diff --git a/inventories/chaosknoten/host_vars/auth-dns.sops.yaml b/inventories/chaosknoten/host_vars/auth-dns.sops.yaml index b69debc..1899a27 100644 --- a/inventories/chaosknoten/host_vars/auth-dns.sops.yaml +++ b/inventories/chaosknoten/host_vars/auth-dns.sops.yaml @@ -1,5 +1,4 @@ ansible_pull__age_private_key: ENC[AES256_GCM,data:2kBG8j8JHa/dlXgWMdbSobulFdVunf052T1QQfm1X2vpEZx2HPCL87fWea+O0WOg7+eoMYbiShu0Vw1eTjb+687LjU8l4cj2JWIajnYfDGH+ipWXojxj613C3RZV3JfDOclVTwP8fCHu7z7P3fKrsKWb5d3t2ohTT+sGdVdimakAOf192CkufcVIthq2imiWbntiMTOdMGJxyIjqT2Io2H89nSbJXkONsuHCF/PbxhryB2LZbl8aZV32knk=,iv:hpscVc7iO4r/h31vS6Zno2pkEsgA2uR7wD/1PjH1znM=,tag:ypiwFtgeXuj4gOsgTCRTBw==,type:str] -knot__dnssec_key_secret: ENC[AES256_GCM,data:WPFTLyJIttFtqqTZV2fGN0Tt1vRS318TGmd2YqNzYisE3TBi6Z2aClxuYh56Q+j7TUQwCvga3jd5w017sEz3kA==,iv:umaFHBCy9AZgNFv7uXLCtO0o/NZDAZ1QNg5DcGHWEW8=,tag:oR92C1Uj5iXU9L02MqzGSQ==,type:str] sops: age: - recipient: age18zgt4y2sd75hxnpe333zz39048ctxpr0q8a3uqh3jajjkyawsdrq8yg5ve @@ -11,8 +10,8 @@ sops: MEZQTHZXNExsSnl0WW9Vb29sajE1YzAKoYU7rGuR+52+U02uf3eTH9hkIECWdcJv wN9JTwsUn0c6mi/d4AHgv5O04Uw7NxUyGVmFlDZzjxLwPzZyR73SvA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-05-01T17:08:09Z" - mac: ENC[AES256_GCM,data:TaMWf1ESs8nYzxkElMYtsz+/Be0PtI7FA0q6IFK+ob4dl/EN+AeTD7Pp0MZF8zcRvZ4hF0Ybimet5bwVR+d7UIXlXz3qP//pX68JDCvcLMQuhNtm6Ws+mwVxkpxEvBr1PtxlSvcQ76vH3ryEsXkP84gmlCDEdX1GAZYZ9ZS3Cfk=,iv:g3tzUfTPNUQyOAxWJEFPHg0IAPAzQgwYABHm4mFOOrI=,tag:C6KE/bg/3jS7Wc56y6YOJQ==,type:str] + lastmodified: "2026-04-29T19:21:55Z" + mac: ENC[AES256_GCM,data:RLXsIsSdrCuElYQ3x2YpwYzQx0V0zoYP6h9FLD+RqmZ1pWhlk6Ijp9WxCAlEWps9n5rPYYyhZ3ldSJluTVeroPwpzrmwW+xXCGsCC0BFk6PuB4UynfHwWR/3jEK47nAdPbNfONhzGfOeTObYp22c3iHiKL8YochOSlBToA8mFr4=,iv:fZZEa3C/BsNKGdTKlR/hexrzhmLxiMVxgL9nXjX2Q1E=,tag:I5M8SNbSw4w1crsl0z/5+Q==,type:str] pgp: - created_at: "2026-04-29T19:18:43Z" enc: |- diff --git a/inventories/chaosknoten/host_vars/auth-dns.yaml b/inventories/chaosknoten/host_vars/auth-dns.yaml deleted file mode 100644 index 1534e4a..0000000 --- a/inventories/chaosknoten/host_vars/auth-dns.yaml +++ /dev/null @@ -1,19 +0,0 @@ ---- -deploy_systemd_resolved_config__enable: false - -knot__dnssec_key_id: "auth-dns.hamburg.ccc.de-1" -knot__remotes: - - id: ns-intern.hamburg.ccc.de - address: [ "2a00:14b0:f000:23::53", "172.31.17.53" ] - -knot__catalog_zones: - - domain: "hamburg.ccc.de.catalog." - -knot__zones: - # - domain: "hamburg.ccc.de." - # catalog_member: "hamburg.ccc.de.catalog." - # content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/hamburg.ccc.de.zone') }}" - - domain: "hh.ccc.de." - catalog_member: "hamburg.ccc.de.catalog." - notify_targets: [ "ns-intern.hamburg.ccc.de" ] - content: "{{ lookup('ansible.builtin.file', 'resources/chaosknoten/auth-dns/zones/hh.ccc.de.zone') }}" diff --git a/playbooks/deploy.yaml b/playbooks/deploy.yaml index ff9110d..e032782 100644 --- a/playbooks/deploy.yaml +++ b/playbooks/deploy.yaml @@ -101,8 +101,3 @@ - name: Run ensure_eh22_styleguide_dir Playbook ansible.builtin.import_playbook: ensure_eh22_styleguide_dir.yaml - -- name: Setup authoritative dns servers - hosts: auth-dns - roles: - - auth_dns diff --git a/resources/chaosknoten/auth-dns/docker_compose/compose.yaml.j2 b/resources/chaosknoten/auth-dns/docker_compose/compose.yaml.j2 deleted file mode 100644 index 7ebc230..0000000 --- a/resources/chaosknoten/auth-dns/docker_compose/compose.yaml.j2 +++ /dev/null @@ -1,13 +0,0 @@ -# Links & Resources -# https://www.knot-dns.cz/docs/latest/html/index.html - -services: - knot: - image: docker.io/cznic/knot:v3.5.4 - restart: unless-stopped - command: "knotd" - network_mode: host - volumes: - - ./configs:/config:ro - - ./storage:/storage - diff --git a/resources/chaosknoten/auth-dns/zones/0.0.127.in-addr.arpa.zone b/resources/chaosknoten/auth-dns/zones/0.0.127.in-addr.arpa.zone deleted file mode 100644 index 770447b..0000000 --- a/resources/chaosknoten/auth-dns/zones/0.0.127.in-addr.arpa.zone +++ /dev/null @@ -1,12 +0,0 @@ -$ORIGIN 0.0.127.in-addr.arpa. -$TTL 7200 - -@ 1D IN SOA localhost. root.localhost. ( - 42 ; serial (d. adams) - 3H ; refresh - 15M ; retry - 1W ; expiry - 1D ) ; minimum - - 1D IN NS localhost. -1 1D IN PTR localhost. diff --git a/resources/chaosknoten/auth-dns/zones/127.0.0.zone b/resources/chaosknoten/auth-dns/zones/127.0.0.zone deleted file mode 100644 index b9b7bf5..0000000 --- a/resources/chaosknoten/auth-dns/zones/127.0.0.zone +++ /dev/null @@ -1,11 +0,0 @@ -$ORIGIN 0.0.127.in-addr.arpa. - -@ 1D IN SOA localhost. root.localhost. ( - 42 ; serial (d. adams) - 3H ; refresh - 15M ; retry - 1W ; expiry - 1D ) ; minimum - - 1D IN NS localhost. -1 1D IN PTR localhost. diff --git a/resources/chaosknoten/auth-dns/zones/168.192.in-addr.arpa.zone b/resources/chaosknoten/auth-dns/zones/168.192.in-addr.arpa.zone deleted file mode 100644 index 910c596..0000000 --- a/resources/chaosknoten/auth-dns/zones/168.192.in-addr.arpa.zone +++ /dev/null @@ -1,10 +0,0 @@ -$TTL 7200 - -@ IN SOA ns.hamburg.ccc.de. hostmaster.ccc.de. ( - 2016111701 - 10800 - 3600 - 3600000 - 86400 ) - - IN NS ns.hamburg.ccc.de. diff --git a/resources/chaosknoten/auth-dns/zones/17.31.172.in-addr.arpa.zone b/resources/chaosknoten/auth-dns/zones/17.31.172.in-addr.arpa.zone deleted file mode 100644 index ea2c1ce..0000000 --- a/resources/chaosknoten/auth-dns/zones/17.31.172.in-addr.arpa.zone +++ /dev/null @@ -1,49 +0,0 @@ -$TTL 7200 - -@ IN SOA ns-intern.hamburg.ccc.de. haegar.ccc.de. ( - 2025020101 - 10800 - 3600 - 3600000 - 86400 ) - - IN NS ns-intern.hamburg.ccc.de. - -1 IN PTR turing-vzhost.hamburg.ccc.de. -14 IN PTR attraktor-intern.hamburg.ccc.de. -53 IN PTR ns-intern.hamburg.ccc.de. -122 IN PTR oldturing.hamburg.ccc.de. -129 IN PTR turing-router.hamburg.ccc.de. -131 IN PTR officemail.hh.ccc.de. -132 IN PTR turing-new.hamburg.ccc.de. -133 IN PTR gitlab-intern.hamburg.ccc.de. -134 IN PTR jabber-intern.hamburg.ccc.de. -135 IN PTR turing-db.hamburg.ccc.de. -136 IN PTR chaosvpn-dns.hamburg.ccc.de. -137 IN PTR attraktor-intern2.hamburg.ccc.de. -138 IN PTR gitlab-test-intern.hamburg.ccc.de. -139 IN PTR gitlab-runner.hamburg.ccc.de. -142 IN PTR turing-intern2.hamburg.ccc.de. -143 IN PTR cloud-intern.hamburg.ccc.de. -144 IN PTR keycloak-intern.hamburg.ccc.de. -145 IN PTR grafana-intern.hamburg.ccc.de. -146 IN PTR wiki-intern.hamburg.ccc.de. -147 IN PTR onlyoffice-intern.hamburg.ccc.de. -148 IN PTR tickets-intern.hamburg.ccc.de. -149 IN PTR netbox-intern.hamburg.ccc.de. -150 IN PTR matrix-intern.hamburg.ccc.de. -151 IN PTR public-web-static-intern.hamburg.ccc.de. -152 IN PTR zammad-intern.hamburg.ccc.de. -153 IN PTR ns-intern2.hamburg.ccc.de. -156 IN PTR ccchoir-intern.hamburg.ccc.de. -157 IN PTR pretalx-intern.hamburg.ccc.de. -163 IN PTR renovate-forgejo.hamburg.ccc.de -180 IN PTR rproxy-intern.hamburg.ccc.de. -199 IN PTR template.hamburg.ccc.de. -201 IN PTR cow-intern.hamburg.ccc.de. -202 IN PTR forgejo-runner-builder.hamburg.ccc.de. -202 IN PTR forgejo-runner-ubuntu.hamburg.ccc.de. -204 IN PTR eh22hub-intern.hamburg.ccc.de. -212 IN PTR eh20-intern.hamburg.ccc.de. -213 IN PTR cryptoparty-intern.hamburg.ccc.de. -254 IN PTR chaosknoten.hamburg.ccc.de. diff --git a/resources/chaosknoten/auth-dns/zones/2.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone b/resources/chaosknoten/auth-dns/zones/2.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone deleted file mode 100644 index 205bda5..0000000 --- a/resources/chaosknoten/auth-dns/zones/2.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone +++ /dev/null @@ -1,16 +0,0 @@ -$TTL 7200 - -@ IN SOA ns.hamburg.ccc.de. haegar.ccc.de. ( - 2023073001 - 10800 - 3600 - 3600000 - 86400 ) - - IN NS ns.hamburg.ccc.de. - IN NS ns.vie.ccc.de. - -; 2a00:14b0:4200:3000:122::1 - -1.0.0.0.0.0.0.0.0.0.0.0 IN PTR turing.hamburg.ccc.de. - diff --git a/resources/chaosknoten/auth-dns/zones/3.2.0.0.0.0.0.f.0.b.4.1.0.0.a.2.ip6.arpa.zone b/resources/chaosknoten/auth-dns/zones/3.2.0.0.0.0.0.f.0.b.4.1.0.0.a.2.ip6.arpa.zone deleted file mode 100644 index 240d783..0000000 --- a/resources/chaosknoten/auth-dns/zones/3.2.0.0.0.0.0.f.0.b.4.1.0.0.a.2.ip6.arpa.zone +++ /dev/null @@ -1,43 +0,0 @@ -$TTL 7200 - -@ IN SOA ns.hamburg.ccc.de. haegar.ccc.de. ( - 2025020102 - 10800 - 3600 - 3600000 - 86400 ) - - IN NS ns.hamburg.ccc.de. - IN NS ns.vie.ccc.de. - -; ccchh firewall / tunnelendpunkte: -1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR fwhh.hamburg.ccc.de. - -6.