpa.zone +++ b/resources/chaosknoten/auth-dns/zones/3.2.0.0.0.0.0.f.0.b.4.1.0.0.a.2.ip6.arpa.zone @@ -1,6 +1,6 @@ $TTL 7200 -@ IN SOA ns.hamburg.ccc.de. haegar.ccc.de. ( +@ IN SOA auth-dns.hamburg.ccc.de. noc.hamburg.ccc.de. ( 2025020102 10800 3600 diff --git a/resources/chaosknoten/auth-dns/zones/3.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone b/resources/chaosknoten/auth-dns/zones/3.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone index 3b3921c..a14e026 100644 --- a/resources/chaosknoten/auth-dns/zones/3.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone +++ b/resources/chaosknoten/auth-dns/zones/3.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone @@ -1,6 +1,6 @@ $TTL 7200 -@ IN SOA ns.hamburg.ccc.de. haegar.ccc.de. ( +@ IN SOA auth-dns.hamburg.ccc.de. noc.hamburg.ccc.de. ( 2023072900 10800 3600 diff --git a/resources/chaosknoten/auth-dns/zones/4.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone b/resources/chaosknoten/auth-dns/zones/4.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone index 4bba9bc..1a8fb86 100644 --- a/resources/chaosknoten/auth-dns/zones/4.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone +++ b/resources/chaosknoten/auth-dns/zones/4.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone @@ -1,6 +1,6 @@ $TTL 7200 -@ IN SOA ns.hamburg.ccc.de. haegar.ccc.de. ( +@ IN SOA auth-dns.hamburg.ccc.de. noc.hamburg.ccc.de. ( 2023072900 10800 3600 diff --git a/resources/chaosknoten/auth-dns/zones/5.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone b/resources/chaosknoten/auth-dns/zones/5.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone index 8eeaf64..d46cc3c 100644 --- a/resources/chaosknoten/auth-dns/zones/5.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone +++ b/resources/chaosknoten/auth-dns/zones/5.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone @@ -1,6 +1,6 @@ $TTL 7200 -@ IN SOA ns.hamburg.ccc.de. haegar.ccc.de. ( +@ IN SOA auth-dns.hamburg.ccc.de. noc.hamburg.ccc.de. ( 2023072900 10800 3600 From f7306b91a67aac28e721d744fe9a93a2077ca72c Mon Sep 17 00:00:00 2001 From: lilly Date: Wed, 6 May 2026 14:34:34 +0200 Subject: [PATCH 18/27] remove unused dns zones --- .../chaosknoten/host_vars/auth-dns.yaml | 3 - .../auth-dns/zones/0.0.127.in-addr.arpa.zone | 12 --- .../chaosknoten/auth-dns/zones/127.0.0.zone | 11 --- .../auth-dns/zones/168.192.in-addr.arpa.zone | 10 -- .../zones/17.31.172.in-addr.arpa.zone | 49 ---------- resources/chaosknoten/auth-dns/zones/Makefile | 93 ------------------- .../chaosknoten/auth-dns/zones/localhost.zone | 12 --- .../auth-dns/zones/old-old/ccc.zone | 61 ------------ .../auth-dns/zones/old-old/vpn.hh.ccc.zone | 37 -------- 9 files changed, 288 deletions(-) delete mode 100644 resources/chaosknoten/auth-dns/zones/0.0.127.in-addr.arpa.zone delete mode 100644 resources/chaosknoten/auth-dns/zones/127.0.0.zone delete mode 100644 resources/chaosknoten/auth-dns/zones/168.192.in-addr.arpa.zone delete mode 100644 resources/chaosknoten/auth-dns/zones/17.31.172.in-addr.arpa.zone delete mode 100644 resources/chaosknoten/auth-dns/zones/Makefile delete mode 100644 resources/chaosknoten/auth-dns/zones/localhost.zone delete mode 100644 resources/chaosknoten/auth-dns/zones/old-old/ccc.zone delete mode 100644 resources/chaosknoten/auth-dns/zones/old-old/vpn.hh.ccc.zone diff --git a/inventories/chaosknoten/host_vars/auth-dns.yaml b/inventories/chaosknoten/host_vars/auth-dns.yaml index 2fa8f91..bff4b10 100644 --- a/inventories/chaosknoten/host_vars/auth-dns.yaml +++ b/inventories/chaosknoten/host_vars/auth-dns.yaml @@ -10,9 +10,6 @@ knot__catalog_zones: - domain: "hamburg.ccc.de.catalog." knot__zones: - # - domain: "hamburg.ccc.de." - # catalog_member: "hamburg.ccc.de.catalog." - # content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/hamburg.ccc.de.zone') }}" - domain: "hh.ccc.de." catalog_member: "hamburg.ccc.de.catalog." notify_targets: [ "ns-intern.hamburg.ccc.de" ] diff --git a/resources/chaosknoten/auth-dns/zones/0.0.127.in-addr.arpa.zone b/resources/chaosknoten/auth-dns/zones/0.0.127.in-addr.arpa.zone deleted file mode 100644 index 770447b..0000000 --- a/resources/chaosknoten/auth-dns/zones/0.0.127.in-addr.arpa.zone +++ /dev/null @@ -1,12 +0,0 @@ -$ORIGIN 0.0.127.in-addr.arpa. -$TTL 7200 - -@ 1D IN SOA localhost. root.localhost. ( - 42 ; serial (d. adams) - 3H ; refresh - 15M ; retry - 1W ; expiry - 1D ) ; minimum - - 1D IN NS localhost. -1 1D IN PTR localhost. diff --git a/resources/chaosknoten/auth-dns/zones/127.0.0.zone b/resources/chaosknoten/auth-dns/zones/127.0.0.zone deleted file mode 100644 index b9b7bf5..0000000 --- a/resources/chaosknoten/auth-dns/zones/127.0.0.zone +++ /dev/null @@ -1,11 +0,0 @@ -$ORIGIN 0.0.127.in-addr.arpa. - -@ 1D IN SOA localhost. root.localhost. ( - 42 ; serial (d. adams) - 3H ; refresh - 15M ; retry - 1W ; expiry - 1D ) ; minimum - - 1D IN NS localhost. -1 1D IN PTR localhost. diff --git a/resources/chaosknoten/auth-dns/zones/168.192.in-addr.arpa.zone b/resources/chaosknoten/auth-dns/zones/168.192.in-addr.arpa.zone deleted file mode 100644 index 910c596..0000000 --- a/resources/chaosknoten/auth-dns/zones/168.192.in-addr.arpa.zone +++ /dev/null @@ -1,10 +0,0 @@ -$TTL 7200 - -@ IN SOA ns.hamburg.ccc.de. hostmaster.ccc.de. ( - 2016111701 - 10800 - 3600 - 3600000 - 86400 ) - - IN NS ns.hamburg.ccc.de. diff --git a/resources/chaosknoten/auth-dns/zones/17.31.172.in-addr.arpa.zone b/resources/chaosknoten/auth-dns/zones/17.31.172.in-addr.arpa.zone deleted file mode 100644 index dd13af3..0000000 --- a/resources/chaosknoten/auth-dns/zones/17.31.172.in-addr.arpa.zone +++ /dev/null @@ -1,49 +0,0 @@ -$TTL 7200 - -@ IN SOA auth-dns.hamburg.ccc.de. noc.hamburg.ccc.de. ( - 2025020101 - 10800 - 3600 - 3600000 - 86400 ) - - IN NS ns-intern.hamburg.ccc.de. - -1 IN PTR turing-vzhost.hamburg.ccc.de. -14 IN PTR attraktor-intern.hamburg.ccc.de. -53 IN PTR ns-intern.hamburg.ccc.de. -122 IN PTR oldturing.hamburg.ccc.de. -129 IN PTR turing-router.hamburg.ccc.de. -131 IN PTR officemail.hh.ccc.de. -132 IN PTR turing-new.hamburg.ccc.de. -133 IN PTR gitlab-intern.hamburg.ccc.de. -134 IN PTR jabber-intern.hamburg.ccc.de. -135 IN PTR turing-db.hamburg.ccc.de. -136 IN PTR chaosvpn-dns.hamburg.ccc.de. -137 IN PTR attraktor-intern2.hamburg.ccc.de. -138 IN PTR gitlab-test-intern.hamburg.ccc.de. -139 IN PTR gitlab-runner.hamburg.ccc.de. -142 IN PTR turing-intern2.hamburg.ccc.de. -143 IN PTR cloud-intern.hamburg.ccc.de. -144 IN PTR keycloak-intern.hamburg.ccc.de. -145 IN PTR grafana-intern.hamburg.ccc.de. -146 IN PTR wiki-intern.hamburg.ccc.de. -147 IN PTR onlyoffice-intern.hamburg.ccc.de. -148 IN PTR tickets-intern.hamburg.ccc.de. -149 IN PTR netbox-intern.hamburg.ccc.de. -150 IN PTR matrix-intern.hamburg.ccc.de. -151 IN PTR public-web-static-intern.hamburg.ccc.de. -152 IN PTR zammad-intern.hamburg.ccc.de. -153 IN PTR ns-intern2.hamburg.ccc.de. -156 IN PTR ccchoir-intern.hamburg.ccc.de. -157 IN PTR pretalx-intern.hamburg.ccc.de. -163 IN PTR renovate-forgejo.hamburg.ccc.de -180 IN PTR rproxy-intern.hamburg.ccc.de. -199 IN PTR template.hamburg.ccc.de. -201 IN PTR cow-intern.hamburg.ccc.de. -202 IN PTR forgejo-runner-builder.hamburg.ccc.de. -202 IN PTR forgejo-runner-ubuntu.hamburg.ccc.de. -204 IN PTR eh22hub-intern.hamburg.ccc.de. -212 IN PTR eh20-intern.hamburg.ccc.de. -213 IN PTR cryptoparty-intern.hamburg.ccc.de. -254 IN PTR chaosknoten.hamburg.ccc.de. diff --git a/resources/chaosknoten/auth-dns/zones/Makefile b/resources/chaosknoten/auth-dns/zones/Makefile deleted file mode 100644 index d3b6687..0000000 --- a/resources/chaosknoten/auth-dns/zones/Makefile +++ /dev/null @@ -1,93 +0,0 @@ - -CHANGED = $(shell git diff --name-only --relative -- '*.zone' ) - -export GIT_AUTHOR_NAME = "Bind Makefile" -#export GIT_AUTHOR_EMAIL = "$(shell whoami)@$(shell hostname -f)" -#export GIT_COMMITTER_NAME = $(GIT_AUTHOR_NAME) -#export GIT_COMMITTER_EMAIL = $(GIT_AUTHOR_EMAIL) - -all: rollover -install: rollover - -rollover: autoserial diff check reload eof - - -diff: - @echo "Diff Zones... " - @git diff -U0 -- $(CHANGED) \ - | grep -a -v -E '^(diff |index |---|@@)' \ - | sed -e 's/^[+]* .\/\([^ ]*\).*/=> \1/' - -autoserial: - @for file in $(CHANGED); do \ - perl -p -i -e 'if ($$p =~ /[\t\s]+IN[\t\s]+SOA[\t\s]+/) { $$stamp = sprintf("%4.4d%02.2d%02.2d", (localtime)[5]+1900, (localtime)[4]+1, (localtime)[3]); $$count = (/$$stamp([0-9]{2})/)? $$1 + 1: 1; s/[0-9]+/sprintf("%s%02.2d", $$stamp, $$count)/e; } $$p = $$_;' $$file; \ - done - -check: - @echo "Checking Configs... " - @if ! named-checkconf /etc/bind/named.conf; then \ - echo "FIX THE ERROR AND TRY AGAIN"; \ - exit 1 ; \ - fi - - @echo "Checking Zones... " - @named-checkconf -j -p /etc/bind/named.conf \ - | perl -e 'my $$zone = ""; while (<>) { if (/^\s+zone\s+\"(.*)\"/) { $$zone = $$1; } elsif (($$zone ne "") && /^\s+file\s+\"(.*?)\"/) { print "$$zone $$1\n"; $$zone = ""; } }' \ - | sort \ - | uniq \ - | while read zone file; do \ - echo "FOO: zone: $$zone file: $$file"; \ - if [ -z "$$file" -o "$$zone" = "key" ] ; then \ - continue ; \ - fi ; \ - if echo -n "$$zone" | grep -q -E '(sc-eur.com|db.root|named.dump|named.stats)'; then \ - continue; \ - fi; \ - if ! named-checkzone -q -i "full" $$zone $$file; then \ - named-checkzone -i "full" $$zone $$file; \ - echo "FIX THE ERROR AND TRY AGAIN"; \ - exit 1 ; \ - fi; \ - done - -#@echo "Checking CNAMEs and PTRs... " -#@grep -l -E '.*(PTR|CNAME).*[^.]*[.][^.]*[^.]$$' *.* \ -#| grep -v '\.sh$$' \ -#| while read file; do \ -# echo "$$file: DO NOT FORGET THE LAST DOT"; \ -# grep -E '.*(PTR|CNAME).*[^.]*[.][^.]*[^.]