From: Sergey Matveev <stargrave@stargrave.org> Date: Thu, 18 Aug 2022 10:45:57 +0000 (+0300) Subject: Simplification and refactoring X-Git-Url: http://www.git.stargrave.org/?a=commitdiff_plain;h=4b81b941a1350cb7ef51271a7848beaaeab909fa;p=zdns.git Simplification and refactoring --- diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..8e58f3e --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +/*.zone diff --git a/cryptoparty.ru.zsh b/cryptoparty.ru.zsh index b32e048..0a73562 100644 --- a/cryptoparty.ru.zsh +++ b/cryptoparty.ru.zsh @@ -1,6 +1,3 @@ -zone_start 2012011621 +zone_start 2012011622 add_mx @ -add_subdomain @ "$GW4 $GW6 $VPS4 $VPS6" "nospf" -add_dane @ $DOMAIN -print y AAAA $Y6 -print y TXT $NoSPF +Y=1 NOSPF=1 add_subdomain @ "$GW4 $GW6 $VPS4 $VPS6" diff --git a/nncpgo.org.zsh b/nncpgo.org.zsh index aad8880..2b4f717 100644 --- a/nncpgo.org.zsh +++ b/nncpgo.org.zsh @@ -1,5 +1,5 @@ -zone_start 2012011632 +zone_start 2012011633 add_mx @ -add_subdomain www "$GW4 $GW6 $VPS4 $VPS6" "tls y" -add_subdomain openpgpkey "$GW4 $GW6" "tls y" +Y=1 add_subdomain www "$GW4 $GW6 $VPS4 $VPS6" +Y=1 add_subdomain openpgpkey "$GW4 $GW6" add_pgp releases@nncpgo.org diff --git a/rc.zsh b/rc.zsh index df27dd8..31a6113 100644 --- a/rc.zsh +++ b/rc.zsh @@ -1,3 +1,5 @@ +path=(~/work/zeasypki $path) + NoSPF='"v=spf1 -all"' ReSPF='"v=spf1 redirect=_spf.stargrave.org"' @@ -10,9 +12,6 @@ Y6=21a:af91:8d0e:b05:9645:e4e9:12be:3c39 NS1=uz544mqwggqbf3z4utlhfqn45vpbpq78nc63hpg5u2ut29stkt0pkr.ns7.stargrave.org. NS2=uz5nulnd504gp3s7sdmdl5l2gxc762hpw926t90k39ltxp67flbccn.ns5.stargrave.org. -SSHGW=8397b7a5602758bb302cf6fd1a26b9a027388687f80be269c8cb1e7bbab707f0 -SSHVPS=35cf6677a0e85882ebf1deac20d4e9a87ae94d9599ea9db3786711268a4052b6 - zone_start() { local serial=$1 cat <<EOF @@ -31,63 +30,76 @@ _dmarc TXT "v=DMARC1; p=none" EOF } +fqdn() { + case $1 in + @) print ${DOMAIN}. ;; + *.) print $1 ;; + *) print $1.${DOMAIN}. ;; + esac +} + +shortened() { + local dn=`fqdn $1` + case $dn in + ${DOMAIN}.) print @ ;; + *) print ${dn%%.${DOMAIN}.} ;; + esac +} + add_dane() { - local subdomain=$1 - local domain=$2 - local prefix=_${DANE_PORT:-443}._tcp - [[ $subdomain = "@" ]] || prefix=$prefix.$subdomain - print "$subdomain CAA 0 issue \"ca.cypherpunks.ru\"" - print "$subdomain CAA 0 issue \"cagost.cypherpunks.ru\"" - pushd ~/secure/ca - local hsh=$(~/work/zeasypki/zeasypki dane ee/ecdsa/ca.cypherpunks.ru/$domain) - print "$prefix TLSA 3 1 1 $hsh" - [[ -e ee/gost/cagost.cypherpunks.ru/$domain ]] && { - hsh=$(~/work/zeasypki/zeasypki dane ee/gost/cagost.cypherpunks.ru/$domain) - print "$prefix TLSA 3 1 1 $hsh" + local domain=`fqdn $1` + local dirname=${domain%%.} + pushd tls + for ca (ca/*/*(on)) { + ca=(${(s#/#)ca}) + ca=${(j:/:)ca[2,-1]} + [[ -d ee/$ca/$dirname ]] || continue + print "`shortened $domain` CAA 0 issue \"${ca:t}\"" + print "`shortened _${DANE_PORT:-443}._tcp.$domain` TLSA 3 1 1 `zeasypki dane ee/$ca/$dirname`" } popd } +add_ssh() { + local domain=`fqdn $1` + local fn=ssh/${domain%%.} + [[ -r $fn ]] || return 0 + print "`shortened $1` SSHFP 4 2 `ssh-keygen -f $fn -r $domain | + sed -n 's/^.*SSHFP 4 2 \(.*\)$/\1/p'`" +} + add_subdomain() { - local subdomain=$1 - shift - for addr (${=1}) { - [[ $addr =~ : ]] && a=AAAA || a=A - print "$subdomain $a $addr" - } - shift - local flags=(${=@}) - [[ ${flags[(I)tls]} -ne 0 ]] && { - add_dane $subdomain ${subdomain}.$DOMAIN - } - [[ ${flags[(I)nospf]} -eq 0 ]] && { - print "$subdomain TXT $NoSPF" + local shorten=`shortened $1` + local atyp + for addr (${=2}) { + [[ $addr =~ : ]] && atyp=AAAA || atyp=A + print "$shorten $atyp $addr" } - [[ ${flags[(I)y]} -ne 0 ]] && { - print "y.$subdomain AAAA $Y6" - print "y.$subdomain TXT $NoSPF" + add_dane $1 + [[ -n $NOSPF ]] || print "$shorten TXT $NoSPF" + [[ -z $Y ]] || { + shorten=$(shortened y.$(fqdn $1)) + print "$shorten AAAA $Y6" + print "$shorten TXT $NoSPF" + add_ssh $shorten } - return 0 + add_ssh $1 } add_mx() { - local subdomain=$1 + local shorten=`shortened $1` cat <<EOF -$subdomain MX 10 mailfake0.stargrave.org. -$subdomain MX 20 mail2.stargrave.org. -$subdomain MX 30 mailfake1.stargrave.org. -$subdomain TXT $ReSPF +$shorten MX 10 mailfake0.stargrave.org. +$shorten MX 20 mail2.stargrave.org. +$shorten MX 30 mailfake1.stargrave.org. +$shorten TXT $ReSPF EOF } add_pgp() { - local uid=$1 - gpg --export-options export-dane --export $uid | - sed -n '1,/^$/p'| - sed -n '2,$p' | - sed 's/ TYPE61/._openpgpkey TYPE61/' -} - -add_ssh() { - print "$1 SSHFP 4 2 $2" + local what=$2 + [[ -n "$what" ]] || what=$1 + what=${what:s/@/./} + gpg --export-options export-dane --export $1 | + perl -ne "next unless /${what}/../^$/ ; s/ TYPE61/._openpgpkey TYPE61/ ; print" }