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR jabber.hamburg.ccc.de. -3.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR ns.hamburg.ccc.de. -0.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR rproxy.hamburg.ccc.de. -2.2.1.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR oldturing.hamburg.ccc.de. -3.3.1.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR gitlab-intern.hamburg.ccc.de. -5.3.1.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR fftest.hamburg.ccc.de. -4.1.0.0.0.0.0.0.0.0.0.0.8.4.0.0 IN PTR wiki.attraktor.org. -1.0.0.0.0.0.0.0.0.1.2.0.0.5.0.0 IN PTR lokal.ccc.de. -1.0.0.0.0.0.0.0.2.1.2.0.0.5.0.0 IN PTR eh20.hamburg.ccc.de. -1.0.0.0.0.0.0.0.3.1.2.0.0.5.0.0 IN PTR cryptoparty.hamburg.ccc.de. - -1.0.0.0.0.0.0.0.0.4.1.0.1.5.0.0 IN PTR shellhost.hamburg.ccc.de. - -1.0.0.0.0.0.0.0.0.3.1.0.1.5.0.0 IN PTR unallocated.hamburg.ccc.de. -1.0.0.0.0.0.0.0.1.3.1.0.1.5.0.0 IN PTR cms.hamburg.ccc.de. -1.0.0.0.0.0.0.0.2.3.1.0.1.5.0.0 IN PTR lists.hamburg.ccc.de. -1.0.0.0.0.0.0.0.3.3.1.0.1.5.0.0 IN PTR cow.hamburg.ccc.de. -1.0.0.0.0.0.0.0.4.3.1.0.1.5.0.0 IN PTR srv01.hamburg.freifunk.net. -1.0.0.0.0.0.0.0.5.3.1.0.1.5.0.0 IN PTR fftest.hamburg.ccc.de. -1.0.0.0.0.0.0.0.6.3.1.0.1.5.0.0 IN PTR git.hamburg.ccc.de. -1.0.0.0.0.0.0.0.7.3.1.0.1.5.0.0 IN PTR unallocated.hamburg.ccc.de. -1.0.0.0.0.0.0.0.8.3.1.0.1.5.0.0 IN PTR unallocated.hamburg.ccc.de. -1.0.0.0.0.0.0.0.9.3.1.0.1.5.0.0 IN PTR jitsi.hamburg.ccc.de. -1.0.0.0.0.0.0.0.0.4.1.0.1.5.0.0 IN PTR shells.hamburg.ccc.de. -1.0.0.0.0.0.0.0.1.4.1.0.1.5.0.0 IN PTR mumble.hamburg.ccc.de. -1.0.0.0.0.0.0.0.2.4.1.0.1.5.0.0 IN PTR regio-stage.hamburg.ccc.de. -1.0.0.0.0.0.0.0.4.0.2.0.1.5.0.0 IN PTR eh22hub.hamburg.ccc.de. -1.0.0.0.0.0.0.0.5.0.2.0.1.5.0.0 IN PTR eh22hub-meta.hamburg.ccc.de. diff --git a/resources/chaosknoten/auth-dns/zones/3.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone b/resources/chaosknoten/auth-dns/zones/3.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone deleted file mode 100644 index 3b3921c..0000000 --- a/resources/chaosknoten/auth-dns/zones/3.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone +++ /dev/null @@ -1,15 +0,0 @@ -$TTL 7200 - -@ IN SOA ns.hamburg.ccc.de. haegar.ccc.de. ( - 2023072900 - 10800 - 3600 - 3600000 - 86400 ) - - IN NS ns.hamburg.ccc.de. - IN NS ns.vie.ccc.de. - -; 2a00:14b0:4200:3000:123::1 - -1.0.0.0.0.0.0.0.0.0.0.0 IN PTR unused.hamburg.ccc.de. diff --git a/resources/chaosknoten/auth-dns/zones/4.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone b/resources/chaosknoten/auth-dns/zones/4.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone deleted file mode 100644 index 4bba9bc..0000000 --- a/resources/chaosknoten/auth-dns/zones/4.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone +++ /dev/null @@ -1,15 +0,0 @@ -$TTL 7200 - -@ IN SOA ns.hamburg.ccc.de. haegar.ccc.de. ( - 2023072900 - 10800 - 3600 - 3600000 - 86400 ) - - IN NS ns.hamburg.ccc.de. - IN NS ns.vie.ccc.de. - -; 2a00:14b0:4200:3000:124::1 - -1.0.0.0.0.0.0.0.0.0.0.0 IN PTR unused.hamburg.ccc.de. diff --git a/resources/chaosknoten/auth-dns/zones/5.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone b/resources/chaosknoten/auth-dns/zones/5.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone deleted file mode 100644 index 8eeaf64..0000000 --- a/resources/chaosknoten/auth-dns/zones/5.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone +++ /dev/null @@ -1,15 +0,0 @@ -$TTL 7200 - -@ IN SOA ns.hamburg.ccc.de. haegar.ccc.de. ( - 2023072900 - 10800 - 3600 - 3600000 - 86400 ) - - IN NS ns.hamburg.ccc.de. - IN NS ns.vie.ccc.de. - -; 2a00:14b0:4200:3000:125::1 - -1.0.0.0.0.0.0.0.0.0.0.0 IN PTR public-reverse-proxy.hamburg.ccc.de. diff --git a/resources/chaosknoten/auth-dns/zones/6.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone b/resources/chaosknoten/auth-dns/zones/6.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone deleted file mode 100644 index 1545084..0000000 --- a/resources/chaosknoten/auth-dns/zones/6.2.1.0.0.0.0.3.0.0.2.4.0.b.4.1.0.0.a.2.ip6.arpa.zone +++ /dev/null @@ -1,15 +0,0 @@ -$TTL 7200 - -@ IN SOA ns.hamburg.ccc.de. haegar.ccc.de. ( - 2023073001 - 10800 - 3600 - 3600000 - 86400 ) - - IN NS ns.hamburg.ccc.de. - IN NS ns.vie.ccc.de. - -; 2a00:14b0:4200:3000:126::1 - -1.0.0.0.0.0.0.0.0.0.0.0 IN PTR chaosknoten.hamburg.ccc.de. diff --git a/resources/chaosknoten/auth-dns/zones/Makefile b/resources/chaosknoten/auth-dns/zones/Makefile deleted file mode 100644 index d3b6687..0000000 --- a/resources/chaosknoten/auth-dns/zones/Makefile +++ /dev/null @@ -1,93 +0,0 @@ - -CHANGED = $(shell git diff --name-only --relative -- '*.zone' ) - -export GIT_AUTHOR_NAME = "Bind Makefile" -#export GIT_AUTHOR_EMAIL = "$(shell whoami)@$(shell hostname -f)" -#export GIT_COMMITTER_NAME = $(GIT_AUTHOR_NAME) -#export GIT_COMMITTER_EMAIL = $(GIT_AUTHOR_EMAIL) - -all: rollover -install: rollover - -rollover: autoserial diff check reload eof - - -diff: - @echo "Diff Zones... " - @git diff -U0 -- $(CHANGED) \ - | grep -a -v -E '^(diff |index |---|@@)' \ - | sed -e 's/^[+]* .\/\([^ ]*\).*/=> \1/' - -autoserial: - @for file in $(CHANGED); do \ - perl -p -i -e 'if ($$p =~ /[\t\s]+IN[\t\s]+SOA[\t\s]+/) { $$stamp = sprintf("%4.4d%02.2d%02.2d", (localtime)[5]+1900, (localtime)[4]+1, (localtime)[3]); $$count = (/$$stamp([0-9]{2})/)? $$1 + 1: 1; s/[0-9]+/sprintf("%s%02.2d", $$stamp, $$count)/e; } $$p = $$_;' $$file; \ - done - -check: - @echo "Checking Configs... " - @if ! named-checkconf /etc/bind/named.conf; then \ - echo "FIX THE ERROR AND TRY AGAIN"; \ - exit 1 ; \ - fi - - @echo "Checking Zones... " - @named-checkconf -j -p /etc/bind/named.conf \ - | perl -e 'my $$zone = ""; while (<>) { if (/^\s+zone\s+\"(.*)\"/) { $$zone = $$1; } elsif (($$zone ne "") && /^\s+file\s+\"(.*?)\"/) { print "$$zone $$1\n"; $$zone = ""; } }' \ - | sort \ - | uniq \ - | while read zone file; do \ - echo "FOO: zone: $$zone file: $$file"; \ - if [ -z "$$file" -o "$$zone" = "key" ] ; then \ - continue ; \ - fi ; \ - if echo -n "$$zone" | grep -q -E '(sc-eur.com|db.root|named.dump|named.stats)'; then \ - continue; \ - fi; \ - if ! named-checkzone -q -i "full" $$zone $$file; then \ - named-checkzone -i "full" $$zone $$file; \ - echo "FIX THE ERROR AND TRY AGAIN"; \ - exit 1 ; \ - fi; \ - done - -#@echo "Checking CNAMEs and PTRs... " -#@grep -l -E '.*(PTR|CNAME).*[^.]*[.][^.]*[^.]$$' *.* \ -#| grep -v '\.sh$$' \ -#| while read file; do \ -# echo "$$file: DO NOT FORGET THE LAST DOT"; \ -# grep -E '.*(PTR|CNAME).*[^.]*[.][^.]*[^.]