Initial commit

diff --git a/cryptoparty.ru.zsh b/cryptoparty.ru.zsh
new file mode 100644 (file)
index 0000000..b32e048
--- /dev/null
+++ b/cryptoparty.ru.zsh
@@ -0,0 +1,6 @@
+zone_start 2012011621
+add_mx @
+add_subdomain @ "$GW4 $GW6 $VPS4 $VPS6" "nospf"
+add_dane @ $DOMAIN
+print y AAAA $Y6
+print y TXT $NoSPF

diff --git a/default.zone.do b/default.zone.do
new file mode 100644 (file)
index 0000000..73191d8
--- /dev/null
+++ b/default.zone.do
@@ -0,0 +1,4 @@
+export DOMAIN=$2
+src="rc.zsh $2.zsh"
+redo-ifchange $src
+cat $src | zsh -e

diff --git a/nncpgo.org.zsh b/nncpgo.org.zsh
new file mode 100644 (file)
index 0000000..aad8880
--- /dev/null
+++ b/nncpgo.org.zsh
@@ -0,0 +1,5 @@
+zone_start 2012011632
+add_mx @
+add_subdomain www "$GW4 $GW6 $VPS4 $VPS6" "tls y"
+add_subdomain openpgpkey "$GW4 $GW6" "tls y"
+add_pgp releases@nncpgo.org

diff --git a/rc.zsh b/rc.zsh
new file mode 100644 (file)
index 0000000..df27dd8
--- /dev/null
+++ b/rc.zsh
@@ -0,0 +1,93 @@
+NoSPF='"v=spf1 -all"'
+ReSPF='"v=spf1 redirect=_spf.stargrave.org"'
+
+GW4=91.211.5.21
+GW6=2a03:e2c0:2663:1::1
+VPS4=45.10.110.72
+VPS6=2a04:ac00:a:146::25
+Y6=21a:af91:8d0e:b05:9645:e4e9:12be:3c39
+
+NS1=uz544mqwggqbf3z4utlhfqn45vpbpq78nc63hpg5u2ut29stkt0pkr.ns7.stargrave.org.
+NS2=uz5nulnd504gp3s7sdmdl5l2gxc762hpw926t90k39ltxp67flbccn.ns5.stargrave.org.
+
+SSHGW=8397b7a5602758bb302cf6fd1a26b9a027388687f80be269c8cb1e7bbab707f0
+SSHVPS=35cf6677a0e85882ebf1deac20d4e9a87ae94d9599ea9db3786711268a4052b6
+
+zone_start() {
+    local serial=$1
+    cat <<EOF
+\$TTL 21600
+\$ORIGIN ${DOMAIN}.
+${DOMAIN}. 21600 IN SOA $NS1 admin.${DOMAIN}. (
+       ${serial} ; Serial
+       12h ; Refresh
+       2h ; Retry
+       2w ; Expire
+       6h ; TTL
+)
+@ NS $NS1
+@ NS $NS2
+_dmarc TXT "v=DMARC1; p=none"
+EOF
+}
+
+add_dane() {
+    local subdomain=$1
+    local domain=$2
+    local prefix=_${DANE_PORT:-443}._tcp
+    [[ $subdomain = "@" ]] || prefix=$prefix.$subdomain
+    print "$subdomain CAA 0 issue \"ca.cypherpunks.ru\""
+    print "$subdomain CAA 0 issue \"cagost.cypherpunks.ru\""
+    pushd ~/secure/ca
+    local hsh=$(~/work/zeasypki/zeasypki dane ee/ecdsa/ca.cypherpunks.ru/$domain)
+    print "$prefix TLSA 3 1 1 $hsh"
+    [[ -e ee/gost/cagost.cypherpunks.ru/$domain ]] && {
+        hsh=$(~/work/zeasypki/zeasypki dane ee/gost/cagost.cypherpunks.ru/$domain)
+        print "$prefix TLSA 3 1 1 $hsh"
+    }
+    popd
+}
+
+add_subdomain() {
+    local subdomain=$1
+    shift
+    for addr (${=1}) {
+        [[ $addr =~ : ]] && a=AAAA || a=A
+        print "$subdomain $a $addr"
+    }
+    shift
+    local flags=(${=@})
+    [[ ${flags[(I)tls]} -ne 0 ]] && {
+        add_dane $subdomain ${subdomain}.$DOMAIN
+    }
+    [[ ${flags[(I)nospf]} -eq 0 ]] && {
+        print "$subdomain TXT $NoSPF"
+    }
+    [[ ${flags[(I)y]} -ne 0 ]] && {
+        print "y.$subdomain AAAA $Y6"
+        print "y.$subdomain TXT $NoSPF"
+    }
+    return 0
+}
+
+add_mx() {
+    local subdomain=$1
+    cat <<EOF
+$subdomain MX 10 mailfake0.stargrave.org.
+$subdomain MX 20 mail2.stargrave.org.
+$subdomain MX 30 mailfake1.stargrave.org.
+$subdomain TXT $ReSPF
+EOF
+}
+
+add_pgp() {
+    local uid=$1
+    gpg --export-options export-dane --export $uid |
+        sed -n '1,/^$/p'|
+        sed -n '2,$p' |
+        sed 's/ TYPE61/._openpgpkey TYPE61/'
+}
+
+add_ssh() {
+    print "$1 SSHFP 4 2 $2"
+}