$$' $$file; \ -# exit 1 ; \ -#done - -reload: - @while [ "$$answer" = "" ]; do \ - echo -n "Do you want to reload all zones ? [yes] "; \ - read answer; \ - case $$answer in \ - [Yy]|[Yy][Ee][Ss]) \ - answer="yes"; \ - break; \ - ;; \ - [Nn]|[Nn][Oo]) \ - answer="no"; \ - break; \ - ;; \ - "") \ - answer="yes"; \ - break; \ - ;; \ - *) \ - answer=""; \ - ;; \ - esac; \ - done; \ - if [ "$$answer" = "yes" ]; then \ - etckeeper commit "Changed DNS Zones: $(CHANGED)" ; \ - rndc reload; \ - else \ - echo "Server reload aborted"; \ - exit 1 ; \ - fi - -eof: - @echo "DONE -- That's all folks!" diff --git a/resources/chaosknoten/auth-dns/zones/localhost.zone b/resources/chaosknoten/auth-dns/zones/localhost.zone deleted file mode 100644 index 0ef6b01..0000000 --- a/resources/chaosknoten/auth-dns/zones/localhost.zone +++ /dev/null @@ -1,12 +0,0 @@ -$ORIGIN localhost. -$TTL 7200 - -@ 1D IN SOA @ root ( - 42 ; serial (d. adams) - 3H ; refresh - 15M ; retry - 1W ; expiry - 1D ) ; minimum - - 1D IN NS @ - 1D IN A 127.0.0.1 diff --git a/resources/chaosknoten/auth-dns/zones/old-old/ccc.zone b/resources/chaosknoten/auth-dns/zones/old-old/ccc.zone deleted file mode 100644 index cd64c12..0000000 --- a/resources/chaosknoten/auth-dns/zones/old-old/ccc.zone +++ /dev/null @@ -1,61 +0,0 @@ -$ORIGIN ccc. -$TTL 7200 -@ IN SOA turing.hamburg.ccc.de. haegar.ccc.de. ( - 2002101507 - 10800 - 3600 - 3600000 - 86400 ) - - IN NS turing.hamburg.ccc.de. - -localhost IN A 127.0.0.1 - -www IN A 195.21.255.248 - -hh IN NS ccchh.hh.ccc. - IN NS turing.hamburg.ccc.de. -ccchh.hh IN A 192.168.16.2 - -vpn.hh IN NS turing.hamburg.ccc.de. - -; haegar: -sdinet IN NS ns.sdinet.ccc. -ns.sdinet IN A 192.168.18.41 - -; falk: -valhalla IN NS thor.valhalla.ccc. -thor.valhalla IN A 192.168.21.1 - -; jeedi: -ghetto IN NS semaphore.ghetto.ccc. -semaphore.ghetto IN A 192.168.20.2 - -; count -flatline IN NS aleph.flatline.de. -flatline IN NS pulse.flatline.de. - -; thalunil (Alex Bihlmaier) -core.kallisti IN A 194.122.183.51 -fnord IN NS core.kallisti -kallisti IN NS core.kallisti - -; sz -vogsphere IN A 212.12.48.51 -datenknoten IN A 212.12.48.49 -znet IN NS datenknoten.ccc. -sz IN NS datenknoten.ccc. -chaos IN NS datenknoten.ccc. -funk IN NS datenknoten.ccc. -presse IN NS datenknoten.ccc. -weltregierung IN NS datenknoten.ccc. - -; migri -migri IN CNAME migri.homeip.net. - -; Enno -enno IN CNAME home.verbrennung.org. - -; Dennis -desc IN NS freya.ainex.net. - diff --git a/resources/chaosknoten/auth-dns/zones/old-old/vpn.hh.ccc.zone b/resources/chaosknoten/auth-dns/zones/old-old/vpn.hh.ccc.zone deleted file mode 100644 index cc76768..0000000 --- a/resources/chaosknoten/auth-dns/zones/old-old/vpn.hh.ccc.zone +++ /dev/null @@ -1,37 +0,0 @@ -$ORIGIN vpn.hh.ccc. -$TTL 7200 - -@ IN SOA vpn.hh.ccc. haegar.ccc.de. ( - 2002101502 - 10800 - 3600 - 3600000 - 86400 ) - - IN NS turing.hamburg.ccc.de. - -localhost IN A 127.0.0.1 - -network IN A 192.168.0.64 -fwhh IN A 192.168.0.65 -worf IN A 192.168.0.66 -sdinet-cut IN A 192.168.0.67 -migri IN A 192.168.0.68 -cemil IN A 192.168.0.69 -fw IN A 192.168.0.70 -fw-server IN A 192.168.0.71 - -broadcast IN A 192.168.0.127 - -net.znet IN A 192.168.23.0 -gate.znet IN A 192.168.23.23 -bc.znet IN A 192.168.23.255 - -net.no-maam IN A 192.168.24.0 -gate.no-maam IN A 192.168.24.1 -bc.no-maam IN A 192.168.24.255 - -net.loom IN A 192.168.33.0 -gate.loom IN A 192.168.33.1 -bc.loom IN A 192.168.33.255 - From 291ebce9434459f04b7b5b87cf4b369be1fb026d Mon Sep 17 00:00:00 2001 From: June Date: Wed, 6 May 2026 14:42:34 +0200 Subject: [PATCH 19/27] router(host): configure public (v4) network --- .../chaosknoten/router/nftables/nftables.conf | 15 ++++++++---- .../systemd_networkd/10-net0.5-public.netdev | 6 +++++ .../router/systemd_networkd/20-net0.network | 2 +- .../systemd_networkd/21-net0.5-public.network | 23 +++++++++++++++++++ 4 files changed, 40 insertions(+), 6 deletions(-) create mode 100644 resources/chaosknoten/router/systemd_networkd/10-net0.5-public.netdev create mode 100644 resources/chaosknoten/router/systemd_networkd/21-net0.5-public.network diff --git a/resources/chaosknoten/router/nftables/nftables.conf b/resources/chaosknoten/router/nftables/nftables.conf index ca62a97..b9978d8 100644 --- a/resources/chaosknoten/router/nftables/nftables.conf +++ b/resources/chaosknoten/router/nftables/nftables.conf @@ -7,14 +7,19 @@ define if_net1_v4_wan = "net1" define if_net2_v6_wan = "net2" define if_net0_2_v4_nat = "net0.2" define if_net0_3_ci_runner = "net0.3" +define if_net0_5_public = "net0.5" # Interface Groups define wan_ifs = { $if_net1_v4_wan, $if_net2_v6_wan } define lan_ifs = { $if_net0_2_v4_nat, - $if_net0_3_ci_runner } -# define v4_exposed_ifs = { } -define v6_exposed_ifs = { $if_net0_2_v4_nat } + $if_net0_3_ci_runner, + $if_net0_5_public } +define v4_exposed_ifs = { $if_net0_5_public } +define v6_exposed_ifs = { $if_net0_2_v4_nat, + $if_net0_5_public } +define v4_nat_ifs = { $if_net0_2_v4_nat, + $if_net0_3_ci_runner } ## Rules @@ -73,7 +78,7 @@ table ip v4nat { chain postrouting { type nat hook postrouting priority srcnat; policy accept; - oifname $if_net1_v4_wan masquerade + iifname $v4_nat_ifs oifname $if_net1_v4_wan masquerade } } @@ -89,7 +94,7 @@ table inet forward { meta nfproto ipv4 iifname $lan_ifs oifname $if_net1_v4_wan accept comment "allow v4 internet access" # Allow access to exposed networks from internet. - # meta nfproto ipv4 oifname $v4_exposed_ifs accept comment "allow v4 exposed network access" + meta nfproto ipv4 oifname $v4_exposed_ifs accept comment "allow v4 exposed network access" meta nfproto ipv6 oifname $v6_exposed_ifs accept comment "allow v6 exposed network access" } } diff --git a/resources/chaosknoten/router/systemd_networkd/10-net0.5-public.netdev b/resources/chaosknoten/router/systemd_networkd/10-net0.5-public.netdev new file mode 100644 index 0000000..be3c9d9 --- /dev/null +++ b/resources/chaosknoten/router/systemd_networkd/10-net0.5-public.netdev @@ -0,0 +1,6 @@ +[NetDev] +Name=net0.5 +Kind=vlan + +[VLAN] +Id=5 diff --git a/resources/chaosknoten/router/systemd_networkd/20-net0.network b/resources/chaosknoten/router/systemd_networkd/20-net0.network index a32d75e..a9104ff 100644 --- a/resources/chaosknoten/router/systemd_networkd/20-net0.network +++ b/resources/chaosknoten/router/systemd_networkd/20-net0.network @@ -7,6 +7,6 @@ RequiredForOnline=no [Network] VLAN=net0.2 VLAN=net0.3 +VLAN=net0.5 LinkLocalAddressing=no - diff --git a/resources/chaosknoten/router/systemd_networkd/21-net0.5-public.network b/resources/chaosknoten/router/systemd_networkd/21-net0.5-public.network new file mode 100644 index 0000000..2a7b0db --- /dev/null +++ b/resources/chaosknoten/router/systemd_networkd/21-net0.5-public.network @@ -0,0 +1,23 @@ +[Match] +Name=net0.5 +Type=vlan + +[Link] +RequiredForOnline=no + +[Network] +Description=public + +# Masquerading done in nftables (nftables.conf). +IPv6SendRA=yes + +[Address] +Address=212.12.50.209/29 + +[IPv6SendRA] +UplinkInterface=net2 + +[IPv6Prefix] +Prefix=2a00:14b0:42:105::/64 +Assign=true +Token=static:::1 From 50beedbc629743dde2dc4a052cd66b4c065496b6 Mon Sep 17 00:00:00 2001 From: lilly Date: Wed, 6 May 2026 15:51:08 +0200 Subject: [PATCH 20/27] configure metric scraping from knot on auth-dns --- .../chaosknoten/host_vars/auth-dns.yaml | 2 ++ inventories/chaosknoten/hosts.yaml | 1 + .../auth-dns/alloy/knot-exporter.alloy | 6 ++++++ roles/knot/handlers/main.yaml | 8 +++++++ roles/knot/tasks/03-configure-exporter.yaml | 21 +++++++++++++++++++ roles/knot/tasks/main.yaml | 1 + roles/knot/templates/knot-exporter.service.j2 | 17 +++++++++++++++ 7 files changed, 56 insertions(+) create mode 100644 resources/chaosknoten/auth-dns/alloy/knot-exporter.alloy create mode 100644 roles/knot/tasks/03-configure-exporter.yaml create mode 100644 roles/knot/templates/knot-exporter.service.j2 diff --git a/inventories/chaosknoten/host_vars/auth-dns.yaml b/inventories/chaosknoten/host_vars/auth-dns.yaml index bff4b10..970e2f8 100644 --- a/inventories/chaosknoten/host_vars/auth-dns.yaml +++ b/inventories/chaosknoten/host_vars/auth-dns.yaml @@ -1,6 +1,8 @@ --- deploy_systemd_resolved_config__enable: false +alloy_config_additional: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/auth-dns/alloy/knot-exporter.alloy') }}" + knot__dnssec_key_id: "auth-dns.hamburg.ccc.de-1" knot__remotes: - id: ns-intern.hamburg.ccc.de diff --git a/inventories/chaosknoten/hosts.yaml b/inventories/chaosknoten/hosts.yaml index a6cea9b..9dab323 100644 --- a/inventories/chaosknoten/hosts.yaml +++ b/inventories/chaosknoten/hosts.yaml @@ -224,6 +224,7 @@ alloy_hosts: spaceapiccc: www2: www3: + auth-dns: infrastructure_authorized_keys_hosts: hosts: ccchoir: diff --git a/resources/chaosknoten/auth-dns/alloy/knot-exporter.alloy b/resources/chaosknoten/auth-dns/alloy/knot-exporter.alloy new file mode 100644 index 0000000..1e532a1 --- /dev/null +++ b/resources/chaosknoten/auth-dns/alloy/knot-exporter.alloy @@ -0,0 +1,6 @@ +prometheus.scrape "knot_exporter" { + targets = [ + {"__address__" = "localhost:9433", "instance" = "{{ ansible_facts['hostname'] }}"}, + ] + forward_to = [ prometheus.relabel.chaosknoten_common.receiver ] +} diff --git a/roles/knot/handlers/main.yaml b/roles/knot/handlers/main.yaml index f89fedd..38fce75 100644 --- a/roles/knot/handlers/main.yaml +++ b/roles/knot/handlers/main.yaml @@ -11,3 +11,11 @@ become: true changed_when: true ansible.builtin.command: "netplan apply" + +- name: restart knot-exporter + tags: [ auth-dns ] + become: true + ansible.builtin.systemd: + name: knot-exporter.service + state: restarted + daemon_reload: true diff --git a/roles/knot/tasks/03-configure-exporter.yaml b/roles/knot/tasks/03-configure-exporter.yaml new file mode 100644 index 0000000..db5d830 --- /dev/null +++ b/roles/knot/tasks/03-configure-exporter.yaml @@ -0,0 +1,21 @@ +- name: Deploy knot-exporter systemd unit + tags: [ auth-dns ] + become: true + register: deploy_service_file + notify: restart knot-exporter + ansible.builtin.template: + src: knot-exporter.service.j2 + dest: /etc/systemd/system/knot-exporter.service + owner: root + group: root + mode: u=rw,g=r,o=r + +- name: Ensure knot-exporter is running and enabled + tags: [ auth-dns ] + become: true + ansible.builtin.systemd: + name: knot-exporter.service + state: started + enabled: true + daemon_reload: "{{ deploy_service_file.changed }}" + diff --git a/roles/knot/tasks/main.yaml b/roles/knot/tasks/main.yaml index cdf9511..bdf5cf7 100644 --- a/roles/knot/tasks/main.yaml +++ b/roles/knot/tasks/main.yaml @@ -1,3 +1,4 @@ --- - ansible.builtin.import_tasks: 01-install.yaml # noqa: name[missing] - ansible.builtin.import_tasks: 02-configure.yaml # noqa: name[missing] +- ansible.builtin.import_tasks: 03-configure-exporter.yaml # noqa: name[missing] diff --git a/roles/knot/templates/knot-exporter.service.j2 b/roles/knot/templates/knot-exporter.service.j2 new file mode 100644 index 0000000..1246694 --- /dev/null +++ b/roles/knot/templates/knot-exporter.service.j2 @@ -0,0 +1,17 @@ +# {{ ansible_managed }} +[Unit] +Description=knot prometheus exporter +Wants=network.target +Before=alloy.service +After=network.target + +[Service] +User=knot +ExecStart=/usr/sbin/knot-exporter +ReadWritePaths=/run/knot/ +ProtectSystem=strict +ProtectHome=true +PrivateTmp=true +PrivateDevices=true +PrivateIPC=true + From bc4df9a3f40c1cfa06c0f80927ea13af2f8f0909 Mon Sep 17 00:00:00 2001 From: lilly Date: Thu, 7 May 2026 23:45:48 +0200 Subject: [PATCH 21/27] fix ansible-lint warnings of knot role --- roles/knot/tasks/03-configure-exporter.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/roles/knot/tasks/03-configure-exporter.yaml b/roles/knot/tasks/03-configure-exporter.yaml index db5d830..4254acb 100644 --- a/roles/knot/tasks/03-configure-exporter.yaml +++ b/roles/knot/tasks/03-configure-exporter.yaml @@ -1,7 +1,7 @@ - name: Deploy knot-exporter systemd unit tags: [ auth-dns ] become: true - register: deploy_service_file + register: knot_deploy_service_file notify: restart knot-exporter ansible.builtin.template: src: knot-exporter.service.j2 @@ -17,5 +17,4 @@ name: knot-exporter.service state: started enabled: true - daemon_reload: "{{ deploy_service_file.changed }}" - + daemon_reload: "{{ knot_deploy_service_file.changed }}" From 595b19375a9ce442cafb23f10e78bc3023502a8d Mon Sep 17 00:00:00 2001 From: lilly Date: Thu, 7 May 2026 23:59:50 +0200 Subject: [PATCH 22/27] replace primary NS in all zones except *.hamburg.ccc.de zones --- .../2.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone | 2 +- .../zones/3.2.0.0.0.0.0.f.0.b.4.1.0.0.a.2.ip6.arpa.zone | 2 +- .../3.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone | 2 +- .../4.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone | 2 +- .../5.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone | 2 +- .../6.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone | 2 +- resources/chaosknoten/auth-dns/zones/ccchh.net.zone | 3 ++- resources/chaosknoten/auth-dns/zones/eh20.easterhegg.eu.zone | 2 +- resources/chaosknoten/auth-dns/zones/eh22.easterhegg.eu.zone | 2 +- 9 files changed, 10 insertions(+), 9 deletions(-) diff --git a/resources/chaosknoten/auth-dns/zones/2.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone b/resources/chaosknoten/auth-dns/zones/2.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone index d7e02c3..baacd63 100644 --- a/resources/chaosknoten/auth-dns/zones/2.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone +++ b/resources/chaosknoten/auth-dns/zones/2.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone @@ -7,7 +7,7 @@ $TTL 7200 3600000 86400 ) - IN NS ns.hamburg.ccc.de. + IN NS auth-dns.hamburg.ccc.de. IN NS ns.vie.ccc.de. ; 2a00:14b0:4200:3000:122::1 diff --git a/resources/chaosknoten/auth-dns/zones/3.2.0.0.0.0.0.f.0.b.4.1.0.0.a.2.ip6.arpa.zone b/resources/chaosknoten/auth-dns/zones/3.2.0.0.0.0.0.f.0.b.4.1.0.0.a.2.ip6.arpa.zone index 59fc28f..e06c4a2 100644 --- a/resources/chaosknoten/auth-dns/zones/3.2.0.0.0.0.0.f.0.b.4.1.0.0.a.2.ip6.arpa.zone +++ b/resources/chaosknoten/auth-dns/zones/3.2.0.0.0.0.0.f.0.b.4.1.0.0.a.2.ip6.arpa.zone @@ -7,7 +7,7 @@ $TTL 7200 3600000 86400 ) - IN NS ns.hamburg.ccc.de. + IN NS auth-dns.hamburg.ccc.de. IN NS ns.vie.ccc.de. ; ccchh firewall / tunnelendpunkte: diff --git a/resources/chaosknoten/auth-dns/zones/3.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone b/resources/chaosknoten/auth-dns/zones/3.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone index a14e026..6972a51 100644 --- a/resources/chaosknoten/auth-dns/zones/3.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone +++ b/resources/chaosknoten/auth-dns/zones/3.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone @@ -7,7 +7,7 @@ $TTL 7200 3600000 86400 ) - IN NS ns.hamburg.ccc.de. + IN NS auth-dns.hamburg.ccc.de. IN NS ns.vie.ccc.de. ; 2a00:14b0:4200:3000:123::1 diff --git a/resources/chaosknoten/auth-dns/zones/4.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone b/resources/chaosknoten/auth-dns/zones/4.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone index 1a8fb86..a43bc06 100644 --- a/resources/chaosknoten/auth-dns/zones/4.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone +++ b/resources/chaosknoten/auth-dns/zones/4.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone @@ -7,7 +7,7 @@ $TTL 7200 3600000 86400 ) - IN NS ns.hamburg.ccc.de. + IN NS auth-dns.hamburg.ccc.de. IN NS ns.vie.ccc.de. ; 2a00:14b0:4200:3000:124::1 diff --git a/resources/chaosknoten/auth-dns/zones/5.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone b/resources/chaosknoten/auth-dns/zones/5.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone index d46cc3c..b03dcc7 100644 --- a/resources/chaosknoten/auth-dns/zones/5.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone +++ b/resources/chaosknoten/auth-dns/zones/5.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone @@ -7,7 +7,7 @@ $TTL 7200 3600000 86400 ) - IN NS ns.hamburg.ccc.de. + IN NS auth-dns.hamburg.ccc.de. IN NS ns.vie.ccc.de. ; 2a00:14b0:4200:3000:125::1 diff --git a/resources/chaosknoten/auth-dns/zones/6.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone b/resources/chaosknoten/auth-dns/zones/6.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone index 1545084..3de9e09 100644 --- a/resources/chaosknoten/auth-dns/zones/6.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone +++ b/resources/chaosknoten/auth-dns/zones/6.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone @@ -7,7 +7,7 @@ $TTL 7200 3600000 86400 ) - IN NS ns.hamburg.ccc.de. + IN NS auth-dns.hamburg.ccc.de. IN NS ns.vie.ccc.de. ; 2a00:14b0:4200:3000:126::1 diff --git a/resources/chaosknoten/auth-dns/zones/ccchh.net.zone b/resources/chaosknoten/auth-dns/zones/ccchh.net.zone index b112bc8..40d4c94 100644 --- a/resources/chaosknoten/auth-dns/zones/ccchh.net.zone +++ b/resources/chaosknoten/auth-dns/zones/ccchh.net.zone @@ -7,8 +7,9 @@ ccchh.net IN SOA auth-dns.hamburg.ccc.de. noc.hamburg.ccc.de. ( 3600000 ; expire (5 weeks 6 days 16 hours) 7200 ; minimum (2 hours) ) + NS auth-dns.hamburg.ccc.de. NS ns.vie.ccc.de. - NS ns.hamburg.ccc.de. + $ORIGIN ccchh.net. aes A 212.12.48.125 club-assistant AAAA 2a07:c481:1:d0::a diff --git a/resources/chaosknoten/auth-dns/zones/eh20.easterhegg.eu.zone b/resources/chaosknoten/auth-dns/zones/eh20.easterhegg.eu.zone index 5103c2a..2820b68 100644 --- a/resources/chaosknoten/auth-dns/zones/eh20.easterhegg.eu.zone +++ b/resources/chaosknoten/auth-dns/zones/eh20.easterhegg.eu.zone @@ -7,7 +7,7 @@ $TTL 7200 3600000 86400 ) - IN NS ns.hamburg.ccc.de. + IN NS auth-dns.hamburg.ccc.de. IN NS ns.vie.ccc.de. IN MX 5 nomail.ccc.de. diff --git a/resources/chaosknoten/auth-dns/zones/eh22.easterhegg.eu.zone b/resources/chaosknoten/auth-dns/zones/eh22.easterhegg.eu.zone index 0d936e6..32d9d04 100644 --- a/resources/chaosknoten/auth-dns/zones/eh22.easterhegg.eu.zone +++ b/resources/chaosknoten/auth-dns/zones/eh22.easterhegg.eu.zone @@ -7,7 +7,7 @@ $TTL 600 3600000 86400 ) - IN NS ns.hamburg.ccc.de. + IN NS auth-dns.hamburg.ccc.de. IN NS ns.vie.ccc.de. IN A 212.12.48.125 From 3c558003a9ae66d8e158899dcd1a34203956d03b Mon Sep 17 00:00:00 2001 From: June Date: Fri, 8 May 2026 21:20:55 +0200 Subject: [PATCH 23/27] auth-dns(host): format hamburg.ccc.de zone file Format zone file as first step of a series of clean-ups. --- .../auth-dns/zones/hamburg.ccc.de.zone | 978 +++++++++--------- 1 file changed, 489 insertions(+), 489 deletions(-) diff --git a/resources/chaosknoten/auth-dns/zones/hamburg.ccc.de.zone b/resources/chaosknoten/auth-dns/zones/hamburg.ccc.de.zone index 02360c9..5c19401 100644 --- a/resources/chaosknoten/auth-dns/zones/hamburg.ccc.de.zone +++ b/resources/chaosknoten/auth-dns/zones/hamburg.ccc.de.zone @@ -7,584 +7,584 @@ ; - haegar 2001.11.14 $TTL 7200 -@ IN SOA auth-dns.hamburg.ccc.de. noc.hamburg.ccc.de. ( - 2026042903 - 10800 - 3600 - 3600000 - 86400 ) +@ IN SOA auth-dns.hamburg.ccc.de. noc.hamburg.ccc.de. ( + 2026042903 + 10800 + 3600 + 3600000 + 86400 ) - IN NS ns.hamburg.ccc.de. - IN NS ns.vie.ccc.de. + IN NS ns.hamburg.ccc.de. + IN NS ns.vie.ccc.de. $TTL 60 - IN MX 10 cow.hamburg.ccc.de. -; IN MX 10 local-mail.hamburg.ccc.de. + IN MX 10 cow.hamburg.ccc.de. +; IN MX 10 local-mail.hamburg.ccc.de. $TTL 7200 - IN TXT "v=spf1 mx ip4:212.12.51.133 ip6:2a00:14b0:f000:23:51:133:0:1 ip4:212.12.48.122 ip6:2a00:14b0:4200:3000:122::1 -all" + IN TXT "v=spf1 mx ip4:212.12.51.133 ip6:2a00:14b0:f000:23:51:133:0:1 ip4:212.12.48.122 ip6:2a00:14b0:4200:3000:122::1 -all" - IN A 212.12.48.125 - IN AAAA 2a00:14b0:4200:3000:125::1 + IN A 212.12.48.125 + IN AAAA 2a00:14b0:4200:3000:125::1 -dkim._domainkey IN TXT ("v=DKIM1;k=rsa;t=s;s=email;" - "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4wZRajtsQTrVgXco7" - "1E2T+UDRxzzXJ+0F7m1UHiPpsjGQJ4Njs4Zc6qC21FLxhUIRFURy9mZ2mGk6hnL" - "w6wi0xm0N3MOH8BG/omPfWJcH4C1XXMk6trYSjhKQb4FzNbusAFoldIdwtt/aa/" - "GJBvRD+XYulvuyqolD2SGY62tAiXqls4ik2ZiDrIv+Dglg8b8fD4kzqe/aXlUvD" - "j3hCMHmyjE8mn8lYnS0QfSnV8NlqKwOhF+iwqfrhMI2bZFCQ+td03RtQjaXw5W+" - "30NMcOv6Se4vPDl4nUIBJZ/wP3CBz1k66VShHB+un7SxoUQuW0+oDqN4QHH338b" - "2dDOoBJndwIDAQAB") -_dmarc IN TXT "v=DMARC1;p=none;sp=none;pct=100;rua=mailto:dmarc-report@hamburg.ccc.de;ruf=mailto:dmarc-report@hamburg.ccc.de;ri=86400;aspf=r;adkim=r;fo=1" +dkim._domainkey IN TXT ("v=DKIM1;k=rsa;t=s;s=email;" + "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4wZRajtsQTrVgXco7" + "1E2T+UDRxzzXJ+0F7m1UHiPpsjGQJ4Njs4Zc6qC21FLxhUIRFURy9mZ2mGk6hnL" + "w6wi0xm0N3MOH8BG/omPfWJcH4C1XXMk6trYSjhKQb4FzNbusAFoldIdwtt/aa/" + "GJBvRD+XYulvuyqolD2SGY62tAiXqls4ik2ZiDrIv+Dglg8b8fD4kzqe/aXlUvD" + "j3hCMHmyjE8mn8lYnS0QfSnV8NlqKwOhF+iwqfrhMI2bZFCQ+td03RtQjaXw5W+" + "30NMcOv6Se4vPDl4nUIBJZ/wP3CBz1k66VShHB+un7SxoUQuW0+oDqN4QHH338b" + "2dDOoBJndwIDAQAB") +_dmarc IN TXT "v=DMARC1;p=none;sp=none;pct=100;rua=mailto:dmarc-report@hamburg.ccc.de;ruf=mailto:dmarc-report@hamburg.ccc.de;ri=86400;aspf=r;adkim=r;fo=1" -;_sip._udp IN SRV 10 0 5060 vermittlung -;_sip._tcp IN SRV 10 4 5060 vermittlung -;_sips._tcp IN SRV 10 4 5060 vermittlung +;_sip._udp IN SRV 10 0 5060 vermittlung +;_sip._tcp IN SRV 10 4 5060 vermittlung +;_sips._tcp IN SRV 10 4 5060 vermittlung -_xmpp-client._tcp IN SRV 10 0 5222 jabber -_xmpp-server._tcp IN SRV 10 0 5269 jabber -_xmpp-client._tcp.jabber IN SRV 10 0 5222 jabber -_xmpp-server._tcp.jabber IN SRV 10 0 5269 jabber +_xmpp-client._tcp IN SRV 10 0 5222 jabber +_xmpp-server._tcp IN SRV 10 0 5269 jabber +_xmpp-client._tcp.jabber IN SRV 10 0 5222 jabber +_xmpp-server._tcp.jabber IN SRV 10 0 5269 jabber -localhost IN A 127.0.0.1 +localhost IN A 127.0.0.1 -dante._domainkey IN TXT ( "v=DKIM1;k=rsa;t=s;s=email;" - "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzMLFoEXbD/IgP6TIz2KDZudbnYtcJ4QjdWiwEP5NMvugymzDCiLaKTwNUFycKA1TvW0Y7/x0EEgqcSjfV87GU8xs6qsArgbQWBCs9gPBInbA8LBX9RN/JX30pESh+jGfdNWl7mWkkyVuONUgy/vFHWswJZ72Lg96gyBBCAR1ABC7qM8PYjoFFlRR76PfZNV8YHRBM/1ypQthtjPf" - "NKhV8MksNIXPKhcQwy6/JAVpkUunVpOrsuf2K6RFVMrVNUEtEYkpZUPtnoTYwaB0rRLg0f+InHzKZx2uv6JexyWZOwxsv8Bv1I+jdiEkQMw9kORZ81sv2mcUO+0PubeYVpvWAwIDAQAB" ) -hansenerd._domainkey IN TXT ( "v=DKIM1; k=rsa; " - "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDlxTgmc5Fe2aQc5razQYlk3OBGNePuevJQ7YVp5j5IM0ukBLM1erTR6DLZZvoGd2puKvfjlvejR3GRY4YXeZkCJoS0ZjwpR3Tfy8PzUbPNMt5e/buHGK1v+9E9zrl4vrxgYYYlYqjl1HF1K9oE5yPI1AIeUxzZpduheJASlxr9VwIDAQAB" ) ; +dante._domainkey IN TXT ("v=DKIM1;k=rsa;t=s;s=email;" + "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzMLFoEXbD/IgP6TIz2KDZudbnYtcJ4QjdWiwEP5NMvugymzDCiLaKTwNUFycKA1TvW0Y7/x0EEgqcSjfV87GU8xs6qsArgbQWBCs9gPBInbA8LBX9RN/JX30pESh+jGfdNWl7mWkkyVuONUgy/vFHWswJZ72Lg96gyBBCAR1ABC7qM8PYjoFFlRR76PfZNV8YHRBM/1ypQthtjPf" + "NKhV8MksNIXPKhcQwy6/JAVpkUunVpOrsuf2K6RFVMrVNUEtEYkpZUPtnoTYwaB0rRLg0f+InHzKZx2uv6JexyWZOwxsv8Bv1I+jdiEkQMw9kORZ81sv2mcUO+0PubeYVpvWAwIDAQAB" ) +hansenerd._domainkey IN TXT ("v=DKIM1; k=rsa; " + "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDlxTgmc5Fe2aQc5razQYlk3OBGNePuevJQ7YVp5j5IM0ukBLM1erTR6DLZZvoGd2puKvfjlvejR3GRY4YXeZkCJoS0ZjwpR3Tfy8PzUbPNMt5e/buHGK1v+9E9zrl4vrxgYYYlYqjl1HF1K9oE5yPI1AIeUxzZpduheJASlxr9VwIDAQAB" ) ; ; VMWare ESXi Host: -worker IN A 212.12.48.123 -worker-ipmi IN A 212.12.51.136 +worker IN A 212.12.48.123 +worker-ipmi IN A 212.12.51.136 ; Proxmox Host: -chaosknoten IN A 212.12.48.126 - IN AAAA 2a00:14b0:4200:3000::126:1 -;chaosknoten-ipmi IN A 212.12.51.137; unused public IP -chaosknoten-ipmi IN A 44.128.124.4 +chaosknoten IN A 212.12.48.126 + IN AAAA 2a00:14b0:4200:3000::126:1 +;chaosknoten-ipmi IN A 212.12.51.137; unused public IP +chaosknoten-ipmi IN A 44.128.124.4 ; DMZ-Server: -dmz-net IN A 212.12.50.208 +dmz-net IN A 212.12.50.208 -turing IN A 212.12.48.122 - IN AAAA 2a00:14b0:4200:3000:122::1 - IN MX 10 cow.hamburg.ccc.de. -turing-chaosvpn IN AAAA 2001:6f8:126f:11::3 - IN A 172.31.17.1 -turing-vpn IN CNAME turing-chaosvpn -turing-vpngw IN A 212.12.48.122 - IN AAAA 2a00:14b0:4200:3000:122::1 -turing-vzhost IN A 172.31.17.1 - IN AAAA 2a00:14b0:4200:3000:122::1 - IN MX 10 cow.hamburg.ccc.de. -turing-vzhost2 IN CNAME turing-vzhost -turing-router IN A 172.31.17.129 +turing IN A 212.12.48.122 + IN AAAA 2a00:14b0:4200:3000:122::1 + IN MX 10 cow.hamburg.ccc.de. +turing-chaosvpn IN AAAA 2001:6f8:126f:11::3 + IN A 172.31.17.1 +turing-vpn IN CNAME turing-chaosvpn +turing-vpngw IN A 212.12.48.122 + IN AAAA 2a00:14b0:4200:3000:122::1 +turing-vzhost IN A 172.31.17.1 + IN AAAA 2a00:14b0:4200:3000:122::1 + IN MX 10 cow.hamburg.ccc.de. +turing-vzhost2 IN CNAME turing-vzhost +turing-router IN A 172.31.17.129 -turing-new IN A 172.31.17.132 +turing-new IN A 172.31.17.132 -oldturing IN A 172.31.17.122 - IN AAAA 2a00:14b0:f000:23::122 - IN MX 10 cow.hamburg.ccc.de. -turing-intern IN CNAME oldturing -turing-intern2 IN A 172.31.17.142 - IN AAAA 2a00:14b0:f000:23::122 +oldturing IN A 172.31.17.122 + IN AAAA 2a00:14b0:f000:23::122 + IN MX 10 cow.hamburg.ccc.de. +turing-intern IN CNAME oldturing +turing-intern2 IN A 172.31.17.142 + IN AAAA 2a00:14b0:f000:23::122 -ns IN A 212.12.48.122 - IN AAAA 2a00:14b0:f000:23::53 - IN MX 10 cow.hamburg.ccc.de. -ns-intern IN A 172.31.17.53 - IN AAAA 2a00:14b0:f000:23::53 -ns-intern2 IN A 172.31.17.153 - IN AAAA 2a00:14b0:f000:23::53 +ns IN A 212.12.48.122 + IN AAAA 2a00:14b0:f000:23::53 + IN MX 10 cow.hamburg.ccc.de. +ns-intern IN A 172.31.17.53 + IN AAAA 2a00:14b0:f000:23::53 +ns-intern2 IN A 172.31.17.153 + IN AAAA 2a00:14b0:f000:23::53 -vpn IN A 212.12.48.122 - ; ipv4 only! -www.vpn IN CNAME vpn -cvpn-dns IN A 172.31.0.5 -chaosvpn-dns IN A 172.31.17.136 +vpn IN A 212.12.48.122 + ; ipv4 only! +www.vpn IN CNAME vpn +cvpn-dns IN A 172.31.0.5 +chaosvpn-dns IN A 172.31.17.136 -turing-db IN A 172.31.17.135 - IN MX 10 cow.hamburg.ccc.de. +turing-db IN A 172.31.17.135 + IN MX 10 cow.hamburg.ccc.de. -jabber IN A 212.12.48.122 - IN AAAA 2a00:14b0:f000:23::26 - IN MX 5 nomail.ccc.de. - IN MX 10 cow.hamburg.ccc.de. -jabber-intern IN A 172.31.17.134 - IN AAAA 2a00:14b0:f000:23::26 - IN MX 5 nomail.ccc.de. - IN MX 10 cow.hamburg.ccc.de. +jabber IN A 212.12.48.122 + IN AAAA 2a00:14b0:f000:23::26 + IN MX 5 nomail.ccc.de. + IN MX 10 cow.hamburg.ccc.de. +jabber-intern IN A 172.31.17.134 + IN AAAA 2a00:14b0:f000:23::26 + IN MX 5 nomail.ccc.de. + IN MX 10 cow.hamburg.ccc.de. -gitlab IN A 212.12.48.122 - IN AAAA 2a00:14b0:4200:3000:122::1 - ; ipv6 also has DNAT rules -gitlab-intern IN A 172.31.17.133 - IN AAAA 2a00:14b0:f000:23::133 - IN MX 5 nomail.ccc.de. - IN MX 10 cow.hamburg.ccc.de. +gitlab IN A 212.12.48.122 + IN AAAA 2a00:14b0:4200:3000:122::1 + ; ipv6 also has DNAT rules +gitlab-intern IN A 172.31.17.133 + IN AAAA 2a00:14b0:f000:23::133 + IN MX 5 nomail.ccc.de. + IN MX 10 cow.hamburg.ccc.de. -gitlab-cr IN CNAME gitlab +gitlab-cr IN CNAME gitlab -gitlab-test IN A 212.12.48.122 - IN AAAA 2a00:14b0:4200:3000:122::1 - ; ipv6 also has DNAT rules -gitlab-test-intern IN A 172.31.17.138 - IN AAAA 2a00:14b0:f000:23::138 - IN MX 5 nomail.ccc.de. - IN MX 10 cow.hamburg.ccc.de. +gitlab-test IN A 212.12.48.122 + IN AAAA 2a00:14b0:4200:3000:122::1 + ; ipv6 also has DNAT rules +gitlab-test-intern IN A 172.31.17.138 + IN AAAA 2a00:14b0:f000:23::138 + IN MX 5 nomail.ccc.de. + IN MX 10 cow.hamburg.ccc.de. -gitlab-runner IN A 172.31.17.139 - IN MX 5 nomail.ccc.de. - IN MX 10 cow.hamburg.ccc.de. +gitlab-runner IN A 172.31.17.139 + IN MX 5 nomail.ccc.de. + IN MX 10 cow.hamburg.ccc.de. -lists IN A 212.12.51.132 - IN AAAA 2a00:14b0:f000:23:51:132:0:1 - IN MX 10 lists - IN TXT "v=spf1 mx -all" -dkim._domainkey.lists IN TXT ( "v=DKIM1; h=sha256; k=rsa; " - "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvNlbGPBluV3q3eT1C6nJ" - "8KuSNAx9ycTO0urNkz4In1I2srmK8qPTfqfPU7y5kjHM1oC31+LwVNiyzeIQl" - "cdW00DMTHfzkQAjtdDXgKG5db4Dqw+2wtZfLGvBFOSfV0RspZmSDSN6ON81dk" - "lVABMMOA7Vd8wwIj0ms/gb/+AB0IQIDAQAB" ) -ccchoir-intern IN A 172.31.17.156 +lists IN A 212.12.51.132 + IN AAAA 2a00:14b0:f000:23:51:132:0:1 + IN MX 10 lists + IN TXT "v=spf1 mx -all" +dkim._domainkey.lists IN TXT ("v=DKIM1; h=sha256; k=rsa; " + "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvNlbGPBluV3q3eT1C6nJ" + "8KuSNAx9ycTO0urNkz4In1I2srmK8qPTfqfPU7y5kjHM1oC31+LwVNiyzeIQl" + "cdW00DMTHfzkQAjtdDXgKG5db4Dqw+2wtZfLGvBFOSfV0RspZmSDSN6ON81dk" + "lVABMMOA7Vd8wwIj0ms/gb/+AB0IQIDAQAB" ) +ccchoir-intern IN A 172.31.17.156 -cow IN A 212.12.51.133 - IN AAAA 2a00:14b0:f000:23:51:133:0:1 - IN MX 10 cow -cow-intern IN A 172.31.17.201 -auth-dns IN A 212.12.48.124 -auth-dns IN AAAA 2a00:14b0:4200:3000:124::1 +cow IN A 212.12.51.133 + IN AAAA 2a00:14b0:f000:23:51:133:0:1 + IN MX 10 cow +cow-intern IN A 172.31.17.201 +auth-dns IN A 212.12.48.124 +auth-dns IN AAAA 2a00:14b0:4200:3000:124::1 -cowtest IN MX 10 cow - IN TXT "v=spf1 mx -all" -dkim._domainkey.cowtest IN TXT ("v=DKIM1;k=rsa;t=s;s=email;p=" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy5aAMRgFdGdG+Ewmn" - "OZb8gdCjSSoFjTxu/GW9edVWU0zsRRQT9r6oF82Cn05jEKNra3D8tE48jBaDQ" - "GOAFa4BgjxiIfP/D36CaN2JT5sno3faSBkqaKoBG0zRD2UsNj/ROfHB844BOf" - "AUt4KFMMHUfO03Gu6ps9nq/QBsrR5Iq6sMv9WiftKjh4twS4S+Wz7ZXymY3yd" - "jRLI8r48pASg6IoiByV8kR3r7OZw9dzmNgbTCOEyKaicB4KJDjgJvQut8af8g" - "sYQYTCSPVqkwb5Y+yJNKhQmsYBwUX23x5Yng2gDBY/pjGeWl28SxdGhm8C23a" - "0wVCz4kQGNvcULnrzifwIDAQAB") -_autodiscover._tcp.cowtest IN SRV 0 1 443 cow -_caldavs._tcp.cowtest IN SRV 0 1 443 cow -_caldavs._tcp.cowtest IN TXT "path=/SOGo/dav/" -_carddavs._tcp.cowtest IN SRV 0 1 443 cow -_carddavs._tcp.cowtest IN TXT "path=/SOGo/dav/" -_imap._tcp.cowtest IN SRV 0 1 143 cow -_imaps._tcp.cowtest IN SRV 0 1 993 cow -_pop3._tcp.cowtest IN SRV 0 1 110 cow -_pop3s._tcp.cowtest IN SRV 0 1 995 cow -_sieve._tcp.cowtest IN SRV 0 1 4190 cow -_smtps._tcp.cowtest IN SRV 0 1 465 cow -_submission._tcp.cowtest IN SRV 0 1 587 cow +cowtest IN MX 10 cow + IN TXT "v=spf1 mx -all" +dkim._domainkey.cowtest IN TXT ("v=DKIM1;k=rsa;t=s;s=email;p=" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy5aAMRgFdGdG+Ewmn" + "OZb8gdCjSSoFjTxu/GW9edVWU0zsRRQT9r6oF82Cn05jEKNra3D8tE48jBaDQ" + "GOAFa4BgjxiIfP/D36CaN2JT5sno3faSBkqaKoBG0zRD2UsNj/ROfHB844BOf" + "AUt4KFMMHUfO03Gu6ps9nq/QBsrR5Iq6sMv9WiftKjh4twS4S+Wz7ZXymY3yd" + "jRLI8r48pASg6IoiByV8kR3r7OZw9dzmNgbTCOEyKaicB4KJDjgJvQut8af8g" + "sYQYTCSPVqkwb5Y+yJNKhQmsYBwUX23x5Yng2gDBY/pjGeWl28SxdGhm8C23a" + "0wVCz4kQGNvcULnrzifwIDAQAB") +_autodiscover._tcp.cowtest IN SRV 0 1 443 cow +_caldavs._tcp.cowtest IN SRV 0 1 443 cow +_caldavs._tcp.cowtest IN TXT "path=/SOGo/dav/" +_carddavs._tcp.cowtest IN SRV 0 1 443 cow +_carddavs._tcp.cowtest IN TXT "path=/SOGo/dav/" +_imap._tcp.cowtest IN SRV 0 1 143 cow +_imaps._tcp.cowtest IN SRV 0 1 993 cow +_pop3._tcp.cowtest IN SRV 0 1 110 cow +_pop3s._tcp.cowtest IN SRV 0 1 995 cow +_sieve._tcp.cowtest IN SRV 0 1 4190 cow +_smtps._tcp.cowtest IN SRV 0 1 465 cow +_submission._tcp.cowtest IN SRV 0 1 587 cow -mail IN A 212.12.48.122 - IN MX 10 cow.hamburg.ccc.de. -local-mail IN A 172.31.17.201 ; make hosts with relayhost=local-mail work -;local-mail IN A 212.12.48.122 -; IN AAAA 2a00:14b0:f000:23::122 -; IN MX 10 cow.hamburg.ccc.de. +mail IN A 212.12.48.122 + IN MX 10 cow.hamburg.ccc.de. +local-mail IN A 172.31.17.201 ; make hosts with relayhost=local-mail work +;local-mail IN A 212.12.48.122 +; IN AAAA 2a00:14b0:f000:23::122 +; IN MX 10 cow.hamburg.ccc.de. -jitsi-old IN A 49.12.8.103 - IN AAAA 2a01:4f8:c17:392f::1 -jitsi IN A 212.12.51.139 - IN AAAA 2a00:14b0:f000:23:51:139:0:1 +jitsi-old IN A 49.12.8.103 + IN AAAA 2a01:4f8:c17:392f::1 +jitsi IN A 212.12.51.139 + IN AAAA 2a00:14b0:f000:23:51:139:0:1 -mumble IN A 212.12.51.141 - IN AAAA 2a00:14b0:f000:23:51:141:0:1 +mumble IN A 212.12.51.141 + IN AAAA 2a00:14b0:f000:23:51:141:0:1 -id IN A 212.12.48.125 - IN AAAA 2a00:14b0:4200:3000:125::1 -keycloak-admin IN A 212.12.48.125 - IN AAAA 2a00:14b0:4200:3000:125::1 -invite IN A 212.12.48.125 - IN AAAA 2a00:14b0:4200:3000:125::1 -id IN MX 10 cow - IN TXT "v=spf1 mx -all" -dkim._domainkey.id IN TXT ("v=DKIM1;k=rsa;t=s;s=email;p=" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx6wcQjo7qgb1CMOv5" - "6odc7Ef8rocu3bv3JKBIqL/msuoEFOiXGpPZrwcWQJc7lS5tLTxR5XuP02D3D" - "Vif+8D3R8YzLsNMdLZ5moQacdJK2OFFiet2G3kWjBdKH1em9FwMa0MBWlk6LR" - "YWRgsByFBMNIItwkBmqmNrmrPRneRprLYQCf34McDmkzpzUpFdF5sgmbmDpdX" - "genmqXgBopvmnTeXa+kQnoVgrMyWE41zdWaXrDAtoYye3e31j0Nxhnfg+I7vO" - "XPfmatTH7yieDaLG+3kHjbA3WFyAkb/ZAqZaFM8k6cQJEZb7jDzdKlm1fuPrk" - "YUrfZ1V3pglzdm0QbM4wIDAQAB") +id IN A 212.12.48.125 + IN AAAA 2a00:14b0:4200:3000:125::1 +keycloak-admin IN A 212.12.48.125 + IN AAAA 2a00:14b0:4200:3000:125::1 +invite IN A 212.12.48.125 + IN AAAA 2a00:14b0:4200:3000:125::1 +id IN MX 10 cow + IN TXT "v=spf1 mx -all" +dkim._domainkey.id IN TXT ("v=DKIM1;k=rsa;t=s;s=email;p=" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx6wcQjo7qgb1CMOv5" + "6odc7Ef8rocu3bv3JKBIqL/msuoEFOiXGpPZrwcWQJc7lS5tLTxR5XuP02D3D" + "Vif+8D3R8YzLsNMdLZ5moQacdJK2OFFiet2G3kWjBdKH1em9FwMa0MBWlk6LR" + "YWRgsByFBMNIItwkBmqmNrmrPRneRprLYQCf34McDmkzpzUpFdF5sgmbmDpdX" + "genmqXgBopvmnTeXa+kQnoVgrMyWE41zdWaXrDAtoYye3e31j0Nxhnfg+I7vO" + "XPfmatTH7yieDaLG+3kHjbA3WFyAkb/ZAqZaFM8k6cQJEZb7jDzdKlm1fuPrk" + "YUrfZ1V3pglzdm0QbM4wIDAQAB") -aes-intern IN A 172.31.17.145 -tickets-intern IN A 172.31.17.148 -grafana-intern IN A 172.31.17.145 -loki-intern IN A 172.31.17.145 -eh22-netbox-intern IN A 172.31.17.166 -sunders-intern IN A 172.31.17.170 -renovate-intern IN A 172.31.17.171 -netbox-intern IN A 172.31.17.167 -matrix-intern IN A 172.31.17.150 +aes-intern IN A 172.31.17.145 +tickets-intern IN A 172.31.17.148 +grafana-intern IN A 172.31.17.145 +loki-intern IN A 172.31.17.145 +eh22-netbox-intern IN A 172.31.17.166 +sunders-intern IN A 172.31.17.170 +renovate-intern IN A 172.31.17.171 +netbox-intern IN A 172.31.17.167 +matrix-intern IN A 172.31.17.150 ; have this for compatibility (like references in CI) -public-web-static-intern IN AAAA 2a00:14b0:42:102::17 -pretalx-intern IN A 172.31.17.157 -zammad-intern IN A 172.31.17.152 -nixos-template-intern IN A 172.31.17.200 -git-intern IN A 172.31.17.154 -forgejo-actions-runner-intern IN A 172.31.17.155 -nix-box-june-intern IN A 172.31.17.158 -woodpecker-intern IN A 172.31.17.160 -mjolnir-intern IN A 172.31.17.161 -mjolnir-ng-intern IN A 172.31.17.169 -penpot-intern IN A 172.31.17.162 -penpot-ng-intern IN A 172.31.17.168 -hydra-intern IN A 172.31.17.163 -forgejo-runner-builder IN A 172.31.17.202 -renovate-forgejo IN A 172.31.17.163 -ansible-testing-intern IN A 172.31.17.164 -ntfy-intern IN A 172.31.17.149 -status IN AAAA 2a00:14b0:f001:100::fd -status IN A 212.12.50.253 -design IN A 212.12.48.125 - IN AAAA 2a00:14b0:4200:3000:125::1 - IN MX 10 cow - IN TXT "v=spf1 mx -all" -dkim._domainkey.design IN TXT ("v=DKIM1;k=rsa;t=s;s=email;p=" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtod7q+mkIcZFe512v" - "jzXF0UfGmo8R6UxeJ/MCi/qjjN+sSqn4dohQx3NBhK3UF9/8Ze7FT5znTxeWj" - "Ks+le/dSS4CKxjSFAV1FjcaAqrUaxO1V8+fxcUSVzAQZXUVyNqqv+SAFUVJSE" - "3zZIuJim4F1HVVLvwbLJZ450ns8KQ7n3RNY2+mqQoxo8xmMg2QFOoQKlSYspC" - "TRTV4LM/n5Jm7Mm1F5DwJ+7Ie9s/WvTWKKKUExmoa5SNheGcfybC+sqnJu7L0" - "F5dWFwk0zzQDcVSY2m9qFWPEuO2fZmiB4IoG4yXkooSY2sH9Z8eX2+6i3k/ub" - "qx58Mav6VlkTxsOAdbbQIDAQAB") -hydra IN A 212.12.48.125 -regio-stage IN A 212.12.51.142 - AAAA 2a00:14b0:f000:23:51:142:0:1 +public-web-static-intern IN AAAA 2a00:14b0:42:102::17 +pretalx-intern IN A 172.31.17.157 +zammad-intern IN A 172.31.17.152 +nixos-template-intern IN A 172.31.17.200 +git-intern IN A 172.31.17.154 +forgejo-actions-runner-intern IN A 172.31.17.155 +nix-box-june-intern IN A 172.31.17.158 +woodpecker-intern IN A 172.31.17.160 +mjolnir-intern IN A 172.31.17.161 +mjolnir-ng-intern IN A 172.31.17.169 +penpot-intern IN A 172.31.17.162 +penpot-ng-intern IN A 172.31.17.168 +hydra-intern IN A 172.31.17.163 +forgejo-runner-builder IN A 172.31.17.202 +renovate-forgejo IN A 172.31.17.163 +ansible-testing-intern IN A 172.31.17.164 +ntfy-intern IN A 172.31.17.149 +status IN AAAA 2a00:14b0:f001:100::fd +status IN A 212.12.50.253 +design IN A 212.12.48.125 + IN AAAA 2a00:14b0:4200:3000:125::1 + IN MX 10 cow + IN TXT "v=spf1 mx -all" +dkim._domainkey.design IN TXT ("v=DKIM1;k=rsa;t=s;s=email;p=" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtod7q+mkIcZFe512v" + "jzXF0UfGmo8R6UxeJ/MCi/qjjN+sSqn4dohQx3NBhK3UF9/8Ze7FT5znTxeWj" + "Ks+le/dSS4CKxjSFAV1FjcaAqrUaxO1V8+fxcUSVzAQZXUVyNqqv+SAFUVJSE" + "3zZIuJim4F1HVVLvwbLJZ450ns8KQ7n3RNY2+mqQoxo8xmMg2QFOoQKlSYspC" + "TRTV4LM/n5Jm7Mm1F5DwJ+7Ie9s/WvTWKKKUExmoa5SNheGcfybC+sqnJu7L0" + "F5dWFwk0zzQDcVSY2m9qFWPEuO2fZmiB4IoG4yXkooSY2sH9Z8eX2+6i3k/ub" + "qx58Mav6VlkTxsOAdbbQIDAQAB") +hydra IN A 212.12.48.125 +regio-stage IN A 212.12.51.142 + AAAA 2a00:14b0:f000:23:51:142:0:1 -public-reverse-proxy IN A 212.12.48.125 - IN AAAA 2a00:14b0:4200:3000:125::1 -public-reverse-proxy-intern IN A 172.31.17.140 -router IN A 212.12.48.123 +public-reverse-proxy IN A 212.12.48.125 + IN AAAA 2a00:14b0:4200:3000:125::1 +public-reverse-proxy-intern IN A 172.31.17.140 +router IN A 212.12.48.123 -rproxy IN A 212.12.48.122 - IN AAAA 2a00:14b0:4200:3000:122::1 - IN MX 10 cow.hamburg.ccc.de. -rproxy-intern IN A 172.31.17.180 - IN AAAA 2a00:14b0:f000:23::80 - IN MX 10 cow.hamburg.ccc.de. +rproxy IN A 212.12.48.122 + IN AAAA 2a00:14b0:4200:3000:122::1 + IN MX 10 cow.hamburg.ccc.de. +rproxy-intern IN A 172.31.17.180 + IN AAAA 2a00:14b0:f000:23::80 + IN MX 10 cow.hamburg.ccc.de. -bildungsurlaub IN CNAME rproxy -doku IN CNAME rproxy -test IN CNAME rproxy -www.test IN CNAME rproxy -eh2003 IN CNAME public-reverse-proxy -www.eh2003 IN CNAME public-reverse-proxy -easterhegg2003 IN CNAME public-reverse-proxy -www.easterhegg2003 IN CNAME public-reverse-proxy -eh2005 IN CNAME public-reverse-proxy -www.eh2005 IN CNAME public-reverse-proxy -easterhegg2005 IN CNAME public-reverse-proxy -www.easterhegg2005 IN CNAME public-reverse-proxy -eh2007 IN CNAME public-reverse-proxy -www.eh2007 IN CNAME public-reverse-proxy -eh07 IN CNAME public-reverse-proxy -www.eh07 IN CNAME public-reverse-proxy -easterhegg2007 IN CNAME public-reverse-proxy -www.easterhegg2007 IN CNAME public-reverse-proxy -eh2009 IN CNAME public-reverse-proxy -www.eh2009 IN CNAME public-reverse-proxy -eh09 IN CNAME public-reverse-proxy -www.eh09 IN CNAME public-reverse-proxy -easterhegg2009 IN CNAME public-reverse-proxy -www.easterhegg2009 IN CNAME public-reverse-proxy -eh2011 IN CNAME public-reverse-proxy -www.eh2011 IN CNAME public-reverse-proxy -eh11 IN CNAME public-reverse-proxy -www.eh11 IN CNAME public-reverse-proxy -easterhegg2011 IN CNAME public-reverse-proxy -www.easterhegg2011 IN CNAME public-reverse-proxy -eh20 IN CNAME public-reverse-proxy +bildungsurlaub IN CNAME rproxy +doku IN CNAME rproxy +test IN CNAME rproxy +www.test IN CNAME rproxy +eh2003 IN CNAME public-reverse-proxy +www.eh2003 IN CNAME public-reverse-proxy +easterhegg2003 IN CNAME public-reverse-proxy +www.easterhegg2003 IN CNAME public-reverse-proxy +eh2005 IN CNAME public-reverse-proxy +www.eh2005 IN CNAME public-reverse-proxy +easterhegg2005 IN CNAME public-reverse-proxy +www.easterhegg2005 IN CNAME public-reverse-proxy +eh2007 IN CNAME public-reverse-proxy +www.eh2007 IN CNAME public-reverse-proxy +eh07 IN CNAME public-reverse-proxy +www.eh07 IN CNAME public-reverse-proxy +easterhegg2007 IN CNAME public-reverse-proxy +www.easterhegg2007 IN CNAME public-reverse-proxy +eh2009 IN CNAME public-reverse-proxy +www.eh2009 IN CNAME public-reverse-proxy +eh09 IN CNAME public-reverse-proxy +www.eh09 IN CNAME public-reverse-proxy +easterhegg2009 IN CNAME public-reverse-proxy +www.easterhegg2009 