$$' $$file; \ -# exit 1 ; \ -#done - -reload: - @while [ "$$answer" = "" ]; do \ - echo -n "Do you want to reload all zones ? [yes] "; \ - read answer; \ - case $$answer in \ - [Yy]|[Yy][Ee][Ss]) \ - answer="yes"; \ - break; \ - ;; \ - [Nn]|[Nn][Oo]) \ - answer="no"; \ - break; \ - ;; \ - "") \ - answer="yes"; \ - break; \ - ;; \ - *) \ - answer=""; \ - ;; \ - esac; \ - done; \ - if [ "$$answer" = "yes" ]; then \ - etckeeper commit "Changed DNS Zones: $(CHANGED)" ; \ - rndc reload; \ - else \ - echo "Server reload aborted"; \ - exit 1 ; \ - fi - -eof: - @echo "DONE -- That's all folks!" diff --git a/resources/chaosknoten/auth-dns/zones/ccchh.net.zone b/resources/chaosknoten/auth-dns/zones/ccchh.net.zone deleted file mode 100644 index f95ee63..0000000 --- a/resources/chaosknoten/auth-dns/zones/ccchh.net.zone +++ /dev/null @@ -1,72 +0,0 @@ -$ORIGIN . -$TTL 900 ; 15 minutes -ccchh.net IN SOA ns1.ccchh.net. noreply.ccchh.net. ( - 2026042801 ; serial - 86400 ; refresh (1 day) - 7200 ; retry (2 hours) - 3600000 ; expire (5 weeks 6 days 16 hours) - 7200 ; minimum (2 hours) - ) - NS ns.vie.ccc.de. - NS ns.hamburg.ccc.de. -$ORIGIN ccchh.net. -aes A 212.12.48.125 -club-assistant AAAA 2a07:c481:1:d0::a -;_acme-challenge.club-assistant CNAME d50ad73a-f82d-4244-87f0-6f5195b37d21.auth.acmedns.hamburg.ccc.de -club-assistant.z9 AAAA 2a07:c481:1:d0::a -;_acme-challenge.club-assistant.z9 CNAME 0efa74d1-7dcd-478b-bdc5-5b76d0f07642.auth.acmedns.hamburg.ccc.de -esphome AAAA 2a07:c481:1:d0::66 -esphome.z9 AAAA 2a07:c481:1:d0::66 -zigbee2mqtt A 185.161.129.132 -light AAAA 2a07:c481:1:d0::16 -_acme-challenge.light CNAME e59f55ee-9013-469d-a146-a159721b6fea.auth.acmedns.hamburg.ccc.de. -light.z9 AAAA 2a07:c481:1:d0::16 -_acme-challenge.light.z9 CNAME 3bc9e7ce-03dd-4533-a059-b5d38407eaa5.auth.acmedns.hamburg.ccc.de. -light-werkstatt AAAA 2a07:c481:1:d0::16 -_acme-challenge.light-werkstatt CNAME f408acc0-d9f5-4525-bb01-28938e3bb7d0.auth.acmedns.hamburg.ccc.de. -mailserver-endpoint A 82.165.121.46 -ns1 A 185.161.129.133 -send-only-mail MX 10 send-only-mailserver - TXT "v=spf1 mx -all" -send-only-mailserver A 82.165.121.46 -send-only-mailserver-access A 185.161.129.132 -thinkcccore0 AAAA 2a07:c481:1:f2::3 -thinkcccore0.z9 AAAA 2a07:c481:1:f2::3 -thinkcccore1 AAAA 2a07:c481:1:f2::4 -thinkcccore1.z9 AAAA 2a07:c481:1:f2::4 -opnsense AAAA 2a07:c481:1:f2::1 -opnsense.z9 AAAA 2a07:c481:1:f2::1 -pbs AAAA 2a07:c481:1:f2::4 -thinkcccore2 AAAA 2a07:c481:1:f2::5 -thinkcccore2.z9 AAAA 2a07:c481:1:f2::5 -thinkcccore3 AAAA 2a07:c481:1:f2::6 -thinkcccore3.z9 AAAA 2a07:c481:1:f2::6 -miniscccore0 AAAA 2a07:c481:1:f2::9 -miniscccore0.z9 AAAA 2a07:c481:1:f2::9 -uptime-kuma A 185.161.129.132 -status AAAA 2a07:c481:1:ce::a -status.z9 AAAA 2a07:c481:1:ce::a -wiki A 212.12.48.125 -hmdooris-ccu A 10.31.208.202 -buba A 10.31.211.137 -buba.z9 A 10.31.211.137 -dooris AAAA 2a07:c481:1:d0::1c -_acme-challenge.dooris CNAME 37caae1f-b77f-4eb1-aa71-dc3f7ed24360.auth.acmedns.hamburg.ccc.de -waybackproxy A 10.31.208.99 -yate A 10.31.208.12 -staubiv2 A 10.31.210.233 -staubiv2.z9 A 10.31.210.233 -; Mail: hosts.z9.ccchh.net -hosts.z9 MX 10 cow.hamburg.ccc.de - TXT "v=spf1 mx -all" -dkim._domainkey.hosts.z9 TXT ("v=DKIM1;k=rsa;t=s;s=email;" - "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvsdypQ/tlrzto5KVP" - "5o7tEblXK/hOVRFB683uODzo26XTFMSRGjumMuo/tej59GMePdUu0uIsdq8hfj8" - "ot0R2OQNazdyp4NW4TUWfFGJ4S2f6LR3lE3I5Lw7fHiYHz0GnCGTqZIItkHK+xQ" - "i5Fdhwd1YbFJtO0XiZ0jY5w6pvny6pEH8WaKX85rEmz2zqCtpiYPRPmoK/Tn+rV" - "2e8fVioMRm9W8E4PU42WLds66qOkFR0KjKIavE6y7JahESEoVGcVnSPdtMOX0Ln" - "KbSMQNrTvNbBoPdLYvNaXOw7TmVPKjDV+FRCIIdK+m0fL82/vm5jPBvDr5+WlM1" - "xV/P/KlSnQIDAQAB") -$ORIGIN send-only-mail.ccchh.net. -_dmarc TXT "v=DMARC1;p=quarantine;" -key._domainkey TXT "v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDqduM4+SQ+IQ2uAxbjFkd+0hAjohTgT3nM76jyrWGHJ8TizNU2PGkta0NjCq+m9VLBZUjIJphW2vrnlJsnN0JkGAdoLBL3Qs0kShT6V+xsxslZG2KHApihnJUp34tPSMES+aTnD+jEPGyxFLeoiK+3gywNhCGalHSQ+G88Z2n59wIDAQAB" diff --git a/resources/chaosknoten/auth-dns/zones/eh20.easterhegg.eu.zone b/resources/chaosknoten/auth-dns/zones/eh20.easterhegg.eu.zone deleted file mode 100644 index ee28f2b..0000000 --- a/resources/chaosknoten/auth-dns/zones/eh20.easterhegg.eu.zone +++ /dev/null @@ -1,27 +0,0 @@ -$TTL 7200 - -@ IN SOA ns.hamburg.ccc.de. mail.hamburg.ccc.de. ( - 2025021101 - 10800 - 3600 - 3600000 - 86400 ) - - IN NS ns.hamburg.ccc.de. - IN NS ns.vie.ccc.de. - - IN MX 5 nomail.ccc.de. - ;IN MX 10 local-mail.hamburg.ccc.de. - IN MX 10 vworker02.irz42.net. - IN MX 23 nomail2.ccc.de. - IN MX 42 nomail3.ccc.de. - - IN TXT "v=spf1 mx ip4:144.76.16.19/32 ip4:212.12.51.133/32 ip6:2a01:4f8:191:331::2/128 ip6:2a00:14b0:f000:23:51:133:0:1/128 ~all" - - IN A 212.12.48.125 - IN AAAA 2a00:14b0:4200:3000:125::1 - -localhost IN A 127.0.0.1 - -* IN CNAME @ -www IN CNAME @ diff --git a/resources/chaosknoten/auth-dns/zones/eh22.easterhegg.eu.zone b/resources/chaosknoten/auth-dns/zones/eh22.easterhegg.eu.zone deleted file mode 100644 index 0d936e6..0000000 --- a/resources/chaosknoten/auth-dns/zones/eh22.easterhegg.eu.zone +++ /dev/null @@ -1,45 +0,0 @@ -$TTL 600 - -@ IN SOA ns.hamburg.ccc.de. mail.hamburg.ccc.de. ( - 2026033101 - 10800 - 3600 - 3600000 - 86400 ) - - IN NS ns.hamburg.ccc.de. - IN NS ns.vie.ccc.de. - - IN A 212.12.48.125 - IN AAAA 2a00:14b0:4200:3000:125::1 - - IN MX 10 cow.hamburg.ccc.de. -;autodiscover IN CNAME cow.hamburg.ccc.de. -;_autodiscover._tcp IN SRV 10 cow.hamburg.ccc.de. 443 -;autoconfig IN CNAME cow.hamburg.ccc.de - - IN TXT "v=spf1 mx ip4:144.76.16.19/32 ip4:212.12.51.133/32 ip6:2a01:4f8:191:331::2/128 ip6:2a00:14b0:f000:23:51:133:0:1/128 ~all" -;_dmarc IN TXT **TODO** - -dkim._domainkey IN TXT ( "v=DKIM1;k=rsa;t=s;s=email;p=MIIBIjANBgkqhk" - "iG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoWo7mbis3REqBURP3ZQZwOY7RSsS7" - "TY9eFHvW/O83YseEHoIQmeKkHj1lRrP+6Jhow2XngveBzt/m5AQclLVMURt5" - "2zsLCtiXxOYMLIIAgFOfxGjMdfqh9+X0wuOqHgoZiP2uBfAWLKfV/CZcovI/" - "0d2d7vQvc+7PJwZ9htoIu3NesasOFsrhv1yfFJidC87focQdaVKfD9cF68/w" - "2Ri2TGzcSQHAiIxJq3MgawSJZiyVD+psZdzZDB1YIw8NJxmDskzFicTLrYyH" - "8XOf5f5lOWjRYrfe0H8sAe1NBb/OP2T7Qs3S9DQosMSPwyALC3FPZKsVMbtI" - "mr8F+J+M/H9QIDAQAB" ) - -localhost IN A 127.0.0.1 - -intern IN A 172.31.17.212 -cfp IN CNAME public-reverse-proxy.hamburg.ccc.de. -_acme-challenge.cfp CNAME 295a66d4-1d71-49f3-a80a-1f7527ec9cca.auth.acmedns.hamburg.ccc.de. -netbox IN CNAME public-reverse-proxy.hamburg.ccc.de. -presale IN A 78.47.203.122 - IN AAAA 2a01:4f8:1c17:b147::2 -pretix IN A 78.47.203.122 - IN AAAA 2a01:4f8:1c17:b147::2 -engel IN A 167.235.129.15 - IN AAAA 2a01:4f8:1c1b:e967::1 -radius IN A 94.45.254.130 diff --git a/resources/chaosknoten/auth-dns/zones/hamburg.ccc.de.zone b/resources/chaosknoten/auth-dns/zones/hamburg.ccc.de.zone deleted file mode 100644 index 17f4dd7..0000000 --- a/resources/chaosknoten/auth-dns/zones/hamburg.ccc.de.zone +++ /dev/null @@ -1,590 +0,0 @@ -; es wird jetzt der hostname mail.hamburg.ccc.de nicht mehr -; verwendet, sondern statt dessen local-mail.hamburg.ccc.de -; die popeye fuehlt sich immer noch unter mail.hamburg.ccc.de -; angesprochen, und nimmt daher keine mails mit absender-adressen -; die sie nicht kennt an. -; ich hoffe diese aenderung arbeitet um diesen bug herum. -; - haegar 2001.11.14 - -$TTL 7200 -@ IN SOA ns.hamburg.ccc.de. haegar.ccc.de. ( - 2026042903 - 10800 - 3600 - 3600000 - 86400 ) - - IN NS ns.hamburg.ccc.de. - IN NS ns.vie.ccc.de. - -$TTL 60 - IN MX 10 cow.hamburg.ccc.de. -; IN MX 10 local-mail.hamburg.ccc.de. -$TTL 7200 - IN TXT "v=spf1 mx ip4:212.12.51.133 ip6:2a00:14b0:f000:23:51:133:0:1 ip4:212.12.48.122 ip6:2a00:14b0:4200:3000:122::1 -all" - - IN A 212.12.48.125 - IN AAAA 2a00:14b0:4200:3000:125::1 - -dkim._domainkey IN TXT ("v=DKIM1;k=rsa;t=s;s=email;" - "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4wZRajtsQTrVgXco7" - "1E2T+UDRxzzXJ+0F7m1UHiPpsjGQJ4Njs4Zc6qC21FLxhUIRFURy9mZ2mGk6hnL" - "w6wi0xm0N3MOH8BG/omPfWJcH4C1XXMk6trYSjhKQb4FzNbusAFoldIdwtt/aa/" - "GJBvRD+XYulvuyqolD2SGY62tAiXqls4ik2ZiDrIv+Dglg8b8fD4kzqe/aXlUvD" - "j3hCMHmyjE8mn8lYnS0QfSnV8NlqKwOhF+iwqfrhMI2bZFCQ+td03RtQjaXw5W+" - "30NMcOv6Se4vPDl4nUIBJZ/wP3CBz1k66VShHB+un7SxoUQuW0+oDqN4QHH338b" - "2dDOoBJndwIDAQAB") -_dmarc IN TXT "v=DMARC1;p=none;sp=none;pct=100;rua=mailto:dmarc-report@hamburg.ccc.de;ruf=mailto:dmarc-report@hamburg.ccc.de;ri=86400;aspf=r;adkim=r;fo=1" - - -;_sip._udp IN SRV 10 0 5060 vermittlung -;_sip._tcp IN SRV 10 4 5060 vermittlung -;_sips._tcp IN SRV 10 4 5060 vermittlung - -_xmpp-client._tcp IN SRV 10 0 5222 jabber -_xmpp-server._tcp IN SRV 10 0 5269 jabber -_xmpp-client._tcp.jabber IN SRV 10 0 5222 jabber -_xmpp-server._tcp.jabber IN SRV 10 0 5269 jabber - -localhost IN A 127.0.0.1 - -dante._domainkey IN TXT ( "v=DKIM1;k=rsa;t=s;s=email;" - "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzMLFoEXbD/IgP6TIz2KDZudbnYtcJ4QjdWiwEP5NMvugymzDCiLaKTwNUFycKA1TvW0Y7/x0EEgqcSjfV87GU8xs6qsArgbQWBCs9gPBInbA8LBX9RN/JX30pESh+jGfdNWl7mWkkyVuONUgy/vFHWswJZ72Lg96gyBBCAR1ABC7qM8PYjoFFlRR76PfZNV8YHRBM/1ypQthtjPf" - "NKhV8MksNIXPKhcQwy6/JAVpkUunVpOrsuf2K6RFVMrVNUEtEYkpZUPtnoTYwaB0rRLg0f+InHzKZx2uv6JexyWZOwxsv8Bv1I+jdiEkQMw9kORZ81sv2mcUO+0PubeYVpvWAwIDAQAB" ) -hansenerd._domainkey