From 5d161fc4fef28d469c9d2adad8decda4b15cb68f Mon Sep 17 00:00:00 2001 From: Sergey Matveev Date: Tue, 23 Aug 2022 15:20:02 +0300 Subject: [PATCH] Trivial restyling --- rc.tcl | 42 ++++++++++++++++++++++++++---------------- 1 file changed, 26 insertions(+), 16 deletions(-) diff --git a/rc.tcl b/rc.tcl index 3df63dd..db37fea 100644 --- a/rc.tcl +++ b/rc.tcl @@ -14,7 +14,7 @@ set ReSPF {"v=spf1 redirect=_spf.stargrave.org"} proc zone {serial} { global DOMAIN NS1 NS2 -puts "\$TTL 21600 + puts "\$TTL 21600 \$ORIGIN $DOMAIN. $DOMAIN. 21600 IN SOA $NS1 admin.$DOMAIN. ( $serial ; Serial @@ -22,10 +22,10 @@ $DOMAIN. 21600 IN SOA $NS1 admin.$DOMAIN. ( 2h ; Retry 2w ; Expire 6h ; TTL -) -@ NS $NS1 -@ NS $NS2 -_dmarc TXT \"v=DMARC1; p=none\"" +)" + puts "@ NS $NS1" + puts "@ NS $NS2" + puts {_dmarc TXT "v=DMARC1; p=none"} } proc fqdn {dn} { @@ -40,30 +40,31 @@ proc fqdn {dn} { proc shorten {dn} { set dn [fqdn $dn] global DOMAIN - if { $dn == "$DOMAIN." } { return @ } - return [join [lrange [split $dn .] 0 end-[expr [llength [split $DOMAIN .]] + 1]] .] + if {$dn == "$DOMAIN."} { return @ } + set domainLen [llength [split $DOMAIN .]] + return [join [lrange [split $dn .] 0 end-[expr $domainLen + 1]] .] } proc mx {dn} { set dn [shorten $dn] - global ReSPF puts "$dn MX 10 mailfake0.stargrave.org." puts "$dn MX 20 mail2.stargrave.org." puts "$dn MX 30 mailfake1.stargrave.org." + global ReSPF puts "$dn TXT $ReSPF" } -proc dane {dn {port ""}} { +proc dane {dn {port 443}} { set dn [fqdn $dn] - if {$port == ""} { set port 443 } set dirname [string trimright $dn .] set was [pwd] cd tls foreach ca [lsort [glob ca/*/*]] { set ca [join [lrange [split $ca /] 1 end] /] - if {![file exists [file join ee $ca $dirname]]} { continue } + set ee [file join ee $ca $dirname] + if {![file exists $ee]} { continue } puts "[shorten $dn] CAA 0 issue \"[lindex [split $ca /] end]\"" - puts "[shorten _$port._tcp.$dn] TLSA 3 1 1 [exec zeasypki dane ee/$ca/$dirname]" + puts "[shorten _$port._tcp.$dn] TLSA 3 1 1 [exec zeasypki dane $ee]" } cd $was } @@ -72,7 +73,7 @@ proc ssh {dn} { set dn [fqdn $dn] set fn ssh/[string trimright $dn .] if {![file exists $fn]} { return } - set fd [open "| ssh-keygen -f $fn -r $dn"] + set fd [open "|ssh-keygen -f $fn -r $dn"] while {[gets $fd line] >= 0} { if {[string first "SSHFP 4 2" $line] == -1} { continue } puts "[shorten $dn] [lrange [split $line " "] 2 end]" @@ -81,16 +82,25 @@ proc ssh {dn} { } proc subdomain {dn addrs {flags {}}} { - global Y6 NoSPF set short [shorten $dn] foreach addr $addrs { if {[string first : $addr] == -1} { set atyp A } { set atyp AAAA } puts "$short $atyp $addr" } - dane $dn [lindex [split [lindex $flags [lsearch $flags dane:*]] :] end] + + set danePort [lsearch -inline $flags dane:*] + if {$danePort == ""} { + set danePort 443 + } { + set danePort [lindex [split $danePort :] end] + } + dane $dn $danePort ssh $dn + + global NoSPF if {[lsearch $flags nospf] == -1} { puts "$short TXT $NoSPF" } if {[lsearch $flags y] != -1} { + global Y6 set short [shorten y.[fqdn $dn]] puts "$short AAAA $Y6" puts "$short TXT $NoSPF" @@ -100,7 +110,7 @@ proc subdomain {dn addrs {flags {}}} { proc pgp {keyid {uid ""}} { if {$uid == ""} { set uid $keyid } - set fd [open "| gpg --export-options export-dane --export $keyid"] + set fd [open "|gpg --export-options export-dane --export $keyid"] while {[gets $fd line] >= 0} { if {[string first $uid $line] != -1} { break } } -- 2.44.0