IN CNAME public-reverse-proxy +eh2011 IN CNAME public-reverse-proxy +www.eh2011 IN CNAME public-reverse-proxy +eh11 IN CNAME public-reverse-proxy +www.eh11 IN CNAME public-reverse-proxy +easterhegg2011 IN CNAME public-reverse-proxy +www.easterhegg2011 IN CNAME public-reverse-proxy +eh20 IN CNAME public-reverse-proxy -oldwiki IN CNAME rproxy -nonpublic.wiki IN CNAME rproxy -www.nonpublic.wiki IN CNAME rproxy -planet IN CNAME rproxy -www.planet IN CNAME rproxy -chaos-macht-schule IN CNAME rproxy -www.chaos-macht-schule IN CNAME rproxy +oldwiki IN CNAME rproxy +nonpublic.wiki IN CNAME rproxy +www.nonpublic.wiki IN CNAME rproxy +planet IN CNAME rproxy +www.planet IN CNAME rproxy +chaos-macht-schule IN CNAME rproxy +www.chaos-macht-schule IN CNAME rproxy -branding-resources IN CNAME public-reverse-proxy -element IN CNAME public-reverse-proxy -matrix IN CNAME public-reverse-proxy -mas IN CNAME public-reverse-proxy -element-admin IN CNAME public-reverse-proxy -netbox IN CNAME public-reverse-proxy -woodpecker IN CNAME public-reverse-proxy -onlyoffice IN CNAME public-reverse-proxy -pad IN CNAME public-reverse-proxy -pretalx IN CNAME public-reverse-proxy -spaceapi IN CNAME public-reverse-proxy -staging IN CNAME public-reverse-proxy -wiki IN CNAME public-reverse-proxy -www IN CNAME public-reverse-proxy -ntfy IN CNAME public-reverse-proxy -sunders IN CNAME public-reverse-proxy -spaceapiccc IN CNAME public-reverse-proxy -acmedns IN CNAME public-reverse-proxy -cpuccc IN CNAME public-reverse-proxy -did IN CNAME public-reverse-proxy +branding-resources IN CNAME public-reverse-proxy +element IN CNAME public-reverse-proxy +matrix IN CNAME public-reverse-proxy +mas IN CNAME public-reverse-proxy +element-admin IN CNAME public-reverse-proxy +netbox IN CNAME public-reverse-proxy +woodpecker IN CNAME public-reverse-proxy +onlyoffice IN CNAME public-reverse-proxy +pad IN CNAME public-reverse-proxy +pretalx IN CNAME public-reverse-proxy +spaceapi IN CNAME public-reverse-proxy +staging IN CNAME public-reverse-proxy +wiki IN CNAME public-reverse-proxy +www IN CNAME public-reverse-proxy +ntfy IN CNAME public-reverse-proxy +sunders IN CNAME public-reverse-proxy +spaceapiccc IN CNAME public-reverse-proxy +acmedns IN CNAME public-reverse-proxy +cpuccc IN CNAME public-reverse-proxy +did IN CNAME public-reverse-proxy -auth.acmedns IN NS acmedns.hosts.hamburg.ccc.de. +auth.acmedns IN NS acmedns.hosts.hamburg.ccc.de. -git IN A 212.12.51.136 - IN AAAA 2a00:14b0:f000:23:51:136::1 -git IN MX 10 cow - IN TXT "v=spf1 mx -all" -dkim._domainkey.git IN TXT ("v=DKIM1;k=rsa;t=s;s=email;p=" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsUGmKDns/qokxyz2u" - "lcyKIcs/S+zf+0wHCfhSOK4lLnws8U/wIny5FAW3zM/7TliqIftzZ2B0Cz8W6" - "YvmtgLyKqBzvCSG0dNYyy9TVeGM4HyrmLBbUkQdGGQwmoJTnCe9gT9z6GO9k2" - "uFfHJsk/iffU75x9iXqLXPGL/CGmLKuBmkYGda2rQ9ATUIpQhIxnerZvVc3RA" - "qwD8/pYvMLOqvCStVHM5Zi+j1Jr0BC8mxU8pIY6rfOVt+h/V3wh0F6dL0z9nw" - "ZhDE53K8frGp2CC5dW/A37FrfMJv+ODw2tX8EdyL2hDBshBQ4r8WiYJTtIMPL" - "50A9UzZndyiLAHoeLrZQIDAQAB") -hackertours IN A 212.12.48.125 - IN AAAA 2a00:14b0:4200:3000:125::1 - MX 10 cow.hamburg.ccc.de. - IN TXT "v=spf1 mx -all" -dkim._domainkey.hackertours IN TXT ("v=DKIM1;k=rsa;t=s;s=email;" - "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnG5J6rMvbOy7mmV4mKfN" - "7SSrtxKP/jI0XWwO2njO3jM6DkAGDpmRH69B5sOW/53/yg7MMdGytGfNAk61YJknP+" - "NGZNSk7F2p2aB+zoksLVcIKdY1YwicYS7l6Q7qWBfv8ctmGTzcwO0UEAizD6xdINN8" - "YmhHorgnxR3HbHeUmaxIe4WM2wWRYiD+9tpY1f0O/NEEoHxmFecRhU9SVmuhLgiOyF" - "AWpPYBMOsKEHoKREENc+4VBj6H2GYTKIs+dYKDNEmVVdnRkgtAVO3FrjCkedBJ7RbR" - "RNHIqdt9u8AF+Vrs1Oq72ZQrNVR0ezEyBScJaxy5JphvBWkMSYSoDpvXLwIDAQAB") -staging.hackertours IN A 212.12.48.125 - IN AAAA 2a00:14b0:4200:3000:125::1 -grafana IN A 212.12.48.125 - IN AAAA 2a00:14b0:4200:3000:125::1 -tickets IN A 212.12.48.125 - IN AAAA 2a00:14b0:4200:3000:125::1 -zammad IN A 212.12.48.125 - IN AAAA 2a00:14b0:4200:3000:125::1 +git IN A 212.12.51.136 + IN AAAA 2a00:14b0:f000:23:51:136::1 +git IN MX 10 cow + IN TXT "v=spf1 mx -all" +dkim._domainkey.git IN TXT ("v=DKIM1;k=rsa;t=s;s=email;p=" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsUGmKDns/qokxyz2u" + "lcyKIcs/S+zf+0wHCfhSOK4lLnws8U/wIny5FAW3zM/7TliqIftzZ2B0Cz8W6" + "YvmtgLyKqBzvCSG0dNYyy9TVeGM4HyrmLBbUkQdGGQwmoJTnCe9gT9z6GO9k2" + "uFfHJsk/iffU75x9iXqLXPGL/CGmLKuBmkYGda2rQ9ATUIpQhIxnerZvVc3RA" + "qwD8/pYvMLOqvCStVHM5Zi+j1Jr0BC8mxU8pIY6rfOVt+h/V3wh0F6dL0z9nw" + "ZhDE53K8frGp2CC5dW/A37FrfMJv+ODw2tX8EdyL2hDBshBQ4r8WiYJTtIMPL" + "50A9UzZndyiLAHoeLrZQIDAQAB") +hackertours IN A 212.12.48.125 + IN AAAA 2a00:14b0:4200:3000:125::1 + MX 10 cow.hamburg.ccc.de. + IN TXT "v=spf1 mx -all" +dkim._domainkey.hackertours IN TXT ("v=DKIM1;k=rsa;t=s;s=email;" + "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnG5J6rMvbOy7mmV4mKfN" + "7SSrtxKP/jI0XWwO2njO3jM6DkAGDpmRH69B5sOW/53/yg7MMdGytGfNAk61YJknP+" + "NGZNSk7F2p2aB+zoksLVcIKdY1YwicYS7l6Q7qWBfv8ctmGTzcwO0UEAizD6xdINN8" + "YmhHorgnxR3HbHeUmaxIe4WM2wWRYiD+9tpY1f0O/NEEoHxmFecRhU9SVmuhLgiOyF" + "AWpPYBMOsKEHoKREENc+4VBj6H2GYTKIs+dYKDNEmVVdnRkgtAVO3FrjCkedBJ7RbR" + "RNHIqdt9u8AF+Vrs1Oq72ZQrNVR0ezEyBScJaxy5JphvBWkMSYSoDpvXLwIDAQAB") +staging.hackertours IN A 212.12.48.125 + IN AAAA 2a00:14b0:4200:3000:125::1 +grafana IN A 212.12.48.125 + IN AAAA 2a00:14b0:4200:3000:125::1 +tickets IN A 212.12.48.125 + IN AAAA 2a00:14b0:4200:3000:125::1 +zammad IN A 212.12.48.125 + IN AAAA 2a00:14b0:4200:3000:125::1 -loki IN CNAME grafana.hosts -metrics IN CNAME grafana.hosts +loki IN CNAME grafana.hosts +metrics IN CNAME grafana.hosts ; attraktor openvz vm -attraktor IN A 172.31.17.14 - IN AAAA 2a00:14b0:f000:23:48::14 - IN MX 10 cow.hamburg.ccc.de. -attraktor-intern IN A 172.31.17.14 - IN AAAA 2a00:14b0:f000:23:48::14 - IN MX 10 cow.hamburg.ccc.de. -attraktor-intern2 IN A 172.31.17.137 - IN MX 10 cow.hamburg.ccc.de. +attraktor IN A 172.31.17.14 + IN AAAA 2a00:14b0:f000:23:48::14 + IN MX 10 cow.hamburg.ccc.de. +attraktor-intern IN A 172.31.17.14 + IN AAAA 2a00:14b0:f000:23:48::14 + IN MX 10 cow.hamburg.ccc.de. +attraktor-intern2 IN A 172.31.17.137 + IN MX 10 cow.hamburg.ccc.de. -erfafoo IN A 212.12.51.138 - IN AAAA 2a00:14b0:f000:23:50:210::1 - IN MX 10 cow.hamburg.ccc.de. -local IN CNAME erfafoo -lokal IN CNAME erfafoo +erfafoo IN A 212.12.51.138 + IN AAAA 2a00:14b0:f000:23:50:210::1 + IN MX 10 cow.hamburg.ccc.de. +local IN CNAME erfafoo +lokal IN CNAME erfafoo ; fuer vollkorn: -;webfoo IN A 212.12.51.138 -; IN AAAA 2a00:14b0:4200:3380:138::1 -; IN MX 5 nomail.ccc.de. -; IN MX 10 cow.hamburg.ccc.de. +;webfoo IN A 212.12.51.138 +; IN AAAA 2a00:14b0:4200:3380:138::1 +; IN MX 5 nomail.ccc.de. +; IN MX 10 cow.hamburg.ccc.de. ; chaos macht schule server -cms IN A 212.12.51.131 -www.cms IN CNAME cms -schule IN CNAME cms -www.schule IN CNAME cms +cms IN A 212.12.51.131 +www.cms IN CNAME cms +schule IN CNAME cms +www.schule IN CNAME cms ; Firewall: -ovpn IN A 212.12.48.122 -fwhh-v6 IN A 212.12.50.214 +ovpn IN A 212.12.48.122 +fwhh-v6 IN A 212.12.50.214 ; (irc) nat ip -chaoscafe IN A 212.12.50.209 +chaoscafe IN A 212.12.50.209 -cloud IN A 212.12.48.125 - IN AAAA 2a00:14b0:4200:3000:125::1 -cloud IN MX 10 cow - IN TXT "v=spf1 mx -all" -dkim._domainkey.cloud IN TXT ("v=DKIM1;k=rsa;t=s;s=email;p=" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvr7XIfOFt99cdEKeP" - "Qhz7miwN2tIZF+imJ3p/r/kam0TKN5pbRMDK0HH4Jl8ksBDozXrLo+U71TX+m" - "XBBeNca4QSfmJh6cAesibf4v/6ssGBdQR7efc2b3dFvZS5/qdS7oLYqYbGpuv" - "aUB0gzhatrAR0i6HdtXrsJxGemda4WvZXaPLPwcWByHLZsHQUbaD3doZOJGXI" - "7+HQs9BuDo4PKQs1/mE5BEWQ0ISEKZ4bk1p8U0ZsfcdQ8o9X53Tj+JxvJHgxi" - "h7yHMr4y9hCOAkvZTFZ/Z/r3KU+N+t9NrVYm995KEernSxE3MXYIsdaFKBDvX" - "Xq837yzJmv7D9S9We3YwIDAQAB") +cloud IN A 212.12.48.125 + IN AAAA 2a00:14b0:4200:3000:125::1 +cloud IN MX 10 cow + IN TXT "v=spf1 mx -all" +dkim._domainkey.cloud IN TXT ("v=DKIM1;k=rsa;t=s;s=email;p=" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvr7XIfOFt99cdEKeP" + "Qhz7miwN2tIZF+imJ3p/r/kam0TKN5pbRMDK0HH4Jl8ksBDozXrLo+U71TX+m" + "XBBeNca4QSfmJh6cAesibf4v/6ssGBdQR7efc2b3dFvZS5/qdS7oLYqYbGpuv" + "aUB0gzhatrAR0i6HdtXrsJxGemda4WvZXaPLPwcWByHLZsHQUbaD3doZOJGXI" + "7+HQs9BuDo4PKQs1/mE5BEWQ0ISEKZ4bk1p8U0ZsfcdQ8o9X53Tj+JxvJHgxi" + "h7yHMr4y9hCOAkvZTFZ/Z/r3KU+N+t9NrVYm995KEernSxE3MXYIsdaFKBDvX" + "Xq837yzJmv7D9S9We3YwIDAQAB") ; Mail: hosts.hamburg.ccc.de -hosts IN MX 10 cow - IN TXT "v=spf1 mx -all" -dkim._domainkey.hosts IN TXT ("v=DKIM1;k=rsa;t=s;s=email;p=" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyFnskyCW0420D+5PA" - "L6cKmPoZR2nrPaMPiJl0+DbDhnsLdXtt3cKZkAin2GYQRvZJvlcJ3JFkFljmQ" - "sZk7BJ02rV7S79DgeFhKMzjE0p/GaMBSdzDZJQEVkKhEK+KBbSfaZ0FM/4Qh0" - "beI26kBgbR6bc+SGdB7+LB2JLPxr5ipP0gJ7RtE+QWIoDaU0e9dSYhucJ4A4k" - "RMs3ECvcCVgsyhRPJahs8tzbKjhnp956ru6Jda3Yo/ubhy4AztP/7ZQayCv/W" - "06PfZNo/i2711F98L2ATQaDsOCKWhpskyrCRcR1nTWNSL7qYhOPD1hZonsd5I" - "f5WwrR4meWD3wmXbX29wIDAQAB") +hosts IN MX 10 cow + IN TXT "v=spf1 mx -all" +dkim._domainkey.hosts IN TXT ("v=DKIM1;k=rsa;t=s;s=email;p=" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyFnskyCW0420D+5PA" + "L6cKmPoZR2nrPaMPiJl0+DbDhnsLdXtt3cKZkAin2GYQRvZJvlcJ3JFkFljmQ" + "sZk7BJ02rV7S79DgeFhKMzjE0p/GaMBSdzDZJQEVkKhEK+KBbSfaZ0FM/4Qh0" + "beI26kBgbR6bc+SGdB7+LB2JLPxr5ipP0gJ7RtE+QWIoDaU0e9dSYhucJ4A4k" + "RMs3ECvcCVgsyhRPJahs8tzbKjhnp956ru6Jda3Yo/ubhy4AztP/7ZQayCv/W" + "06PfZNo/i2711F98L2ATQaDsOCKWhpskyrCRcR1nTWNSL7qYhOPD1hZonsd5I" + "f5WwrR4meWD3wmXbX29wIDAQAB") ; Mail: hosts-external.hamburg.ccc.de -external-hosts IN MX 10 cow - IN TXT "v=spf1 mx -all" -dkim._domainkey.external-hosts IN TXT ("v=DKIM1;k=rsa;t=s;s=email;p=" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkfdJvL7Tpdw6JLkuU" - "nOLwtxojWZ5Xq6rLDK3EzrX2Tyeq03nqgQuI3ruHgodHb1D7sieU61x30+g7y" - "8HnjrN1bfH1iQJUzEOCgOWHwQEbLdbQxcazmbEdowBuA0VuYrXL2tcCFJwdcZ" - "MKZAyuba7leeRgSngZJnesT7aaGvZSuzLa1/KaW4MRbOOmy5LlukBC3EZBpWn" - "/dL73spDajlDx4VRMUpZQq/PAoPPwCFdw/HNnzxBYBIdVloeJx91qBRaNyUIb" - "C/to8YSDVi2aMHiXhTBfoNd1VcxjlBYWqEZtdUhecUjwmbbAO4f0ECO4bs0Yz" - "d/EgJB70ry1quA0MqgZQIDAQAB") +external-hosts