IN TXT ( "v=DKIM1; k=rsa; " - "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDlxTgmc5Fe2aQc5razQYlk3OBGNePuevJQ7YVp5j5IM0ukBLM1erTR6DLZZvoGd2puKvfjlvejR3GRY4YXeZkCJoS0ZjwpR3Tfy8PzUbPNMt5e/buHGK1v+9E9zrl4vrxgYYYlYqjl1HF1K9oE5yPI1AIeUxzZpduheJASlxr9VwIDAQAB" ) ; - - -; VMWare ESXi Host: -worker IN A 212.12.48.123 -worker-ipmi IN A 212.12.51.136 -; Proxmox Host: -chaosknoten IN A 212.12.48.126 - IN AAAA 2a00:14b0:4200:3000::126:1 -;chaosknoten-ipmi IN A 212.12.51.137; unused public IP -chaosknoten-ipmi IN A 44.128.124.4 - -; DMZ-Server: -dmz-net IN A 212.12.50.208 - -turing IN A 212.12.48.122 - IN AAAA 2a00:14b0:4200:3000:122::1 - IN MX 10 cow.hamburg.ccc.de. -turing-chaosvpn IN AAAA 2001:6f8:126f:11::3 - IN A 172.31.17.1 -turing-vpn IN CNAME turing-chaosvpn -turing-vpngw IN A 212.12.48.122 - IN AAAA 2a00:14b0:4200:3000:122::1 -turing-vzhost IN A 172.31.17.1 - IN AAAA 2a00:14b0:4200:3000:122::1 - IN MX 10 cow.hamburg.ccc.de. -turing-vzhost2 IN CNAME turing-vzhost -turing-router IN A 172.31.17.129 - -turing-new IN A 172.31.17.132 - -oldturing IN A 172.31.17.122 - IN AAAA 2a00:14b0:f000:23::122 - IN MX 10 cow.hamburg.ccc.de. -turing-intern IN CNAME oldturing -turing-intern2 IN A 172.31.17.142 - IN AAAA 2a00:14b0:f000:23::122 - -ns IN A 212.12.48.122 - IN AAAA 2a00:14b0:f000:23::53 - IN MX 10 cow.hamburg.ccc.de. -ns-intern IN A 172.31.17.53 - IN AAAA 2a00:14b0:f000:23::53 -ns-intern2 IN A 172.31.17.153 - IN AAAA 2a00:14b0:f000:23::53 - -vpn IN A 212.12.48.122 - ; ipv4 only! -www.vpn IN CNAME vpn -cvpn-dns IN A 172.31.0.5 -chaosvpn-dns IN A 172.31.17.136 - -turing-db IN A 172.31.17.135 - IN MX 10 cow.hamburg.ccc.de. - -jabber IN A 212.12.48.122 - IN AAAA 2a00:14b0:f000:23::26 - IN MX 5 nomail.ccc.de. - IN MX 10 cow.hamburg.ccc.de. -jabber-intern IN A 172.31.17.134 - IN AAAA 2a00:14b0:f000:23::26 - IN MX 5 nomail.ccc.de. - IN MX 10 cow.hamburg.ccc.de. - -gitlab IN A 212.12.48.122 - IN AAAA 2a00:14b0:4200:3000:122::1 - ; ipv6 also has DNAT rules -gitlab-intern IN A 172.31.17.133 - IN AAAA 2a00:14b0:f000:23::133 - IN MX 5 nomail.ccc.de. - IN MX 10 cow.hamburg.ccc.de. - -gitlab-cr IN CNAME gitlab - -gitlab-test IN A 212.12.48.122 - IN AAAA 2a00:14b0:4200:3000:122::1 - ; ipv6 also has DNAT rules -gitlab-test-intern IN A 172.31.17.138 - IN AAAA 2a00:14b0:f000:23::138 - IN MX 5 nomail.ccc.de. - IN MX 10 cow.hamburg.ccc.de. - -gitlab-runner IN A 172.31.17.139 - IN MX 5 nomail.ccc.de. - IN MX 10 cow.hamburg.ccc.de. - -lists IN A 212.12.51.132 - IN AAAA 2a00:14b0:f000:23:51:132:0:1 - IN MX 10 lists - IN TXT "v=spf1 mx -all" -dkim._domainkey.lists IN TXT ( "v=DKIM1; h=sha256; k=rsa; " - "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvNlbGPBluV3q3eT1C6nJ" - "8KuSNAx9ycTO0urNkz4In1I2srmK8qPTfqfPU7y5kjHM1oC31+LwVNiyzeIQl" - "cdW00DMTHfzkQAjtdDXgKG5db4Dqw+2wtZfLGvBFOSfV0RspZmSDSN6ON81dk" - "lVABMMOA7Vd8wwIj0ms/gb/+AB0IQIDAQAB" ) -ccchoir-intern IN A 172.31.17.156 - -cow IN A 212.12.51.133 - IN AAAA 2a00:14b0:f000:23:51:133:0:1 - IN MX 10 cow -cow-intern IN A 172.31.17.201 -auth-dns IN A 212.12.48.124 -auth-dns IN AAAA 2a00:14b0:4200:3000:124::1 - -cowtest IN MX 10 cow - IN TXT "v=spf1 mx -all" -dkim._domainkey.cowtest IN TXT ("v=DKIM1;k=rsa;t=s;s=email;p=" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy5aAMRgFdGdG+Ewmn" - "OZb8gdCjSSoFjTxu/GW9edVWU0zsRRQT9r6oF82Cn05jEKNra3D8tE48jBaDQ" - "GOAFa4BgjxiIfP/D36CaN2JT5sno3faSBkqaKoBG0zRD2UsNj/ROfHB844BOf" - "AUt4KFMMHUfO03Gu6ps9nq/QBsrR5Iq6sMv9WiftKjh4twS4S+Wz7ZXymY3yd" - "jRLI8r48pASg6IoiByV8kR3r7OZw9dzmNgbTCOEyKaicB4KJDjgJvQut8af8g" - "sYQYTCSPVqkwb5Y+yJNKhQmsYBwUX23x5Yng2gDBY/pjGeWl28SxdGhm8C23a" - "0wVCz4kQGNvcULnrzifwIDAQAB") -_autodiscover._tcp.cowtest IN SRV 0 1 443 cow -_caldavs._tcp.cowtest IN SRV 0 1 443 cow -_caldavs._tcp.cowtest IN TXT "path=/SOGo/dav/" -_carddavs._tcp.cowtest IN SRV 0 1 443 cow -_carddavs._tcp.cowtest IN TXT "path=/SOGo/dav/" -_imap._tcp.cowtest IN SRV 0 1 143 cow -_imaps._tcp.cowtest IN SRV 0 1 993 cow -_pop3._tcp.cowtest IN SRV 0 1 110 cow -_pop3s._tcp.cowtest IN SRV 0 1 995 cow -_sieve._tcp.cowtest IN SRV 0 1 4190 cow -_smtps._tcp.cowtest IN SRV 0 1 465 cow -_submission._tcp.cowtest IN SRV 0 1 587 cow - - -mail IN A 212.12.48.122 - IN MX 10 cow.hamburg.ccc.de. -local-mail IN A 172.31.17.201 ; make hosts with relayhost=local-mail work -;local-mail IN A 212.12.48.122 -; IN AAAA 2a00:14b0:f000:23::122 -; IN MX 10 cow.hamburg.ccc.de. - -jitsi-old IN A 49.12.8.103 - IN AAAA 2a01:4f8:c17:392f::1 -jitsi IN A 212.12.51.139 - IN AAAA 2a00:14b0:f000:23:51:139:0:1 - -mumble IN A 212.12.51.141 - IN AAAA 2a00:14b0:f000:23:51:141:0:1 - - -id IN A 212.12.48.125 - IN AAAA 2a00:14b0:4200:3000:125::1 -keycloak-admin IN A 212.12.48.125 - IN AAAA 2a00:14b0:4200:3000:125::1 -invite IN A 212.12.48.125 - IN AAAA 2a00:14b0:4200:3000:125::1 -id IN MX 10 cow - IN TXT "v=spf1 mx -all" -dkim._domainkey.id IN TXT ("v=DKIM1;k=rsa;t=s;s=email;p=" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx6wcQjo7qgb1CMOv5" - "6odc7Ef8rocu3bv3JKBIqL/msuoEFOiXGpPZrwcWQJc7lS5tLTxR5XuP02D3D" - "Vif+8D3R8YzLsNMdLZ5moQacdJK2OFFiet2G3kWjBdKH1em9FwMa0MBWlk6LR" - "YWRgsByFBMNIItwkBmqmNrmrPRneRprLYQCf34McDmkzpzUpFdF5sgmbmDpdX" - "genmqXgBopvmnTeXa+kQnoVgrMyWE41zdWaXrDAtoYye3e31j0Nxhnfg+I7vO" - "XPfmatTH7yieDaLG+3kHjbA3WFyAkb/ZAqZaFM8k6cQJEZb7jDzdKlm1fuPrk" - "YUrfZ1V3pglzdm0QbM4wIDAQAB") - -aes-intern IN A 172.31.17.145 -tickets-intern IN A 172.31.17.148 -grafana-intern IN A 172.31.17.145 -loki-intern IN A 172.31.17.145 -eh22-netbox-intern IN A 172.31.17.166 -sunders-intern IN A 172.31.17.170 -renovate-intern IN A 172.31.17.171 -netbox-intern IN A 172.31.17.167 -matrix-intern IN A 172.31.17.150 -; have this for compatibility (like references in CI) -public-web-static-intern IN AAAA 2a00:14b0:42:102::17 -pretalx-intern IN A 172.31.17.157 -zammad-intern IN A 172.31.17.152 -nixos-template-intern IN A 172.31.17.200 -git-intern IN A 172.31.17.154 -forgejo-actions-runner-intern IN A 172.31.17.155 -nix-box-june-intern IN A 172.31.17.158 -woodpecker-intern IN A 172.31.17.160 -mjolnir-intern IN A 172.31.17.161 -mjolnir-ng-intern IN A 172.31.17.169 -penpot-intern IN A 172.31.17.162 -penpot-ng-intern IN A 172.31.17.168 -hydra-intern IN A 172.31.17.163 -forgejo-runner-builder IN A 172.31.17.202 -renovate-forgejo IN A 172.31.17.163 -ansible-testing-intern IN A 172.31.17.164 -ntfy-intern IN A 172.31.17.149 -status IN AAAA 2a00:14b0:f001:100::fd -status IN A 212.12.50.253 -design IN A 212.12.48.125 - IN AAAA 2a00:14b0:4200:3000:125::1 - IN MX 10 cow - IN TXT "v=spf1 mx -all" -dkim._domainkey.design IN TXT ("v=DKIM1;k=rsa;t=s;s=email;p=" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtod7q+mkIcZFe512v" - "jzXF0UfGmo8R6UxeJ/MCi/qjjN+sSqn4dohQx3NBhK3UF9/8Ze7FT5znTxeWj" - "Ks+le/dSS4CKxjSFAV1FjcaAqrUaxO1V8+fxcUSVzAQZXUVyNqqv+SAFUVJSE" - "3zZIuJim4F1HVVLvwbLJZ450ns8KQ7n3RNY2+mqQoxo8xmMg2QFOoQKlSYspC" - "TRTV4LM/n5Jm7Mm1F5DwJ+7Ie9s/WvTWKKKUExmoa5SNheGcfybC+sqnJu7L0" - "F5dWFwk0zzQDcVSY2m9qFWPEuO2fZmiB4IoG4yXkooSY2sH9Z8eX2+6i3k/ub" - "qx58Mav6VlkTxsOAdbbQIDAQAB") -hydra IN A 212.12.48.125 -regio-stage IN A 212.12.51.142 - AAAA 2a00:14b0:f000:23:51:142:0:1 - -public-reverse-proxy IN A 212.12.48.125 - IN AAAA 2a00:14b0:4200:3000:125::1 -public-reverse-proxy-intern IN A 172.31.17.140 -router IN A 212.12.48.123 - -rproxy IN A 212.12.48.122 - IN AAAA 2a00:14b0:4200:3000:122::1 - IN MX 10 cow.hamburg.ccc.de. -rproxy-intern IN A 172.31.17.180 - IN AAAA 2a00:14b0:f000:23::80 - IN MX 10 cow.hamburg.ccc.de. - -bildungsurlaub IN CNAME rproxy -doku IN CNAME rproxy -test IN CNAME rproxy -www.test IN CNAME rproxy -eh2003 IN CNAME public-reverse-proxy -www.eh2003 IN CNAME public-reverse-proxy -easterhegg2003 IN CNAME public-reverse-proxy -www.easterhegg2003 IN CNAME public-reverse-proxy -eh2005 IN CNAME public-reverse-proxy -www.eh2005 IN CNAME public-reverse-proxy -easterhegg2005 IN CNAME public-reverse-proxy -www.easterhegg2005 IN CNAME public-reverse-proxy -eh2007 IN CNAME public-reverse-proxy -www.eh2007 IN CNAME public-reverse-proxy -eh07 IN CNAME public-reverse-proxy -www.eh07 IN CNAME public-reverse-proxy -easterhegg2007 IN CNAME public-reverse-proxy -www.easterhegg2007 IN CNAME public-reverse-proxy -eh2009 IN CNAME public-reverse-proxy -www.eh2009 IN CNAME public-reverse-proxy -eh09 IN CNAME public-reverse-proxy -www.eh09 IN CNAME public-reverse-proxy -easterhegg2009 IN CNAME public-reverse-proxy -www.easterhegg2009 IN CNAME public-reverse-proxy -eh2011 IN CNAME public-reverse-proxy -www.eh2011 IN CNAME public-reverse-proxy -eh11 IN CNAME public-reverse-proxy -www.eh11 IN CNAME public-reverse-proxy -easterhegg2011 IN CNAME public-reverse-proxy -www.easterhegg2011 IN CNAME public-reverse-proxy -eh20 IN CNAME public-reverse-proxy - -oldwiki IN CNAME rproxy -nonpublic.wiki IN CNAME rproxy -www.nonpublic.wiki IN CNAME rproxy -planet IN CNAME rproxy -www.planet IN CNAME rproxy -chaos-macht-schule IN CNAME rproxy -www.chaos-macht-schule IN CNAME rproxy - -branding-resources IN CNAME public-reverse-proxy -element IN CNAME public-reverse-proxy -matrix IN CNAME public-reverse-proxy -mas IN CNAME public-reverse-proxy -element-admin IN CNAME public-reverse-proxy -netbox IN CNAME public-reverse-proxy -woodpecker IN CNAME public-reverse-proxy -onlyoffice IN CNAME public-reverse-proxy -pad IN CNAME public-reverse-proxy -pretalx IN CNAME public-reverse-proxy -spaceapi IN CNAME public-reverse-proxy -staging IN CNAME public-reverse-proxy -wiki IN CNAME public-reverse-proxy -www IN CNAME public-reverse-proxy -ntfy IN CNAME public-reverse-proxy -sunders IN CNAME public-reverse-proxy -spaceapiccc IN CNAME public-reverse-proxy -acmedns IN CNAME public-reverse-proxy -cpuccc IN CNAME public-reverse-proxy -did IN CNAME public-reverse-proxy - - -auth.acmedns IN NS acmedns.hosts.hamburg.ccc.de. - -git IN A 212.12.51.136 - IN AAAA 2a00:14b0:f000:23:51:136::1 -git IN MX 10 cow - IN TXT "v=spf1 mx -all" -dkim._domainkey.git IN TXT ("v=DKIM1;k=rsa;t=s;s=email;p=" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsUGmKDns/qokxyz2u" - "lcyKIcs/S+zf+0wHCfhSOK4lLnws8U/wIny5FAW3zM/7TliqIftzZ2B0Cz8W6" - "YvmtgLyKqBzvCSG0dNYyy9TVeGM4HyrmLBbUkQdGGQwmoJTnCe9gT9z6GO9k2" - "uFfHJsk/iffU75x9iXqLXPGL/CGmLKuBmkYGda2rQ9ATUIpQhIxnerZvVc3RA" - "qwD8/pYvMLOqvCStVHM5Zi+j1Jr0BC8mxU8pIY6rfOVt+h/V3wh0F6dL0z9nw" - "ZhDE53K8frGp2CC5dW/A37FrfMJv+ODw2tX8EdyL2hDBshBQ4r8WiYJTtIMPL" - "50A9UzZndyiLAHoeLrZQIDAQAB") -hackertours IN A 212.12.48.125 - IN AAAA 2a00:14b0:4200:3000:125::1 - MX 10 cow.hamburg.ccc.de. - IN TXT "v=spf1 mx -all" -dkim._domainkey.hackertours IN TXT ("v=DKIM1;k=rsa;t=s;s=email;" - "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnG5J6rMvbOy7mmV4mKfN" - "7SSrtxKP/jI0XWwO2njO3jM6DkAGDpmRH69B5sOW/53/yg7MMdGytGfNAk61YJknP+" - "NGZNSk7F2p2aB+zoksLVcIKdY1YwicYS7l6Q7qWBfv8ctmGTzcwO0UEAizD6xdINN8" - "YmhHorgnxR3HbHeUmaxIe4WM2wWRYiD+9tpY1f0O/NEEoHxmFecRhU9SVmuhLgiOyF" - "AWpPYBMOsKEHoKREENc+4VBj6H2GYTKIs+dYKDNEmVVdnRkgtAVO3FrjCkedBJ7RbR" - "RNHIqdt9u8AF+Vrs1Oq72ZQrNVR0ezEyBScJaxy5JphvBWkMSYSoDpvXLwIDAQAB") -staging.hackertours IN A 212.12.48.125 - IN AAAA 2a00:14b0:4200:3000:125::1 -grafana IN A 212.12.48.125 - IN AAAA 2a00:14b0:4200:3000:125::1 -tickets IN A 212.12.48.125 - IN AAAA 2a00:14b0:4200:3000:125::1 -zammad IN A 212.12.48.125 - IN AAAA 2a00:14b0:4200:3000:125::1 - -loki IN CNAME grafana.hosts -metrics IN CNAME grafana.hosts - -; attraktor openvz vm -attraktor IN A 172.31.17.14 - IN AAAA 2a00:14b0:f000:23:48::14 - IN MX 10 cow.hamburg.ccc.de. -attraktor-intern IN A 172.31.17.14 - IN AAAA 2a00:14b0:f000:23:48::14 - IN MX 10 cow.hamburg.ccc.de. -attraktor-intern2 IN A 172.31.17.137 - IN MX 10 cow.hamburg.ccc.de. - -erfafoo IN A 212.12.51.138 - IN AAAA 2a00:14b0:f000:23:50:210::1 - IN MX 10 cow.hamburg.ccc.de. -local IN CNAME erfafoo -lokal IN CNAME erfafoo - -; fuer vollkorn: -;webfoo IN A 212.12.51.138 -; IN AAAA 2a00:14b0:4200:3380:138::1 -; IN MX 5 nomail.ccc.de. -; IN MX 10 cow.hamburg.ccc.de. - -; chaos macht schule server -cms IN A 212.12.51.131 -www.cms IN CNAME cms -schule IN CNAME cms -www.schule IN CNAME cms - -; Firewall: -ovpn IN A 212.12.48.122 -fwhh-v6 IN A 212.12.50.214 - -; (irc) nat ip -chaoscafe IN A 212.12.50.209 - -cloud IN A 212.12.48.125 - IN AAAA 2a00:14b0:4200:3000:125::1 -cloud IN MX 10 cow - IN TXT "v=spf1 mx -all" -dkim._domainkey.cloud IN TXT ("v=DKIM1;k=rsa;t=s;s=email;p=" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvr7XIfOFt99cdEKeP" - "Qhz7miwN2tIZF+imJ3p/r/kam0TKN5pbRMDK0HH4Jl8ksBDozXrLo+U71TX+m" - "XBBeNca4QSfmJh6cAesibf4v/6ssGBdQR7efc2b3dFvZS5/qdS7oLYqYbGpuv" - "aUB0gzhatrAR0i6HdtXrsJxGemda4WvZXaPLPwcWByHLZsHQUbaD3doZOJGXI" - "7+HQs9BuDo4PKQs1/mE5BEWQ0ISEKZ4bk1p8U0ZsfcdQ8o9X53Tj+JxvJHgxi" - "h7yHMr4y9hCOAkvZTFZ/Z/r3KU+N+t9NrVYm995KEernSxE3MXYIsdaFKBDvX" - "Xq837yzJmv7D9S9We3YwIDAQAB") -; Mail: hosts.hamburg.ccc.de -hosts IN MX 10 cow - IN TXT "v=spf1 mx -all" -dkim._domainkey.hosts IN TXT ("v=DKIM1;k=rsa;t=s;s=email;p=" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyFnskyCW0420D+5PA" - "L6cKmPoZR2nrPaMPiJl0+DbDhnsLdXtt3cKZkAin2GYQRvZJvlcJ3JFkFljmQ" - "sZk7BJ02rV7S79DgeFhKMzjE0p/GaMBSdzDZJQEVkKhEK+KBbSfaZ0FM/4Qh0" - "beI26kBgbR6bc+SGdB7+LB2JLPxr5ipP0gJ7RtE+QWIoDaU0e9dSYhucJ4A4k" - "RMs3ECvcCVgsyhRPJahs8tzbKjhnp956ru6Jda3Yo/ubhy4AztP/7ZQayCv/W" - "06PfZNo/i2711F98L2ATQaDsOCKWhpskyrCRcR1nTWNSL7qYhOPD1hZonsd5I" - "f5WwrR4meWD3wmXbX29wIDAQAB") -; Mail: hosts-external.hamburg.ccc.de -external-hosts IN MX 10 cow - IN TXT "v=spf1 mx -all" -dkim._domainkey.external-hosts IN TXT ("v=DKIM1;k=rsa;t=s;s=email;p=" - "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkfdJvL7Tpdw6JLkuU" - "nOLwtxojWZ5Xq6rLDK3EzrX2Tyeq03nqgQuI3ruHgodHb1D7sieU61x30+g7y" - "8HnjrN1bfH1iQJUzEOCgOWHwQEbLdbQxcazmbEdowBuA0VuYrXL2tcCFJwdcZ" - "MKZAyuba7leeRgSngZJnesT7aaGvZSuzLa1/KaW4MRbOOmy5LlukBC3EZBpWn" - "/dL73spDajlDx4VRMUpZQq/PAoPPwCFdw/HNnzxBYBIdVloeJx91qBRaNyUIb" - "C/to8YSDVi2aMHiXhTBfoNd1VcxjlBYWqEZtdUhecUjwmbbAO4f0ECO4bs0Yz" - "d/EgJB70ry1quA0MqgZQIDAQAB") - -; for thw: -orga IN A 212.12.51.130 - IN MX 23 nomail.ccc.de. - IN MX 42 orga - -shellhost IN A 212.12.51.140 - IN AAAA 2a00:14b0:f000:23:51:140:0:1 - IN MX 5 nomail.ccc.de. - IN MX 10 cow.hamburg.ccc.de. -shells IN CNAME shellhost - -; chaos vpn-hub on haegars hetzner machine -vpnhub1 IN A 136.243.3.60 - IN MX 5 nomail.ccc.de. - IN MX 10 mail.sdinet.de. -vpnhub1.ipv4 IN A 136.243.3.60 -vpnhub1-intern IN A 172.31.2.1 - -; special -ccchh IN MX 5 nomail.ccc.de. - IN MX 10 cow.hamburg.ccc.de. - -office IN CNAME office.hh.ccc.de. -officemail IN CNAME officemail.hh.ccc.de. - -template IN A 172.31.17.199 - IN AAAA 2a00:14b0:f000:23::199 - IN MX 10 cow.hamburg.ccc.de. - -irc IN A 176.56.239.136 - IN AAAA 2a00:d880:8:1::1aa - IN MX 5 nomail.ccc.de. - -;anonymizer IN A 192.162.102.224 -; IN MX 5 nomail.ccc.de. -; IN MX 10 anonymizer -;mixminion IN A 192.162.102.225 -; IN MX 5 nomail.ccc.de. -; IN MX 10 mixminion - -cryptoparty IN CNAME public-reverse-proxy -staging.cryptoparty IN CNAME public-reverse-proxy -cryptoparty-intern IN A 172.31.17.213 - -; Freifunk Gateways -freifunk-gw01 IN CNAME gw01.hamburg.freifunk.net. -freifunk-gw02 IN CNAME gw02.hamburg.freifunk.net. -freifunk-gw03 IN CNAME gw03.hamburg.freifunk.net. -freifunk-gw04 IN CNAME gw04.hamburg.freifunk.net. -freifunk-gw05 IN CNAME gw05.hamburg.freifunk.net. -freifunk-gw06 IN CNAME gw06.hamburg.freifunk.net. -freifunk-gw07 IN CNAME gw07.hamburg.freifunk.net. -freifunk-gw08 IN CNAME gw08.hamburg.freifunk.net. -freifunk-gw09 IN CNAME gw09.hamburg.freifunk.net. -freifunk-gw10 IN CNAME gw10.hamburg.freifunk.net. -freifunk-gw11 IN CNAME gw11.hamburg.freifunk.net. -freifunk-gw12 IN CNAME gw12.hamburg.freifunk.net. -freifunk-gw13 IN CNAME gw13.hamburg.freifunk.net. -freifunk-gw14 IN CNAME gw14.hamburg.freifunk.net. -freifunk-gw15 IN CNAME gw15.hamburg.freifunk.net. -freifunk-gw16 IN CNAME gw16.hamburg.freifunk.net. -freifunk-gw17 IN CNAME gw17.hamburg.freifunk.net. -freifunk-gw18 IN CNAME gw18.hamburg.freifunk.net. -freifunk-gw19 IN CNAME gw19.hamburg.freifunk.net. -freifunk-gw20 IN CNAME gw20.hamburg.freifunk.net. - -fftest IN A 212.12.51.135 - IN AAAA 