+path=(~/work/zeasypki $path)
+
NoSPF='"v=spf1 -all"'
ReSPF='"v=spf1 redirect=_spf.stargrave.org"'
NS1=uz544mqwggqbf3z4utlhfqn45vpbpq78nc63hpg5u2ut29stkt0pkr.ns7.stargrave.org.
NS2=uz5nulnd504gp3s7sdmdl5l2gxc762hpw926t90k39ltxp67flbccn.ns5.stargrave.org.
-SSHGW=8397b7a5602758bb302cf6fd1a26b9a027388687f80be269c8cb1e7bbab707f0
-SSHVPS=35cf6677a0e85882ebf1deac20d4e9a87ae94d9599ea9db3786711268a4052b6
-
zone_start() {
local serial=$1
cat <<EOF
EOF
}
+fqdn() {
+ case $1 in
+ @) print ${DOMAIN}. ;;
+ *.) print $1 ;;
+ *) print $1.${DOMAIN}. ;;
+ esac
+}
+
+shortened() {
+ local dn=`fqdn $1`
+ case $dn in
+ ${DOMAIN}.) print @ ;;
+ *) print ${dn%%.${DOMAIN}.} ;;
+ esac
+}
+
add_dane() {
- local subdomain=$1
- local domain=$2
- local prefix=_${DANE_PORT:-443}._tcp
- [[ $subdomain = "@" ]] || prefix=$prefix.$subdomain
- print "$subdomain CAA 0 issue \"ca.cypherpunks.ru\""
- print "$subdomain CAA 0 issue \"cagost.cypherpunks.ru\""
- pushd ~/secure/ca
- local hsh=$(~/work/zeasypki/zeasypki dane ee/ecdsa/ca.cypherpunks.ru/$domain)
- print "$prefix TLSA 3 1 1 $hsh"
- [[ -e ee/gost/cagost.cypherpunks.ru/$domain ]] && {
- hsh=$(~/work/zeasypki/zeasypki dane ee/gost/cagost.cypherpunks.ru/$domain)
- print "$prefix TLSA 3 1 1 $hsh"
+ local domain=`fqdn $1`
+ local dirname=${domain%%.}
+ pushd tls
+ for ca (ca/*/*(on)) {
+ ca=(${(s#/#)ca})
+ ca=${(j:/:)ca[2,-1]}
+ [[ -d ee/$ca/$dirname ]] || continue
+ print "`shortened $domain` CAA 0 issue \"${ca:t}\""
+ print "`shortened _${DANE_PORT:-443}._tcp.$domain` TLSA 3 1 1 `zeasypki dane ee/$ca/$dirname`"
}
popd
}
+add_ssh() {
+ local domain=`fqdn $1`
+ local fn=ssh/${domain%%.}
+ [[ -r $fn ]] || return 0
+ print "`shortened $1` SSHFP 4 2 `ssh-keygen -f $fn -r $domain |
+ sed -n 's/^.*SSHFP 4 2 \(.*\)$/\1/p'`"
+}
+
add_subdomain() {
- local subdomain=$1
- shift
- for addr (${=1}) {
- [[ $addr =~ : ]] && a=AAAA || a=A
- print "$subdomain $a $addr"
- }
- shift
- local flags=(${=@})
- [[ ${flags[(I)tls]} -ne 0 ]] && {
- add_dane $subdomain ${subdomain}.$DOMAIN
- }
- [[ ${flags[(I)nospf]} -eq 0 ]] && {
- print "$subdomain TXT $NoSPF"
+ local shorten=`shortened $1`
+ local atyp
+ for addr (${=2}) {
+ [[ $addr =~ : ]] && atyp=AAAA || atyp=A
+ print "$shorten $atyp $addr"
}
- [[ ${flags[(I)y]} -ne 0 ]] && {
- print "y.$subdomain AAAA $Y6"
- print "y.$subdomain TXT $NoSPF"
+ add_dane $1
+ [[ -n $NOSPF ]] || print "$shorten TXT $NoSPF"
+ [[ -z $Y ]] || {
+ shorten=$(shortened y.$(fqdn $1))
+ print "$shorten AAAA $Y6"
+ print "$shorten TXT $NoSPF"
+ add_ssh $shorten
}
- return 0
+ add_ssh $1
}
add_mx() {
- local subdomain=$1
+ local shorten=`shortened $1`
cat <<EOF
-$subdomain MX 10 mailfake0.stargrave.org.
-$subdomain MX 20 mail2.stargrave.org.
-$subdomain MX 30 mailfake1.stargrave.org.
-$subdomain TXT $ReSPF
+$shorten MX 10 mailfake0.stargrave.org.
+$shorten MX 20 mail2.stargrave.org.
+$shorten MX 30 mailfake1.stargrave.org.
+$shorten TXT $ReSPF
EOF
}
add_pgp() {
- local uid=$1
- gpg --export-options export-dane --export $uid |
- sed -n '1,/^$/p'|
- sed -n '2,$p' |
- sed 's/ TYPE61/._openpgpkey TYPE61/'
-}
-
-add_ssh() {
- print "$1 SSHFP 4 2 $2"
+ local what=$2
+ [[ -n "$what" ]] || what=$1
+ what=${what:s/@/./}
+ gpg --export-options export-dane --export $1 |
+ perl -ne "next unless /${what}/../^$/ ; s/ TYPE61/._openpgpkey TYPE61/ ; print"
}