wip

bundles/bind-acme/metadata.py

@@ -25,6 +25,7 @@ def acme_records(metadata):
 @metadata_reactor.provides(
     'bind/acls/acme',
     'bind/keys/acme',
+    'bind/views/internal/acl',
     'bind/views/external/zones',
 )
 def acme_zone(metadata):
@@ -46,6 +47,11 @@ def acme_zone(metadata):
                 'acme': {},
             },
             'views': {
+                'internal': {
+                    'acl': {
+                        '! key acme',
+                    },
+                },
                 'external': {
                     'zones': {
                         metadata.get('bind/acme_zone'): {

bundles/bind/files/named.conf.local

@@ -42,7 +42,7 @@ view "${view_name}" {
     % if type == 'slave':
     masters { ${master_ip}; };
     % endif
-    % if zone_conf.get('allow_update', False):
+    % if type == 'master' and zone_conf.get('allow_update', False):
     allow-update {
     % for allow_update in zone_conf['allow_update']:
       ${allow_update};

bundles/letsencrypt/items.py

@@ -28,7 +28,7 @@ files = {
     '/etc/dehydrated/hook.sh': {
         'content_type': 'mako',
         'context': {
-            'server': ip_interface(acme_node.metadata.get('network/external/ipv4')).ip,
+            'server': ip_interface(acme_node.metadata.get('network/internal/ipv4')).ip,
             'zone': acme_node.metadata.get('bind/acme_zone'),
             'acme_key_name': 'acme',
             'acme_key': acme_node.metadata.get('bind/keys/acme/token'),

nodes/home.openhab3.py

@@ -40,6 +40,11 @@
                 },
             },
         },
+        'letsencrypt': {
+            'domains': {
+                'test12.ckn.li': {},
+            }
+        },
         'java': {
             'version': 11,
         },