2a00:14b0:f000:23::135 - -; Shellbordell -colossus IN A 212.12.51.133 - -; generic aliases -LAN-212-12-50-208.dmz-net IN A 212.12.50.208 -ip208 IN A 212.12.50.208 -ip209 IN A 212.12.50.209 -ip210 IN A 212.12.50.210 -ip211 IN A 212.12.50.211 -ip212 IN A 212.12.50.212 -ip213 IN A 212.12.50.213 -ip214 IN A 212.12.50.214 -ENDE-212-12-50-215.dmz-broadcast IN A 212.12.50.215 -ip215 IN A 212.12.50.215 - -; ChaosVPN -hack IN NS cvpn-dns.hack -cvpn-dns.hack IN A 172.31.0.5 - -; IPv4 Reverse DNS - -122.48.12.212.rdns IN PTR turing.hamburg.ccc.de. -123.48.12.212.rdns IN PTR ip-48-123.hamburg.ccc.de. -124.48.12.212.rdns IN PTR ip-48-124.hamburg.ccc.de. -125.48.12.212.rdns IN PTR public-reverse-proxy.hamburg.ccc.de. -126.48.12.212.rdns IN PTR chaosknoten.hamburg.ccc.de. - -208.50.12.212.rdns IN PTR net-12-50-212.hamburg.ccc.de. -209.50.12.212.rdns IN PTR turing.hamburg.ccc.de. -;210.50.12.212.rdns IN PTR erfafoo.hamburg.ccc.de. -211.50.12.212.rdns IN PTR ip-50-12-211.hamburg.ccc.de. -213.50.12.212.rdns IN PTR cryptoparty.hamburg.ccc.de. -214.50.12.212.rdns IN PTR ip-50-12-214.hamburg.ccc.de. -215.50.12.212.rdns IN PTR broadcast-12-15-212.hamburg.ccc.de. - -128.51.12.212.rdns IN PTR net-12-51-128.hamburg.ccc.de. -129.51.12.212.rdns IN PTR ip-51-129.hamburg.ccc.de. -130.51.12.212.rdns IN PTR ip-51-130.hamburg.ccc.de. -131.51.12.212.rdns IN PTR cms.hamburg.ccc.de. -132.51.12.212.rdns IN PTR lists.hamburg.ccc.de. -133.51.12.212.rdns IN PTR cow.hamburg.ccc.de. -134.51.12.212.rdns IN PTR srv01.hamburg.freifunk.net. -135.51.12.212.rdns IN PTR fftest.hamburg.ccc.de. -136.51.12.212.rdns IN PTR git.hamburg.ccc.de. -137.51.12.212.rdns IN PTR ip-51-137.hamburg.ccc.de. -138.51.12.212.rdns IN PTR erfafoo.hamburg.ccc.de. -139.51.12.212.rdns IN PTR jitsi.hamburg.ccc.de. -140.51.12.212.rdns IN PTR ip-51-140.hamburg.ccc.de. -141.51.12.212.rdns IN PTR mumble.hamburg.ccc.de. -142.51.12.212.rdns IN PTR regio-stage.hamburg.ccc.de. -143.51.12.212.rdns IN PTR broadcast-12-15-128.hamburg.ccc.de. - -; hosts.hamburg.ccc.de -wiki.hosts IN AAAA 2a00:14b0:42:102::2 -cloud.hosts IN AAAA 2a00:14b0:42:102::3 -eh22-wiki.hosts IN AAAA 2a00:14b0:42:102::4 -pad.hosts IN AAAA 2a00:14b0:42:102::5 -keycloak.hosts IN AAAA 2a00:14b0:42:102::6 -onlyoffice.hosts IN AAAA 2a00:14b0:42:102::7 -renovate.hosts IN AAAA 2a00:14b0:42:102::8 -sunders.hosts IN AAAA 2a00:14b0:42:102::9 -mjolnir.hosts IN AAAA 2a00:14b0:42:102::a -netbox.hosts IN AAAA 2a00:14b0:42:102::b -tickets.hosts IN AAAA 2a00:14b0:42:102::c -zammad.hosts IN AAAA 2a00:14b0:42:102::d -grafana.hosts IN AAAA 2a00:14b0:42:102::e -ccchoir.hosts IN AAAA 2a00:14b0:42:102::f -pretalx.hosts IN AAAA 2a00:14b0:42:102::10 -ntfy.hosts IN AAAA 2a00:14b0:42:102::11 -spaceapiccc.hosts IN AAAA 2a00:14b0:42:102::12 -acmedns.hosts IN AAAA 2a00:14b0:42:102::13 -www2.hosts IN AAAA 2a00:14b0:42:102::14 -www3.hosts IN AAAA 2a00:14b0:42:102::15 -diday-staging-runner.hosts IN AAAA 2a00:14b0:42:102::16 -public-web-static.hosts IN AAAA 2a00:14b0:42:102::17 -forgejo-actions-runner.hosts IN AAAA 2a00:14b0:42:102::18 - -; acme-challenges -_acme-challenge.sunders CNAME a5ee8a99-3cdf-4212-972e-c0b6fda1242f.auth.acmedns -_acme-challenge.pretalx CNAME 295a66d4-1d71-49f3-a80a-1f7527ec9cca.auth.acmedns diff --git a/resources/chaosknoten/auth-dns/zones/hh.ccc.de.zone b/resources/chaosknoten/auth-dns/zones/hh.ccc.de.zone deleted file mode 100644 index 35794ba..0000000 --- a/resources/chaosknoten/auth-dns/zones/hh.ccc.de.zone +++ /dev/null @@ -1,73 +0,0 @@ -$TTL 7200 - -; es wird jetzt der hostname mail.hamburg.ccc.de nicht mehr -; verwendet, sondern statt dessen local-mail.hamburg.ccc.de -; die popeye fuehlt sich immer noch unter mail.hamburg.ccc.de -; angesprochen, und nimmt daher keine mails mit absender-adressen -; die sie nicht kennt an. -; ich hoffe diese aenderung arbeitet um diesen bug herum. -; - haegar 2001.11.14 - -@ IN SOA auth-dns.hamburg.ccc.de. noc.hamburg.ccc.de. ( - 2024012601 - 10800 - 3600 - 3600000 - 86400 ) - - IN NS ns.hamburg.ccc.de. - IN NS ns.vie.ccc.de. - - IN MX 5 nomail.ccc.de. -; IN MX 10 local-mail.hamburg.ccc.de. - IN MX 23 nomail2.ccc.de. - IN MX 42 nomail3.ccc.de. - - IN A 212.12.48.125 - IN AAAA 2a00:14b0:4200:3000:125::1 - -localhost IN A 127.0.0.1 - - -; DMZ-Server: -dmz-net IN A 212.12.50.208 - -turing IN CNAME turing.hamburg.ccc.de. -www IN CNAME www.hamburg.ccc.de. - -LAN-212-12-51-128 IN A 212.12.51.128 -gate IN A 212.12.51.129 -END-212-12-51-143 IN A 212.12.51.143 - - -; convience and email - -backup IN A 172.31.16.3 - IN AAAA 2001:6f8:126f:1:16:20:0:3 -; IN MX 5 nomail.ccc.de. - IN MX 10 local-mail.hamburg.ccc.de. - -officemail IN A 172.31.17.131 - IN MX 5 nomail.ccc.de. -; IN MX 10 local-mail.hamburg.ccc.de. - IN MX 23 nomail2.ccc.de. - IN MX 42 nomail3.ccc.de. - -orga IN CNAME orga.hamburg.ccc.de. - - -; Die alte World, aka popeye.crew-gmbh.de -; Legacy-Names, do not delete -world IN A 192.76.134.7 - IN MX 10 world -popeye IN A 192.76.134.7 - IN MX 10 world -uucp IN A 192.76.134.7 - -; ChaosVPN -hack IN NS cvpn-dns.hack -cvpn-dns.hack IN A 172.31.0.5 - - -; tmp test -merz.leck.eier IN TXT "kann er mal" diff --git a/resources/chaosknoten/auth-dns/zones/localhost.zone b/resources/chaosknoten/auth-dns/zones/localhost.zone deleted file mode 100644 index 0ef6b01..0000000 --- a/resources/chaosknoten/auth-dns/zones/localhost.zone +++ /dev/null @@ -1,12 +0,0 @@ -$ORIGIN localhost. -$TTL 7200 - -@ 1D IN SOA @ root ( - 42 ; serial (d. adams) - 3H ; refresh - 15M ; retry - 1W ; expiry - 1D ) ; minimum - - 1D IN NS @ - 1D IN A 127.0.0.1 diff --git a/resources/chaosknoten/auth-dns/zones/old-old/ccc.zone b/resources/chaosknoten/auth-dns/zones/old-old/ccc.zone deleted file mode 100644 index cd64c12..0000000 --- a/resources/chaosknoten/auth-dns/zones/old-old/ccc.zone +++ /dev/null @@ -1,61 +0,0 @@ -$ORIGIN ccc. -$TTL 7200 -@ IN SOA turing.hamburg.ccc.de. haegar.ccc.de. ( - 2002101507 - 10800 - 3600 - 3600000 - 86400 ) - - IN NS turing.hamburg.ccc.de. - -localhost IN A 127.0.0.1 - -www IN A 195.21.255.248 - -hh IN NS ccchh.hh.ccc. - IN NS turing.hamburg.ccc.de. -ccchh.hh IN A 192.168.16.2 - -vpn.hh IN NS turing.hamburg.ccc.de. - -; haegar: -sdinet IN NS ns.sdinet.ccc. -ns.sdinet IN A 192.168.18.41 - -; falk: -valhalla IN NS thor.valhalla.ccc. -thor.valhalla IN A 192.168.21.1 - -; jeedi: -ghetto IN NS semaphore.ghetto.ccc. -semaphore.ghetto IN A 192.168.20.2 - -; count -flatline IN NS aleph.flatline.de. -flatline IN NS pulse.flatline.de. - -; thalunil (Alex Bihlmaier) -core.kallisti IN A 194.122.183.51 -fnord IN NS core.kallisti -kallisti IN NS core.kallisti - -; sz -vogsphere IN A 212.12.48.51 -datenknoten IN A 212.12.48.49 -znet IN NS datenknoten.ccc. -sz IN NS datenknoten.ccc. -chaos IN NS datenknoten.ccc. -funk IN NS datenknoten.ccc. -presse IN NS datenknoten.ccc. -weltregierung IN NS datenknoten.ccc. - -; migri -migri IN CNAME migri.homeip.net. - -; Enno -enno IN CNAME home.verbrennung.org. - -; Dennis -desc IN NS freya.ainex.net. - diff --git a/resources/chaosknoten/auth-dns/zones/old-old/vpn.hh.ccc.zone b/resources/chaosknoten/auth-dns/zones/old-old/vpn.hh.ccc.zone deleted file mode 100644 index cc76768..0000000 --- a/resources/chaosknoten/auth-dns/zones/old-old/vpn.hh.ccc.zone +++ /dev/null @@ -1,37 +0,0 @@ -$ORIGIN vpn.hh.ccc. -$TTL 7200 - -@ IN SOA vpn.hh.ccc. haegar.ccc.de. ( - 2002101502 - 10800 - 3600 - 3600000 - 86400 ) - - IN NS turing.hamburg.ccc.de. - -localhost IN A 127.0.0.1 - -network IN A 192.168.0.64 -fwhh IN A 192.168.0.65 -worf IN A 192.168.0.66 -sdinet-cut IN A 192.168.0.67 -migri IN A 192.168.0.68 -cemil IN A 192.168.0.69 -fw IN A 192.168.0.70 -fw-server IN A 192.168.0.71 - -broadcast IN A 192.168.0.127 - -net.znet IN A 192.168.23.0 -gate.znet IN A 192.168.23.23 -bc.znet IN A 192.168.23.255 - -net.no-maam IN A 192.168.24.0 -gate.no-maam IN A 192.168.24.1 -bc.no-maam IN A 192.168.24.255 - -net.loom IN A 192.168.33.0 -gate.loom IN A 192.168.33.1 -bc.loom IN A 192.168.33.255 - diff --git a/roles/auth_dns/defaults/main.yaml b/roles/auth_dns/defaults/main.yaml deleted file mode 100644 