From 1f333dd494dd5b54e746777ec2465b49e545e054 Mon Sep 17 00:00:00 2001 From: Alex Dehnert Date: Fri, 19 Jun 2026 19:28:19 +0000 Subject: [PATCH] Refactor primary dynDNS config into a shared file We only really expect one primary at a time, but during setup it's handy to be able to just include one file rather than copying a bunch of lines of config over. (It might be easier yet if Salt just generated permissions lines and the various ACME certs required were in Salt's VCS rather than this one.) --- config/dyndehnerts-primary.conf | 23 +++++++++++++++++++++++ per-host/chankillo.conf | 24 +----------------------- per-host/linode-test-1.conf | 1 + 3 files changed, 25 insertions(+), 23 deletions(-) create mode 100644 config/dyndehnerts-primary.conf create mode 100644 per-host/linode-test-1.conf diff --git a/config/dyndehnerts-primary.conf b/config/dyndehnerts-primary.conf new file mode 100644 index 0000000..859023d --- /dev/null +++ b/config/dyndehnerts-primary.conf @@ -0,0 +1,23 @@ +include "/etc/bind/pri/dynamic.keys"; + +zone "dynamic.dehnerts.com" IN { + type master; + file "/var/lib/bind/dynamic.dehnerts.zone"; + update-policy { + grant * selfsub * A TXT; + grant xidi.dynamic.dehnerts.com name _acme-challenge.duck-dacha.dynamic.dehnerts.com TXT; + grant xidi.dynamic.dehnerts.com name _acme-challenge.homeassistant.dynamic.dehnerts.com TXT; + grant xidi.dynamic.dehnerts.com name _acme-challenge.pihole.dynamic.dehnerts.com TXT; + grant xidi.dynamic.dehnerts.com name _acme-challenge.unifi.dynamic.dehnerts.com TXT; + grant evora.dynamic.dehnerts.com name _acme-challenge.unifi.dynamic.dehnerts.com TXT; + grant evora.dynamic.dehnerts.com name _acme-challenge.paperless.dynamic.dehnerts.com TXT; + grant chankillo.dynamic.dehnerts.com name _acme-challenge.mail.dynamic.dehnerts.com TXT; + grant chankillo.dynamic.dehnerts.com name _acme-challenge.smtp.dynamic.dehnerts.com TXT; + grant chankillo.dynamic.dehnerts.com name _acme-challenge.imap.dynamic.dehnerts.com TXT; + grant chankillo.dynamic.dehnerts.com name _acme-challenge.pop.dynamic.dehnerts.com TXT; + grant chankillo.dynamic.dehnerts.com name _acme-challenge.zulip.dynamic.dehnerts.com TXT; + }; + allow-transfer { "transfer-allowed"; }; + allow-query { any; }; + also-notify { "secondary-ns"; }; +}; diff --git a/per-host/chankillo.conf b/per-host/chankillo.conf index 859023d..4993ac9 100644 --- a/per-host/chankillo.conf +++ b/per-host/chankillo.conf @@ -1,23 +1 @@ -include "/etc/bind/pri/dynamic.keys"; - -zone "dynamic.dehnerts.com" IN { - type master; - file "/var/lib/bind/dynamic.dehnerts.zone"; - update-policy { - grant * selfsub * A TXT; - grant xidi.dynamic.dehnerts.com name _acme-challenge.duck-dacha.dynamic.dehnerts.com TXT; - grant xidi.dynamic.dehnerts.com name _acme-challenge.homeassistant.dynamic.dehnerts.com TXT; - grant xidi.dynamic.dehnerts.com name _acme-challenge.pihole.dynamic.dehnerts.com TXT; - grant xidi.dynamic.dehnerts.com name _acme-challenge.unifi.dynamic.dehnerts.com TXT; - grant evora.dynamic.dehnerts.com name _acme-challenge.unifi.dynamic.dehnerts.com TXT; - grant evora.dynamic.dehnerts.com name _acme-challenge.paperless.dynamic.dehnerts.com TXT; - grant chankillo.dynamic.dehnerts.com name _acme-challenge.mail.dynamic.dehnerts.com TXT; - grant chankillo.dynamic.dehnerts.com name _acme-challenge.smtp.dynamic.dehnerts.com TXT; - grant chankillo.dynamic.dehnerts.com name _acme-challenge.imap.dynamic.dehnerts.com TXT; - grant chankillo.dynamic.dehnerts.com name _acme-challenge.pop.dynamic.dehnerts.com TXT; - grant chankillo.dynamic.dehnerts.com name _acme-challenge.zulip.dynamic.dehnerts.com TXT; - }; - allow-transfer { "transfer-allowed"; }; - allow-query { any; }; - also-notify { "secondary-ns"; }; -}; +include "/etc/bind/config/dyndehnerts-primary.conf"; diff --git a/per-host/linode-test-1.conf b/per-host/linode-test-1.conf new file mode 100644 index 0000000..4993ac9 --- /dev/null +++ b/per-host/linode-test-1.conf @@ -0,0 +1 @@ +include "/etc/bind/config/dyndehnerts-primary.conf"; -- 2.34.1