+++ /dev/null
-path=(~/work/zeasypki $path)
-
-NoSPF='"v=spf1 -all"'
-ReSPF='"v=spf1 redirect=_spf.stargrave.org"'
-
-GW4=91.211.5.21
-GW6=2a03:e2c0:2663:1::1
-VPS4=45.10.110.72
-VPS6=2a04:ac00:a:146::25
-Y6=21a:af91:8d0e:b05:9645:e4e9:12be:3c39
-
-NS1=uz544mqwggqbf3z4utlhfqn45vpbpq78nc63hpg5u2ut29stkt0pkr.ns7.stargrave.org.
-NS2=uz5nulnd504gp3s7sdmdl5l2gxc762hpw926t90k39ltxp67flbccn.ns5.stargrave.org.
-
-zone_start() {
- local serial=$1
- cat <<EOF
-\$TTL 21600
-\$ORIGIN ${DOMAIN}.
-${DOMAIN}. 21600 IN SOA $NS1 admin.${DOMAIN}. (
- ${serial} ; Serial
- 12h ; Refresh
- 2h ; Retry
- 2w ; Expire
- 6h ; TTL
-)
-@ NS $NS1
-@ NS $NS2
-_dmarc TXT "v=DMARC1; p=none"
-EOF
-}
-
-fqdn() {
- case $1 in
- @) print ${DOMAIN}. ;;
- *.) print $1 ;;
- *) print $1.${DOMAIN}. ;;
- esac
-}
-
-shortened() {
- local dn=`fqdn $1`
- case $dn in
- ${DOMAIN}.) print @ ;;
- *) print ${dn%%.${DOMAIN}.} ;;
- esac
-}
-
-add_mx() {
- local shorten=`shortened $1`
- cat <<EOF
-$shorten MX 10 mailfake0.stargrave.org.
-$shorten MX 20 mail2.stargrave.org.
-$shorten MX 30 mailfake1.stargrave.org.
-$shorten TXT $ReSPF
-EOF
-}
-
-add_dane() {
- local domain=`fqdn $1`
- local dirname=${domain%%.}
- pushd tls
- for ca (ca/*/*(on)) {
- ca=(${(s#/#)ca})
- ca=${(j:/:)ca[2,-1]}
- [[ -d ee/$ca/$dirname ]] || continue
- print "`shortened $domain` CAA 0 issue \"${ca:t}\""
- print "`shortened _${DANE_PORT:-443}._tcp.$domain` TLSA 3 1 1 `zeasypki dane ee/$ca/$dirname`"
- }
- popd
-}
-
-add_ssh() {
- local domain=`fqdn $1`
- local fn=ssh/${domain%%.}
- [[ -r $fn ]] || return 0
- print "`shortened $1` SSHFP 4 2 `ssh-keygen -f $fn -r $domain |
- sed -n 's/^.*SSHFP 4 2 \(.*\)$/\1/p'`"
-}
-
-add_subdomain() {
- local shorten=`shortened $1`
- local atyp
- for addr (${=2}) {
- [[ $addr =~ : ]] && atyp=AAAA || atyp=A
- print "$shorten $atyp $addr"
- }
- add_dane $1
- [[ -n $NOSPF ]] || print "$shorten TXT $NoSPF"
- [[ -z $Y ]] || {
- shorten=$(shortened y.$(fqdn $1))
- print "$shorten AAAA $Y6"
- print "$shorten TXT $NoSPF"
- add_ssh $shorten
- }
- add_ssh $1
-}
-
-add_pgp() {
- local what=$2
- [[ -n "$what" ]] || what=$1
- what=${what:s/@/./}
- gpg --export-options export-dane --export $1 |
- perl -ne "next unless /${what}/../^$/ ; s/ TYPE61/._openpgpkey TYPE61/ ; print"
-}