wip

bundles/bind-acme/metadata.py

@@ -28,7 +28,7 @@ def acme_records(metadata):
                         h({ 
                             'name': f"_acme-challenge{'.' if name else ''}{name}",
                             'type': 'CNAME',
-                            'value': metadata.get('bind/acme_hostname'),
+                            'value': f"{name}.{zone}.{metadata.get('bind/acme_hostname')}.",
                         })
                             for name in {
                                 record['name'] if record['name'] != '@' else ''
@@ -55,7 +55,7 @@ def acme_zone(metadata):
     return {
         'bind': {
             'zones': {
-                metadata.get('bind/hostname'): {
+                metadata.get('bind/acme_hostname'): {
                     'keys': ['acme'],
                     'records': set(),
                 },

bundles/bind/items.py

@@ -14,6 +14,8 @@ else:
     slave_ips = []
 
 directories[f'/var/lib/bind'] = {
+    'owner': 'bind',
+    'group': 'bind',
     'purge': True,
     'needed_by': [
         'svc_systemd:bind9',
@@ -129,6 +131,8 @@ def record_matches_view(record, records, view):
     
 for view in views:
     directories[f"/var/lib/bind/{view['name']}"] = {
+        'owner': 'bind',
+        'group': 'bind',
         'purge': True,
         'needed_by': [
             'svc_systemd:bind9',
@@ -148,6 +152,7 @@ for view in views:
         ]
         
         files[f"/var/lib/bind/{view['name']}/db.{zone}"] = {
+            'owner': 'bind',
             'group': 'bind',
             'source': 'db',
             'content_type': 'mako',

bundles/letsencrypt/README.md

@@ -1 +1,9 @@
 https://github.com/dehydrated-io/dehydrated/wiki/example-dns-01-nsupdate-script
+
+```
+printf "server 127.0.0.1
+zone acme.resolver.name.
+update add _acme-challenge.ckn.li.acme.resolver.name. 600 IN TXT "hello"
+send
+" | nsupdate -y hmac-sha512:acme:Y9BHl85l352BGZDXa/vg90hh2+5PYe4oJxpkq/oQvIODDkW8bAyQSFr0gKQQxjyIOyYlTjf0MGcdWFv46G/3Rg==
+```