index 50a3ffb..0000000 --- a/roles/auth_dns/defaults/main.yaml +++ /dev/null @@ -1,2 +0,0 @@ ---- -knot__remotes: [ ] diff --git a/roles/auth_dns/handlers/main.yaml b/roles/auth_dns/handlers/main.yaml deleted file mode 100644 index 11944a0..0000000 --- a/roles/auth_dns/handlers/main.yaml +++ /dev/null @@ -1,19 +0,0 @@ ---- -- name: restart knot - tags: [ auth-dns ] - become: true - ansible.builtin.systemd: - name: knot.service - state: restarted - -- name: reload knot zones - tags: [ auth-dns ] - become: true - changed_when: true - ansible.builtin.command: "knotc zone-reload" - -- name: netplan apply - tags: [ auth-dns ] - become: true - changed_when: true - ansible.builtin.command: "netplan apply" diff --git a/roles/auth_dns/meta/argument_specs.yaml b/roles/auth_dns/meta/argument_specs.yaml deleted file mode 100644 index 40a5823..0000000 --- a/roles/auth_dns/meta/argument_specs.yaml +++ /dev/null @@ -1,59 +0,0 @@ ---- -argument_specs: - main: - options: - knot__dnssec_key_id: - description: The id of the TSIG key which knot will use for zone transfer signing - type: str - required: true - knot__dnssec_key_secret: - description: The secret value of the TSIG key which knot will use for zone transfer signing - type: str - required: true - knot__remotes: - description: - - A list of definitions for remote nameservers that are used for different purposes - - See https://www.knot-dns.cz/docs/latest/html/reference.html#remote-section for details - type: list - elements: dict - required: false - options: - id: - type: str - required: true - address: - type: list - required: true - elements: str - knot__catalog_zones: - description: A list of catalog zones that will be served by knot - type: list - elements: dict - required: true - options: - domain: - type: str - required: true - notify_targets: - type: list - elements: str - required: false - knot__zones: - description: A list of user zones that will be served by knot - type: list - elements: dict - required: true - options: - domain: - type: str - required: true - notify_targets: - type: list - elements: str - required: false - catalog_member: - type: str - required: false - content: - type: str - required: true diff --git a/roles/auth_dns/tasks/01-install.yaml b/roles/auth_dns/tasks/01-install.yaml deleted file mode 100644 index 0a269d6..0000000 --- a/roles/auth_dns/tasks/01-install.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -- name: Install knot - tags: [ auth-dns ] - become: true - ansible.builtin.package: - name: - - knot - - knot-exporter - - knot-dnssecutils - - knot-dnsutils - - knot-host diff --git a/roles/auth_dns/tasks/02-configure.yaml b/roles/auth_dns/tasks/02-configure.yaml deleted file mode 100644 index 12b5732..0000000 --- a/roles/auth_dns/tasks/02-configure.yaml +++ /dev/null @@ -1,53 +0,0 @@ ---- -- name: Ensure required directories exist - tags: [ auth-dns ] - become: true - loop: [ "/etc/knot", "/etc/knot/zones" ] - ansible.builtin.file: - path: "{{ item }}" - state: directory - owner: knot - group: knot - mode: u=rwx,g=rx,o= - -- name: Deploy knot configuration file - tags: [ auth-dns ] - become: true - notify: restart knot - ansible.builtin.template: - src: knot.conf.j2 - dest: /etc/knot/knot.conf - owner: knot - group: knot - mode: u=rw,g=r,o= - -- name: Deploy configured zones - tags: [ auth-dns ] - become: true - notify: reload knot zones - loop: "{{ knot__zones }}" - loop_control: - label: "{{ item.domain }}" - vars: - zone_content: "{{ item.content }}" - ansible.builtin.template: - src: zone.j2 - dest: "/etc/knot/zones/{{ item.domain }}zone" - owner: knot - group: knot - mode: u=rw,g=r - -# this seems weird but hear me out: -# if we don't disable SLAAC, the node automatically gets an address based on IPv6 Router-Advertisements -# this results in outgoing zone transfers failing because knot will prefer to use the dynamic address over the statically configured one. -# so because we are configuring a DNS Nameserver where known IP-Addresses are actually important for ACL reasons, SLAAC is disabled -- name: Disable IPv6 SLAAC - tags: [ auth-dns ] - become: true - notify: netplan apply - ansible.builtin.template: - src: "netplan-disable-ra.yaml" - dest: "/etc/netplan/10-disable-ra.yaml" - owner: root - group: root - mode: u=rw,g=,o= diff --git a/roles/auth_dns/tasks/main.yaml b/roles/auth_dns/tasks/main.yaml deleted file mode 100644 index cdf9511..0000000 --- a/roles/auth_dns/tasks/main.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- ansible.builtin.import_tasks: 01-install.yaml # noqa: name[missing] -- ansible.builtin.import_tasks: 02-configure.yaml # noqa: name[missing] diff --git a/roles/auth_dns/templates/knot.conf.j2 b/roles/auth_dns/templates/knot.conf.j2 deleted file mode 100644 index 243c0b7..0000000 --- a/roles/auth_dns/templates/knot.conf.j2 +++ /dev/null @@ -1,95 +0,0 @@ -# {{ ansible_managed }} -# See knot.conf(5) or refer to the server documentation. - -server: - rundir: "/run/knot" - user: knot:knot - automatic-acl: on - listen: [ "0.0.0.0@53", "::@53" ] - -log: - - target: syslog - any: info - -database: - storage: "/var/lib/knot" - -key: - - id: {{ knot__dnssec_key_id }} - algorithm: hmac-sha512 - secret: "{{ knot__dnssec_key_secret }}" - -remote: - # static, external and public remote used for DNSSEC KSK checking - - id: quad9 - address: "2620:fe::fe" - {% if knot__remotes -%} - # additional remotes used in the config - {% for i_remote in knot__remotes -%} - - id: "{{ i_remote.id }}" - address: [ {% for i_addr in i_remote.address %}"{{ i_addr}}"{% if not loop.last %},{% endif %} {% endfor %} ] - {% endfor %} - {% endif %} - -# define how the presence of parent KSK keys is checked -# in this case, we just ask quad9 which is an open resolver -submission: - - id: default - parent: quad9 - parent-delay: 1h - -# define how dnssec signing is done -# in this case we don't do anything special but teach knot how to check for KSK presence -policy: - - id: default - ksk-submission: default - nsec3: true - nsec3-salt-length: 0 - -# define default settings that apply to all zones -template: - # template for general-purpose user zones - - id: default - storage: "/etc/knot/zones" - file: "%s.zone" - semantic-checks: on - zonefile-sync: -1 - zonefile-load: difference-no-serial - serial-policy: dateserial - journal-content: all - default-ttl: 7200 - dnssec-signing: on - dnssec-policy: default - - {# catalog-role: member #} - {# catalog-zone: hamburg.ccc.de.catalog. #} - - # template for automatically created special zones - - id: catalog - catalog-role: generate - dnssec-signing: on - dnssec-policy: default - - -# define zones on this server -# See https://www.knot-dns.cz/docs/3.4/html/reference.html#zone-section -zone: - # catalog zones - {% for i_zone in knot__catalog_zones -%} - - domain: "{{ i_zone.domain }}" - template: catalog - notify: [ {% for i_notif in i_zone.notify_targets | default([]) %}"{{ i_notif }}"{% if not loop.last %}, {% endif %}{% endfor %} ] - {% endfor %} - - # normal zones - {% for i_zone in knot__zones -%} - - domain: "{{ i_zone.domain }}" - template: default - notify: [ {% for i_notif in i_zone.notify_targets | default([]) %}"{{ i_notif }}"{% if not loop.last %}, {% endif %}{% endfor %} ] - {% if i_zone.catalog_member | default(False) -%} - catalog-role: member - catalog-zone: "{{ i_zone.catalog_member }}" - {% endif %} - {% endfor %} - - {# - domain: "onsite.eurofurence.org" #} diff --git a/roles/auth_dns/templates/netplan-disable-ra.yaml b/roles/auth_dns/templates/netplan-disable-ra.yaml deleted file mode 100644 index 505fba2..0000000 --- a/roles/auth_dns/templates/netplan-disable-ra.yaml +++ /dev/null @@ -1,14 +0,0 @@ -# {{ ansible_managed }} -network: - ethernets: - {%- for i_iface_name in ansible_interfaces -%} - {%- if i_iface_name != "lo" -%} - {%- set i_iface = ansible_facts[i_iface_name] %} - - {{ i_iface_name }}: - match: - macaddress: "{{ i_iface.macaddress }}" - accept-ra: false - {% endif %} - {% endfor %} - diff --git a/roles/auth_dns/templates/zone.j2 