IN MX 10 cow + IN TXT "v=spf1 mx -all" +dkim._domainkey.external-hosts IN TXT ("v=DKIM1;k=rsa;t=s;s=email;p=" + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkfdJvL7Tpdw6JLkuU" + "nOLwtxojWZ5Xq6rLDK3EzrX2Tyeq03nqgQuI3ruHgodHb1D7sieU61x30+g7y" + "8HnjrN1bfH1iQJUzEOCgOWHwQEbLdbQxcazmbEdowBuA0VuYrXL2tcCFJwdcZ" + "MKZAyuba7leeRgSngZJnesT7aaGvZSuzLa1/KaW4MRbOOmy5LlukBC3EZBpWn" + "/dL73spDajlDx4VRMUpZQq/PAoPPwCFdw/HNnzxBYBIdVloeJx91qBRaNyUIb" + "C/to8YSDVi2aMHiXhTBfoNd1VcxjlBYWqEZtdUhecUjwmbbAO4f0ECO4bs0Yz" + "d/EgJB70ry1quA0MqgZQIDAQAB") ; for thw: -orga IN A 212.12.51.130 - IN MX 23 nomail.ccc.de. - IN MX 42 orga +orga IN A 212.12.51.130 + IN MX 23 nomail.ccc.de. + IN MX 42 orga -shellhost IN A 212.12.51.140 - IN AAAA 2a00:14b0:f000:23:51:140:0:1 - IN MX 5 nomail.ccc.de. - IN MX 10 cow.hamburg.ccc.de. -shells IN CNAME shellhost +shellhost IN A 212.12.51.140 + IN AAAA 2a00:14b0:f000:23:51:140:0:1 + IN MX 5 nomail.ccc.de. + IN MX 10 cow.hamburg.ccc.de. +shells IN CNAME shellhost ; chaos vpn-hub on haegars hetzner machine -vpnhub1 IN A 136.243.3.60 - IN MX 5 nomail.ccc.de. - IN MX 10 mail.sdinet.de. -vpnhub1.ipv4 IN A 136.243.3.60 -vpnhub1-intern IN A 172.31.2.1 +vpnhub1 IN A 136.243.3.60 + IN MX 5 nomail.ccc.de. + IN MX 10 mail.sdinet.de. +vpnhub1.ipv4 IN A 136.243.3.60 +vpnhub1-intern IN A 172.31.2.1 ; special -ccchh IN MX 5 nomail.ccc.de. - IN MX 10 cow.hamburg.ccc.de. +ccchh IN MX 5 nomail.ccc.de. + IN MX 10 cow.hamburg.ccc.de. -office IN CNAME office.hh.ccc.de. -officemail IN CNAME officemail.hh.ccc.de. +office IN CNAME office.hh.ccc.de. +officemail IN CNAME officemail.hh.ccc.de. -template IN A 172.31.17.199 - IN AAAA 2a00:14b0:f000:23::199 - IN MX 10 cow.hamburg.ccc.de. +template IN A 172.31.17.199 + IN AAAA 2a00:14b0:f000:23::199 + IN MX 10 cow.hamburg.ccc.de. -irc IN A 176.56.239.136 - IN AAAA 2a00:d880:8:1::1aa - IN MX 5 nomail.ccc.de. +irc IN A 176.56.239.136 + IN AAAA 2a00:d880:8:1::1aa + IN MX 5 nomail.ccc.de. -;anonymizer IN A 192.162.102.224 -; IN MX 5 nomail.ccc.de. -; IN MX 10 anonymizer -;mixminion IN A 192.162.102.225 -; IN MX 5 nomail.ccc.de. -; IN MX 10 mixminion +;anonymizer IN A 192.162.102.224 +; IN MX 5 nomail.ccc.de. +; IN MX 10 anonymizer +;mixminion IN A 192.162.102.225 +; IN MX 5 nomail.ccc.de. +; IN MX 10 mixminion -cryptoparty IN CNAME public-reverse-proxy -staging.cryptoparty IN CNAME public-reverse-proxy -cryptoparty-intern IN A 172.31.17.213 +cryptoparty IN CNAME public-reverse-proxy +staging.cryptoparty IN CNAME public-reverse-proxy +cryptoparty-intern IN A 172.31.17.213 ; Freifunk Gateways -freifunk-gw01 IN CNAME gw01.hamburg.freifunk.net. -freifunk-gw02 IN CNAME gw02.hamburg.freifunk.net. -freifunk-gw03 IN CNAME gw03.hamburg.freifunk.net. -freifunk-gw04 IN CNAME gw04.hamburg.freifunk.net. -freifunk-gw05 IN CNAME gw05.hamburg.freifunk.net. -freifunk-gw06 IN CNAME gw06.hamburg.freifunk.net. -freifunk-gw07 IN CNAME gw07.hamburg.freifunk.net. -freifunk-gw08 IN CNAME gw08.hamburg.freifunk.net. -freifunk-gw09 IN CNAME gw09.hamburg.freifunk.net. -freifunk-gw10 IN CNAME gw10.hamburg.freifunk.net. -freifunk-gw11 IN CNAME gw11.hamburg.freifunk.net. -freifunk-gw12 IN CNAME gw12.hamburg.freifunk.net. -freifunk-gw13 IN CNAME gw13.hamburg.freifunk.net. -freifunk-gw14 IN CNAME gw14.hamburg.freifunk.net. -freifunk-gw15 IN CNAME gw15.hamburg.freifunk.net. -freifunk-gw16 IN CNAME gw16.hamburg.freifunk.net. -freifunk-gw17 IN CNAME gw17.hamburg.freifunk.net. -freifunk-gw18 IN CNAME gw18.hamburg.freifunk.net. -freifunk-gw19 IN CNAME gw19.hamburg.freifunk.net. -freifunk-gw20 IN CNAME gw20.hamburg.freifunk.net. +freifunk-gw01 IN CNAME gw01.hamburg.freifunk.net. +freifunk-gw02 IN CNAME gw02.hamburg.freifunk.net. +freifunk-gw03 IN CNAME gw03.hamburg.freifunk.net. +freifunk-gw04 IN CNAME gw04.hamburg.freifunk.net. +freifunk-gw05 IN CNAME gw05.hamburg.freifunk.net. +freifunk-gw06 IN CNAME gw06.hamburg.freifunk.net. +freifunk-gw07 IN CNAME gw07.hamburg.freifunk.net. +freifunk-gw08 IN CNAME gw08.hamburg.freifunk.net. +freifunk-gw09 IN CNAME gw09.hamburg.freifunk.net. +freifunk-gw10 IN CNAME gw10.hamburg.freifunk.net. +freifunk-gw11 IN CNAME gw11.hamburg.freifunk.net. +freifunk-gw12 IN CNAME gw12.hamburg.freifunk.net. +freifunk-gw13 IN CNAME gw13.hamburg.freifunk.net. +freifunk-gw14 IN CNAME gw14.hamburg.freifunk.net. +freifunk-gw15 IN CNAME gw15.hamburg.freifunk.net. +freifunk-gw16 IN CNAME gw16.hamburg.freifunk.net. +freifunk-gw17 IN CNAME gw17.hamburg.freifunk.net. +freifunk-gw18 IN CNAME gw18.hamburg.freifunk.net. +freifunk-gw19 IN CNAME gw19.hamburg.freifunk.net. +freifunk-gw20 IN CNAME gw20.hamburg.freifunk.net. -fftest IN A 212.12.51.135 - IN AAAA 2a00:14b0:f000:23::135 +fftest IN A 212.12.51.135 + IN AAAA 2a00:14b0:f000:23::135 ; Shellbordell -colossus IN A 212.12.51.133 +colossus IN A 212.12.51.133 ; generic aliases -LAN-212-12-50-208.dmz-net IN A 212.12.50.208 -ip208 IN A 212.12.50.208 -ip209 IN A 212.12.50.209 -ip210 IN A 212.12.50.210 -ip211 IN A 212.12.50.211 -ip212 IN A 212.12.50.212 -ip213 IN A 212.12.50.213 -ip214 IN A 212.12.50.214 -ENDE-212-12-50-215.dmz-broadcast IN A 212.12.50.215 -ip215 IN A 212.12.50.215 +LAN-212-12-50-208.dmz-net IN A 212.12.50.208 +ip208 IN A 212.12.50.208 +ip209 IN A 212.12.50.209 +ip210 IN A 212.12.50.210 +ip211 IN A 212.12.50.211 +ip212 IN A 212.12.50.212 +ip213 IN A 212.12.50.213 +ip214 IN A 212.12.50.214 +ENDE-212-12-50-215.dmz-broadcast IN A 212.12.50.215 +ip215 IN A 212.12.50.215 ; ChaosVPN -hack IN NS cvpn-dns.hack -cvpn-dns.hack IN A 172.31.0.5 +hack IN NS cvpn-dns.hack +cvpn-dns.hack IN A 172.31.0.5 ; IPv4 Reverse DNS -122.48.12.212.rdns IN PTR turing.hamburg.ccc.de. -123.48.12.212.rdns IN PTR ip-48-123.hamburg.ccc.de. -124.48.12.212.rdns IN PTR ip-48-124.hamburg.ccc.de. -125.48.12.212.rdns IN PTR public-reverse-proxy.hamburg.ccc.de. -126.48.12.212.rdns IN PTR chaosknoten.hamburg.ccc.de. +122.48.12.212.rdns IN PTR turing.hamburg.ccc.de. +123.48.12.212.rdns IN PTR ip-48-123.hamburg.ccc.de. +124.48.12.212.rdns IN PTR ip-48-124.hamburg.ccc.de. +125.48.12.212.rdns IN PTR public-reverse-proxy.hamburg.ccc.de. +126.48.12.212.rdns IN PTR chaosknoten.hamburg.ccc.de. -208.50.12.212.rdns IN PTR net-12-50-212.hamburg.ccc.de. -209.50.12.212.rdns IN PTR turing.hamburg.ccc.de. -;210.50.12.212.rdns IN PTR erfafoo.hamburg.ccc.de. -211.50.12.212.rdns IN PTR ip-50-12-211.hamburg.ccc.de. -213.50.12.212.rdns IN PTR cryptoparty.hamburg.ccc.de. -214.50.12.212.rdns IN PTR ip-50-12-214.hamburg.ccc.de. -215.50.12.212.rdns IN PTR broadcast-12-15-212.hamburg.ccc.de. +208.50.12.212.rdns IN PTR net-12-50-212.hamburg.ccc.de. +209.50.12.212.rdns IN PTR turing.hamburg.ccc.de. +;210.50.12.212.rdns IN PTR erfafoo.hamburg.ccc.de. +211.50.12.212.rdns IN PTR ip-50-12-211.hamburg.ccc.de. +213.50.12.212.rdns IN PTR cryptoparty.hamburg.ccc.de. +214.50.12.212.rdns IN PTR ip-50-12-214.hamburg.ccc.de. +215.50.12.212.rdns IN PTR broadcast-12-15-212.hamburg.ccc.de. -128.51.12.212.rdns IN PTR net-12-51-128.hamburg.ccc.de. -129.51.12.212.rdns IN PTR ip-51-129.hamburg.ccc.de. -130.51.12.212.rdns IN PTR ip-51-130.hamburg.ccc.de. -131.51.12.212.rdns IN PTR cms.hamburg.ccc.de. -132.51.12.212.rdns IN PTR lists.hamburg.ccc.de. -133.51.12.212.rdns IN PTR cow.hamburg.ccc.de. -134.51.12.212.rdns IN PTR srv01.hamburg.freifunk.net. -135.51.12.212.rdns IN PTR fftest.hamburg.ccc.de. -136.51.12.212.rdns IN PTR git.hamburg.ccc.de. -137.51.12.212.rdns IN PTR ip-51-137.hamburg.ccc.de. -138.51.12.212.rdns IN PTR erfafoo.hamburg.ccc.de. -139.51.12.212.rdns IN PTR jitsi.hamburg.ccc.de. -140.51.12.212.rdns IN PTR ip-51-140.hamburg.ccc.de. -141.51.12.212.rdns IN PTR mumble.hamburg.ccc.de. -142.51.12.212.rdns IN PTR regio-stage.hamburg.ccc.de. -143.51.12.212.rdns IN PTR broadcast-12-15-128.hamburg.ccc.de. +128.51.12.212.rdns IN PTR net-12-51-128.hamburg.ccc.de. +129.51.12.212.rdns IN PTR ip-51-129.hamburg.ccc.de. +130.51.12.212.rdns IN PTR ip-51-130.hamburg.ccc.de. +131.51.12.212.rdns IN PTR cms.hamburg.ccc.de. +132.51.12.212.rdns IN PTR lists.hamburg.ccc.de. +133.51.12.212.rdns IN PTR cow.hamburg.ccc.de. +134.51.12.212.rdns IN PTR srv01.hamburg.freifunk.net. +135.51.12.212.rdns IN PTR fftest.hamburg.ccc.de. +136.51.12.212.rdns IN PTR git.hamburg.ccc.de. +137.51.12.212.rdns IN PTR ip-51-137.hamburg.ccc.de. +138.51.12.212.rdns IN PTR erfafoo.hamburg.ccc.de. +139.51.12.212.rdns IN PTR jitsi.hamburg.ccc.de. +140.51.12.212.rdns IN PTR ip-51-140.hamburg.ccc.de. +141.51.12.212.rdns IN PTR mumble.hamburg.ccc.de. +142.51.12.212.rdns IN PTR regio-stage.hamburg.ccc.de. +143.51.12.212.rdns IN PTR broadcast-12-15-128.hamburg.ccc.de. ; hosts.hamburg.ccc.de -wiki.hosts IN AAAA 2a00:14b0:42:102::2 -cloud.hosts IN AAAA 2a00:14b0:42:102::3 -eh22-wiki.hosts IN AAAA 2a00:14b0:42:102::4 -pad.hosts IN AAAA 2a00:14b0:42:102::5 -keycloak.hosts IN AAAA 2a00:14b0:42:102::6 -onlyoffice.hosts IN AAAA 2a00:14b0:42:102::7 -renovate.hosts IN AAAA 2a00:14b0:42:102::8 -sunders.hosts IN AAAA 2a00:14b0:42:102::9 -mjolnir.hosts IN AAAA 2a00:14b0:42:102::a -netbox.hosts IN AAAA 2a00:14b0:42:102::b -tickets.hosts IN AAAA 2a00:14b0:42:102::c -zammad.hosts IN AAAA 2a00:14b0:42:102::d -grafana.hosts IN AAAA 2a00:14b0:42:102::e -ccchoir.hosts IN AAAA 2a00:14b0:42:102::f -pretalx.hosts IN AAAA 2a00:14b0:42:102::10 -ntfy.hosts IN AAAA 2a00:14b0:42:102::11 -spaceapiccc.hosts IN AAAA 2a00:14b0:42:102::12 -acmedns.hosts IN AAAA 2a00:14b0:42:102::13 -www2.hosts IN AAAA 2a00:14b0:42:102::14 -www3.hosts IN AAAA 2a00:14b0:42:102::15 -diday-staging-runner.hosts IN AAAA 2a00:14b0:42:102::16 -public-web-static.hosts IN AAAA 2a00:14b0:42:102::17 -forgejo-actions-runner.hosts IN AAAA 2a00:14b0:42:102::18 +wiki.hosts