From: Alex Dehnert Date: Fri, 19 Jun 2026 19:28:19 +0000 (+0000) Subject: Refactor primary dynDNS config into a shared file X-Git-Url: https://dehnerts.com/gitweb/?a=commitdiff_plain;h=refs%2Fheads%2Fmaster;p=sysconfig%2Fbind.git Refactor primary dynDNS config into a shared file We only really expect one primary at a time, but during setup it's handy to be able to just include one file rather than copying a bunch of lines of config over. (It might be easier yet if Salt just generated permissions lines and the various ACME certs required were in Salt's VCS rather than this one.) --- diff --git a/config/dyndehnerts-primary.conf b/config/dyndehnerts-primary.conf new file mode 100644 index 0000000..859023d --- /dev/null +++ b/config/dyndehnerts-primary.conf @@ -0,0 +1,23 @@ +include "/etc/bind/pri/dynamic.keys"; + +zone "dynamic.dehnerts.com" IN { + type master; + file "/var/lib/bind/dynamic.dehnerts.zone"; + update-policy { + grant * selfsub * A TXT; + grant xidi.dynamic.dehnerts.com name _acme-challenge.duck-dacha.dynamic.dehnerts.com TXT; + grant xidi.dynamic.dehnerts.com name _acme-challenge.homeassistant.dynamic.dehnerts.com TXT; + grant xidi.dynamic.dehnerts.com name _acme-challenge.pihole.dynamic.dehnerts.com TXT; + grant xidi.dynamic.dehnerts.com name _acme-challenge.unifi.dynamic.dehnerts.com TXT; + grant evora.dynamic.dehnerts.com name _acme-challenge.unifi.dynamic.dehnerts.com TXT; + grant evora.dynamic.dehnerts.com name _acme-challenge.paperless.dynamic.dehnerts.com TXT; + grant chankillo.dynamic.dehnerts.com name _acme-challenge.mail.dynamic.dehnerts.com TXT; + grant chankillo.dynamic.dehnerts.com name _acme-challenge.smtp.dynamic.dehnerts.com TXT; + grant chankillo.dynamic.dehnerts.com name _acme-challenge.imap.dynamic.dehnerts.com TXT; + grant chankillo.dynamic.dehnerts.com name _acme-challenge.pop.dynamic.dehnerts.com TXT; + grant chankillo.dynamic.dehnerts.com name _acme-challenge.zulip.dynamic.dehnerts.com TXT; + }; + allow-transfer { "transfer-allowed"; }; + allow-query { any; }; + also-notify { "secondary-ns"; }; +}; diff --git a/per-host/chankillo.conf b/per-host/chankillo.conf index 859023d..4993ac9 100644 --- a/per-host/chankillo.conf +++ b/per-host/chankillo.conf @@ -1,23 +1 @@ -include "/etc/bind/pri/dynamic.keys"; - -zone "dynamic.dehnerts.com" IN { - type master; - file "/var/lib/bind/dynamic.dehnerts.zone"; - update-policy { - grant * selfsub * A TXT; - grant xidi.dynamic.dehnerts.com name _acme-challenge.duck-dacha.dynamic.dehnerts.com TXT; - grant xidi.dynamic.dehnerts.com name _acme-challenge.homeassistant.dynamic.dehnerts.com TXT; - grant xidi.dynamic.dehnerts.com name _acme-challenge.pihole.dynamic.dehnerts.com TXT; - grant xidi.dynamic.dehnerts.com name _acme-challenge.unifi.dynamic.dehnerts.com TXT; - grant evora.dynamic.dehnerts.com name _acme-challenge.unifi.dynamic.dehnerts.com TXT; - grant evora.dynamic.dehnerts.com name _acme-challenge.paperless.dynamic.dehnerts.com TXT; - grant chankillo.dynamic.dehnerts.com name _acme-challenge.mail.dynamic.dehnerts.com TXT; - grant chankillo.dynamic.dehnerts.com name _acme-challenge.smtp.dynamic.dehnerts.com TXT; - grant chankillo.dynamic.dehnerts.com name _acme-challenge.imap.dynamic.dehnerts.com TXT; - grant chankillo.dynamic.dehnerts.com name _acme-challenge.pop.dynamic.dehnerts.com TXT; - grant chankillo.dynamic.dehnerts.com name _acme-challenge.zulip.dynamic.dehnerts.com TXT; - }; - allow-transfer { "transfer-allowed"; }; - allow-query { any; }; - also-notify { "secondary-ns"; }; -}; +include "/etc/bind/config/dyndehnerts-primary.conf"; diff --git a/per-host/linode-test-1.conf b/per-host/linode-test-1.conf new file mode 100644 index 0000000..4993ac9 --- /dev/null +++ b/per-host/linode-test-1.conf @@ -0,0 +1 @@ +include "/etc/bind/config/dyndehnerts-primary.conf";