b/roles/auth_dns/templates/zone.j2 deleted file mode 100644 index 59edf5f..0000000 --- a/roles/auth_dns/templates/zone.j2 +++ /dev/null @@ -1,4 +0,0 @@ -; {{ ansible_managed }} - -{{ zone_content }} - diff --git a/roles/base_config/meta/main.yaml b/roles/base_config/meta/main.yaml index d1704a2..d7cc109 100644 --- a/roles/base_config/meta/main.yaml +++ b/roles/base_config/meta/main.yaml @@ -2,3 +2,4 @@ dependencies: - role: deploy_ssh_server_config - role: deploy_systemd_journal_config + - role: deploy_systemd_resolved_config diff --git a/roles/deploy_systemd_resolved_config/README.md b/roles/deploy_systemd_resolved_config/README.md new file mode 100644 index 0000000..fbd6c78 --- /dev/null +++ b/roles/deploy_systemd_resolved_config/README.md @@ -0,0 +1,21 @@ +# Role `deploy_systemd_resolved_config` + +A role for deploying a minimal configuration for [systemd-resolved](https://man.archlinux.org/man/systemd-resolved.8) or alternatively completely disabling it. + +!! Note +If systemd-resolved is disabled, the configuration is instead rendered directly into `/etc/resolv.conf` to ensure a node does not accidentally lose name resolving capabilities. + +## Optional Arguments + +- `deploy_systemd_resolved_config__enable` (defaults to `true`) decides whether systemd-resolved should be enabled or disabled. + +- `deploy_systemd_resolved_config__mode` (defaults to `stub`) controls which compatibility mode is used for `/etc/resolv.conf` when systemd-resolved is enabled. See [man systemd-resolved(8)](https://man.archlinux.org/man/systemd-resolved.8#/ETC/RESOLV.CONF). + +- `deploy_systemd_resolved_config__dns` is the list of primary DNS servers that will be configured. If e.g. a specific link configures other DNS servers, they will take precedence. + +- `deploy_systemd_resolved_config__fallback_dns` (defaults to Quad9) is the list of fallback DNS servers. If, at runtime, none of the configured primary DNS servers are reachable, these servers will be used as fallback. + +## Hosts + +This role is included as a dependency to [base_config](../base_config/) and therefore does not need to be explicitly pulled in. + diff --git a/roles/deploy_systemd_resolved_config/defaults/main.yaml b/roles/deploy_systemd_resolved_config/defaults/main.yaml new file mode 100644 index 0000000..c322507 --- /dev/null +++ b/roles/deploy_systemd_resolved_config/defaults/main.yaml @@ -0,0 +1,9 @@ +--- +deploy_systemd_resolved_config__enable: true +deploy_systemd_resolved_config__mode: "stub" +deploy_systemd_resolved_config__dns: [ ] +deploy_systemd_resolved_config__fallback_dns: + - "9.9.9.9" + - "149.112.112.112" + - "2620:fe::fe" + - "2620:fe::9" diff --git a/roles/deploy_systemd_resolved_config/handlers/main.yaml b/roles/deploy_systemd_resolved_config/handlers/main.yaml new file mode 100644 index 0000000..b40760b --- /dev/null +++ b/roles/deploy_systemd_resolved_config/handlers/main.yaml @@ -0,0 +1,7 @@ +--- +- name: "reload systemd-resolved" + tags: [ "deploy_systemd_resolved_config" ] + become: true + ansible.builtin.systemd: + name: "systemd-resolved.service" + state: "restarted" diff --git a/roles/deploy_systemd_resolved_config/meta/argument_specs.yaml b/roles/deploy_systemd_resolved_config/meta/argument_specs.yaml new file mode 100644 index 0000000..d9ad05f --- /dev/null +++ b/roles/deploy_systemd_resolved_config/meta/argument_specs.yaml @@ -0,0 +1,21 @@ +--- +argument_specs: + main: + options: + deploy_systemd_resolved_config__enable: + description: "Whether systemd-resolved should be enabled or disabled" + type: bool + required: false + deploy_systemd_resolved_config__mode: + description: "Which /etc/resolv.conf compatibility mode should be configured" + type: str + required: false + choices: [ "stub", "static-stub", "passthru", "extern" ] + deploy_systemd_resolved_config__dns: + description: "A list of DNS servers that will be configured as default dns servers" + type: list + required: false + deploy_systemd_resolved_config__fallback_dns: + description: "A list of fallback DNS servers that will be configured" + type: list + required: false diff --git a/roles/deploy_systemd_resolved_config/tasks/disable.yaml b/roles/deploy_systemd_resolved_config/tasks/disable.yaml new file mode 100644 index 0000000..9092116 --- /dev/null +++ b/roles/deploy_systemd_resolved_config/tasks/disable.yaml @@ -0,0 +1,25 @@ +--- +- name: Ensure /etc/resolv.conf is a plain file + tags: [ "deploy_systemd_resolved_config" ] + become: true + ansible.builtin.file: + path: "/etc/resolv.conf" + state: file + +- name: Write nameserver config directly into /etc/resolv.conf + tags: [ "deploy_systemd_resolved_config" ] + become: true + ansible.builtin.template: + src: "resolv.conf.j2" + dest: "/etc/resolv.conf" + owner: root + group: root + mode: u=rw,g=r,o=r + +- name: Disable systemd-resolved + tags: [ "deploy_systemd_resolved_config" ] + become: true + ansible.builtin.systemd: + name: "systemd-resolved.service" + state: stopped + enabled: false diff --git a/roles/deploy_systemd_resolved_config/tasks/enable.yaml b/roles/deploy_systemd_resolved_config/tasks/enable.yaml new file mode 100644 index 0000000..395ef0d --- /dev/null +++ b/roles/deploy_systemd_resolved_config/tasks/enable.yaml @@ -0,0 +1,36 @@ +--- +- name: Deploy systemd-resolved config + tags: [ "deploy_systemd_resolved_config" ] + become: true + notify: "reload systemd-resolved" + ansible.builtin.template: + src: resolved.conf.j2 + dest: /etc/systemd/resolved.conf + owner: root + group: root + mode: u=rw,g=r,o=r + +- name: Make /etc/resolv.conf points to systemd-resolved + tags: [ "deploy_systemd_resolved_config" ] + become: true + when: deploy_systemd_resolved_config__mode != "extern" + ansible.builtin.file: # noqa: jinja + path: /etc/resolv.conf + state: link + force: true + src: >- + {%- if deploy_systemd_resolved_config__mode == "stub" -%} + /run/systemd/resolve/stub-resolv.conf + {%- elif deploy_systemd_resolved_config__mode == "static-stub" -%} + /usr/lib/systemd/resolv.conf + {%- elif deploy_systemd_resolved_config__mode == "passthru" -%} + /run/systemd/resolve/resolv.conf + {%- endif -%} + +- name: Ensure systemd-resolved is running and enabled + tags: [ "deploy_systemd_resolved_config" ] + become: true + ansible.builtin.systemd: + name: systemd-resolved.service + state: started + enabled: true diff --git a/roles/deploy_systemd_resolved_config/tasks/main.yaml b/roles/deploy_systemd_resolved_config/tasks/main.yaml new file mode 100644 index 0000000..00bc293 --- /dev/null +++ b/roles/deploy_systemd_resolved_config/tasks/main.yaml @@ -0,0 +1,10 @@ +--- +- name: Include enable.yaml + tags: [ "deploy_systemd_resolved_config" ] + ansible.builtin.include_tasks: enable.yaml + when: deploy_systemd_resolved_config__enable + +- name: Include disable.yaml + tags: [ "deploy_systemd_resolved_config" ] + ansible.builtin.include_tasks: disable.yaml + when: not deploy_systemd_resolved_config__enable diff --git a/roles/deploy_systemd_resolved_config/templates/resolv.conf.j2 b/roles/deploy_systemd_resolved_config/templates/resolv.conf.j2 new file mode 100644 index 0000000..fd06a1a --- /dev/null +++ b/roles/deploy_systemd_resolved_config/templates/resolv.conf.j2 @@ -0,0 +1,11 @@ +# {{ ansible_managed }} + +{% for i in deploy_systemd_resolved_config__dns %} +nameserver {{ i }} +{% endfor %} + +{% for i in deploy_systemd_resolved_config__fallback_dns %} +nameserver {{ i }} +{% endfor %} + +options edns0 diff --git a/roles/deploy_systemd_resolved_config/templates/resolved.conf.j2 b/roles/deploy_systemd_resolved_config/templates/resolved.conf.j2 new file mode 100644 index 0000000..67968e4 --- /dev/null +++ b/roles/deploy_systemd_resolved_config/templates/resolved.conf.j2 @@ -0,0 +1,11 @@ +# {{ ansible_managed }} + +# Since the config supports drop-in files, +# use 'systemd-analyze cat-config systemd/resolved.conf' to display the full config.' +# +# See resolved.conf(5) for details + +[Resolve] +DNS={{ deploy_systemd_resolved_config__dns | join(" ") }} +FallbackDNS={{ deploy_systemd_resolved_config__fallback_dns | join(" ") }} +