diff --git a/bundles/bind-acme/metadata.py b/bundles/bind-acme/metadata.py index f5f08cf..61c19c4 100644 --- a/bundles/bind-acme/metadata.py +++ b/bundles/bind-acme/metadata.py @@ -28,7 +28,7 @@ def acme_records(metadata): h({ 'name': f"_acme-challenge{'.' if name else ''}{name}", 'type': 'CNAME', - 'value': metadata.get('bind/acme_hostname'), + 'value': f"{name}.{zone}.{metadata.get('bind/acme_hostname')}.", }) for name in { record['name'] if record['name'] != '@' else '' @@ -55,7 +55,7 @@ def acme_zone(metadata): return { 'bind': { 'zones': { - metadata.get('bind/hostname'): { + metadata.get('bind/acme_hostname'): { 'keys': ['acme'], 'records': set(), }, diff --git a/bundles/bind/items.py b/bundles/bind/items.py index c1b0b83..89ce5e5 100644 --- a/bundles/bind/items.py +++ b/bundles/bind/items.py @@ -14,6 +14,8 @@ else: slave_ips = [] directories[f'/var/lib/bind'] = { + 'owner': 'bind', + 'group': 'bind', 'purge': True, 'needed_by': [ 'svc_systemd:bind9', @@ -129,6 +131,8 @@ def record_matches_view(record, records, view): for view in views: directories[f"/var/lib/bind/{view['name']}"] = { + 'owner': 'bind', + 'group': 'bind', 'purge': True, 'needed_by': [ 'svc_systemd:bind9', @@ -148,6 +152,7 @@ for view in views: ] files[f"/var/lib/bind/{view['name']}/db.{zone}"] = { + 'owner': 'bind', 'group': 'bind', 'source': 'db', 'content_type': 'mako', diff --git a/bundles/letsencrypt/README.md b/bundles/letsencrypt/README.md index 190b818..0214915 100644 --- a/bundles/letsencrypt/README.md +++ b/bundles/letsencrypt/README.md @@ -1 +1,9 @@ https://github.com/dehydrated-io/dehydrated/wiki/example-dns-01-nsupdate-script + +``` +printf "server 127.0.0.1 +zone acme.resolver.name. +update add _acme-challenge.ckn.li.acme.resolver.name. 600 IN TXT "hello" +send +" | nsupdate -y hmac-sha512:acme:Y9BHl85l352BGZDXa/vg90hh2+5PYe4oJxpkq/oQvIODDkW8bAyQSFr0gKQQxjyIOyYlTjf0MGcdWFv46G/3Rg== +```