IN AAAA 2a00:14b0:42:102::2 +cloud.hosts IN AAAA 2a00:14b0:42:102::3 +eh22-wiki.hosts IN AAAA 2a00:14b0:42:102::4 +pad.hosts IN AAAA 2a00:14b0:42:102::5 +keycloak.hosts IN AAAA 2a00:14b0:42:102::6 +onlyoffice.hosts IN AAAA 2a00:14b0:42:102::7 +renovate.hosts IN AAAA 2a00:14b0:42:102::8 +sunders.hosts IN AAAA 2a00:14b0:42:102::9 +mjolnir.hosts IN AAAA 2a00:14b0:42:102::a +netbox.hosts IN AAAA 2a00:14b0:42:102::b +tickets.hosts IN AAAA 2a00:14b0:42:102::c +zammad.hosts IN AAAA 2a00:14b0:42:102::d +grafana.hosts IN AAAA 2a00:14b0:42:102::e +ccchoir.hosts IN AAAA 2a00:14b0:42:102::f +pretalx.hosts IN AAAA 2a00:14b0:42:102::10 +ntfy.hosts IN AAAA 2a00:14b0:42:102::11 +spaceapiccc.hosts IN AAAA 2a00:14b0:42:102::12 +acmedns.hosts IN AAAA 2a00:14b0:42:102::13 +www2.hosts IN AAAA 2a00:14b0:42:102::14 +www3.hosts IN AAAA 2a00:14b0:42:102::15 +diday-staging-runner.hosts IN AAAA 2a00:14b0:42:102::16 +public-web-static.hosts IN AAAA 2a00:14b0:42:102::17 +forgejo-actions-runner.hosts IN AAAA 2a00:14b0:42:102::18 ; acme-challenges -_acme-challenge.sunders CNAME a5ee8a99-3cdf-4212-972e-c0b6fda1242f.auth.acmedns -_acme-challenge.pretalx CNAME 295a66d4-1d71-49f3-a80a-1f7527ec9cca.auth.acmedns +_acme-challenge.sunders CNAME a5ee8a99-3cdf-4212-972e-c0b6fda1242f.auth.acmedns +_acme-challenge.pretalx CNAME 295a66d4-1d71-49f3-a80a-1f7527ec9cca.auth.acmedns From d76212c5a89f9a8cd0ad7af96ba005bcfe842a3e Mon Sep 17 00:00:00 2001 From: June Date: Sat, 9 May 2026 18:27:54 +0200 Subject: [PATCH 24/27] auth-dns(host): remove legacy "-intern" entries from hamburg.ccc.de zone --- .../auth-dns/zones/hamburg.ccc.de.zone | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/resources/chaosknoten/auth-dns/zones/hamburg.ccc.de.zone b/resources/chaosknoten/auth-dns/zones/hamburg.ccc.de.zone index 5c19401..d314fd6 100644 --- a/resources/chaosknoten/auth-dns/zones/hamburg.ccc.de.zone +++ b/resources/chaosknoten/auth-dns/zones/hamburg.ccc.de.zone @@ -213,33 +213,14 @@ dkim._domainkey.id IN TXT ("v=DKIM1;k=rsa;t=s;s=em "XPfmatTH7yieDaLG+3kHjbA3WFyAkb/ZAqZaFM8k6cQJEZb7jDzdKlm1fuPrk" "YUrfZ1V3pglzdm0QbM4wIDAQAB") -aes-intern IN A 172.31.17.145 -tickets-intern IN A 172.31.17.148 -grafana-intern IN A 172.31.17.145 -loki-intern IN A 172.31.17.145 -eh22-netbox-intern IN A 172.31.17.166 -sunders-intern IN A 172.31.17.170 -renovate-intern IN A 172.31.17.171 -netbox-intern IN A 172.31.17.167 matrix-intern IN A 172.31.17.150 ; have this for compatibility (like references in CI) public-web-static-intern IN AAAA 2a00:14b0:42:102::17 -pretalx-intern IN A 172.31.17.157 -zammad-intern IN A 172.31.17.152 -nixos-template-intern IN A 172.31.17.200 git-intern IN A 172.31.17.154 -forgejo-actions-runner-intern IN A 172.31.17.155 -nix-box-june-intern IN A 172.31.17.158 woodpecker-intern IN A 172.31.17.160 -mjolnir-intern IN A 172.31.17.161 -mjolnir-ng-intern IN A 172.31.17.169 penpot-intern IN A 172.31.17.162 -penpot-ng-intern IN A 172.31.17.168 -hydra-intern IN A 172.31.17.163 forgejo-runner-builder IN A 172.31.17.202 renovate-forgejo IN A 172.31.17.163 -ansible-testing-intern IN A 172.31.17.164 -ntfy-intern IN A 172.31.17.149 status IN AAAA 2a00:14b0:f001:100::fd status IN A 212.12.50.253 design IN A 212.12.48.125 From c9c44efa0bfaee64276eca3ccdca898732293cd8 Mon Sep 17 00:00:00 2001 From: June Date: Sat, 9 May 2026 19:16:34 +0200 Subject: [PATCH 25/27] auth-dns(host): remove entries for old and deprecated services --- .../auth-dns/zones/hamburg.ccc.de.zone | 51 ------------------- 1 file changed, 51 deletions(-) diff --git a/resources/chaosknoten/auth-dns/zones/hamburg.ccc.de.zone b/resources/chaosknoten/auth-dns/zones/hamburg.ccc.de.zone index d314fd6..21a8d0e 100644 --- a/resources/chaosknoten/auth-dns/zones/hamburg.ccc.de.zone +++ b/resources/chaosknoten/auth-dns/zones/hamburg.ccc.de.zone @@ -37,15 +37,6 @@ dkim._domainkey IN TXT ("v=DKIM1;k=rsa;t=s;s=em _dmarc IN TXT "v=DMARC1;p=none;sp=none;pct=100;rua=mailto:dmarc-report@hamburg.ccc.de;ruf=mailto:dmarc-report@hamburg.ccc.de;ri=86400;aspf=r;adkim=r;fo=1" -;_sip._udp IN SRV 10 0 5060 vermittlung -;_sip._tcp IN SRV 10 4 5060 vermittlung -;_sips._tcp IN SRV 10 4 5060 vermittlung - -_xmpp-client._tcp IN SRV 10 0 5222 jabber -_xmpp-server._tcp IN SRV 10 0 5269 jabber -_xmpp-client._tcp.jabber IN SRV 10 0 5222 jabber -_xmpp-server._tcp.jabber IN SRV 10 0 5269 jabber - localhost IN A 127.0.0.1 dante._domainkey IN TXT ("v=DKIM1;k=rsa;t=s;s=email;" @@ -55,9 +46,6 @@ hansenerd._domainkey IN TXT ("v=DKIM1; k=rsa; " "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDlxTgmc5Fe2aQc5razQYlk3OBGNePuevJQ7YVp5j5IM0ukBLM1erTR6DLZZvoGd2puKvfjlvejR3GRY4YXeZkCJoS0ZjwpR3Tfy8PzUbPNMt5e/buHGK1v+9E9zrl4vrxgYYYlYqjl1HF1K9oE5yPI1AIeUxzZpduheJASlxr9VwIDAQAB" ) ; -; VMWare ESXi Host: -worker IN A 212.12.48.123 -worker-ipmi IN A 212.12.51.136 ; Proxmox Host: chaosknoten IN A 212.12.48.126 IN AAAA 2a00:14b0:4200:3000::126:1 @@ -107,15 +95,6 @@ chaosvpn-dns IN A 172.31.17.136 turing-db IN A 172.31.17.135 IN MX 10 cow.hamburg.ccc.de. -jabber IN A 212.12.48.122 - IN AAAA 2a00:14b0:f000:23::26 - IN MX 5 nomail.ccc.de. - IN MX 10 cow.hamburg.ccc.de. -jabber-intern IN A 172.31.17.134 - IN AAAA 2a00:14b0:f000:23::26 - IN MX 5 nomail.ccc.de. - IN MX 10 cow.hamburg.ccc.de. - gitlab IN A 212.12.48.122 IN AAAA 2a00:14b0:4200:3000:122::1 ; ipv6 also has DNAT rules @@ -235,7 +214,6 @@ dkim._domainkey.design IN TXT ("v=DKIM1;k=rsa;t=s;s=em "TRTV4LM/n5Jm7Mm1F5DwJ+7Ie9s/WvTWKKKUExmoa5SNheGcfybC+sqnJu7L0" "F5dWFwk0zzQDcVSY2m9qFWPEuO2fZmiB4IoG4yXkooSY2sH9Z8eX2+6i3k/ub" "qx58Mav6VlkTxsOAdbbQIDAQAB") -hydra IN A 212.12.48.125 regio-stage IN A 212.12.51.142 AAAA 2a00:14b0:f000:23:51:142:0:1 @@ -350,27 +328,6 @@ zammad IN A 212.12.48.125 loki IN CNAME grafana.hosts metrics IN CNAME grafana.hosts -; attraktor openvz vm -attraktor IN A 172.31.17.14 - IN AAAA 2a00:14b0:f000:23:48::14 - IN MX 10 cow.hamburg.ccc.de. -attraktor-intern IN A 172.31.17.14 - IN AAAA 2a00:14b0:f000:23:48::14 - IN MX 10 cow.hamburg.ccc.de. -attraktor-intern2 IN A 172.31.17.137 - IN MX 10 cow.hamburg.ccc.de. - -erfafoo IN A 212.12.51.138 - IN AAAA 2a00:14b0:f000:23:50:210::1 - IN MX 10 cow.hamburg.ccc.de. -local IN CNAME erfafoo -lokal IN CNAME erfafoo - -; fuer vollkorn: -;webfoo IN A 212.12.51.138 -; IN AAAA 2a00:14b0:4200:3380:138::1 -; IN MX 5 nomail.ccc.de. -; IN MX 10 cow.hamburg.ccc.de. ; chaos macht schule server cms IN A 212.12.51.131 @@ -453,16 +410,8 @@ irc IN A 176.56.239.136 IN AAAA 2a00:d880:8:1::1aa IN MX 5 nomail.ccc.de. -;anonymizer IN A 192.162.102.224 -; IN MX 5 nomail.ccc.de. -; IN MX 10 anonymizer -;mixminion IN A 192.162.102.225 -; IN MX 5 nomail.ccc.de. -; IN MX 10 mixminion - cryptoparty IN CNAME public-reverse-proxy staging.cryptoparty IN CNAME public-reverse-proxy -cryptoparty-intern IN A 172.31.17.213 ; Freifunk Gateways freifunk-gw01 IN CNAME gw01.hamburg.freifunk.net. From e3ef60186f52ef3c3f9994aff3f60ce184774403 Mon Sep 17 00:00:00 2001 From: chris Date: Sat, 9 May 2026 21:34:08 +0200 Subject: [PATCH 26/27] grafana: set default alertmanager notifications --- .../chaosknoten/grafana/docker_compose/alertmanager.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/resources/chaosknoten/grafana/docker_compose/alertmanager.yaml.j2 b/resources/chaosknoten/grafana/docker_compose/alertmanager.yaml.j2 index 0689820..7276bdd 100644 --- a/resources/chaosknoten/grafana/docker_compose/alertmanager.yaml.j2 +++ b/resources/chaosknoten/grafana/docker_compose/alertmanager.yaml.j2 @@ -3,7 +3,7 @@ # - https://github.com/prometheus/alertmanager/blob/48a99764a1fc9279fc828de83e7a03ae2219abc7/doc/examples/simple.yml route: - receiver: 'ntfy-ccchh' + receiver: 'null' group_by: [ "alertname", "site", "job", "hypervisor" ] group_wait: 30s group_interval: 5m From 60c37ce52a21d5eece88b63d2f328eba74815394 Mon Sep 17 00:00:00 2001 From: Renovate Date: Sun, 10 May 2026 01:16:13 +0000 Subject: [PATCH 27/27] Update docker.io/library/postgres Docker tag to v18 --- inventories/chaosknoten/host_vars/cloud.yaml | 2 +- resources/chaosknoten/lists/docker_compose/compose.yaml | 2 +- resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/inventories/chaosknoten/host_vars/cloud.yaml b/inventories/chaosknoten/host_vars/cloud.yaml index 9c28d58..0a1d845 100644 --- a/inventories/chaosknoten/host_vars/cloud.yaml +++ b/inventories/chaosknoten/host_vars/cloud.yaml @@ -1,7 +1,7 @@ # renovate: datasource=docker depName=git.hamburg.ccc.de/ccchh/oci-images/nextcloud nextcloud__version: 32 # renovate: datasource=docker depName=docker.io/library/postgres -nextcloud__postgres_version: 15.17 +nextcloud__postgres_version: 18.3 nextcloud__fqdn: cloud.hamburg.ccc.de nextcloud__data_dir: /data/nextcloud nextcloud__extra_configuration: "{{ lookup('ansible.builtin.template', 'resources/chaosknoten/cloud/nextcloud/extra_configuration.config.php.j2') }}" diff --git a/resources/chaosknoten/lists/docker_compose/compose.yaml b/resources/chaosknoten/lists/docker_compose/compose.yaml index fb65594..65248bb 100644 --- a/resources/chaosknoten/lists/docker_compose/compose.yaml +++ b/resources/chaosknoten/lists/docker_compose/compose.yaml @@ -58,7 +58,7 @@ services: - POSTGRES_DB=mailmandb - POSTGRES_USER=mailman - POSTGRES_PASSWORD=wvQjbMRnwFuxGEPz - image: docker.io/library/postgres:12-alpine + image: docker.io/library/postgres:18-alpine volumes: - /opt/mailman/database:/var/lib/postgresql/data networks: diff --git a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 index 0bbfcb8..091bd44 100644 --- a/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 +++ b/resources/chaosknoten/pretalx/docker_compose/compose.yaml.j2 @@ -3,7 +3,7 @@ services: database: - image: docker.io/library/postgres:15-alpine + image: docker.io/library/postgres:18-alpine environment: - "POSTGRES_USER=pretalx" - "POSTGRES_PASSWORD={{ secret__pretalx_db_password }}"