diff --git a/bundles/bind-acme/metadata.py b/bundles/bind-acme/metadata.py index da5bc91..ab605df 100644 --- a/bundles/bind-acme/metadata.py +++ b/bundles/bind-acme/metadata.py @@ -25,6 +25,7 @@ def acme_records(metadata): @metadata_reactor.provides( 'bind/acls/acme', 'bind/keys/acme', + 'bind/views/internal/acl', 'bind/views/external/zones', ) def acme_zone(metadata): @@ -46,6 +47,11 @@ def acme_zone(metadata): 'acme': {}, }, 'views': { + 'internal': { + 'acl': { + '! key acme', + }, + }, 'external': { 'zones': { metadata.get('bind/acme_zone'): { diff --git a/bundles/bind/files/named.conf.local b/bundles/bind/files/named.conf.local index 1c47488..9f93faa 100644 --- a/bundles/bind/files/named.conf.local +++ b/bundles/bind/files/named.conf.local @@ -42,7 +42,7 @@ view "${view_name}" { % if type == 'slave': masters { ${master_ip}; }; % endif - % if zone_conf.get('allow_update', False): + % if type == 'master' and zone_conf.get('allow_update', False): allow-update { % for allow_update in zone_conf['allow_update']: ${allow_update}; diff --git a/bundles/letsencrypt/items.py b/bundles/letsencrypt/items.py index 5b41e33..1e53a74 100644 --- a/bundles/letsencrypt/items.py +++ b/bundles/letsencrypt/items.py @@ -28,7 +28,7 @@ files = { '/etc/dehydrated/hook.sh': { 'content_type': 'mako', 'context': { - 'server': ip_interface(acme_node.metadata.get('network/external/ipv4')).ip, + 'server': ip_interface(acme_node.metadata.get('network/internal/ipv4')).ip, 'zone': acme_node.metadata.get('bind/acme_zone'), 'acme_key_name': 'acme', 'acme_key': acme_node.metadata.get('bind/keys/acme/token'), diff --git a/nodes/home.openhab3.py b/nodes/home.openhab3.py index 46ed10c..5d59f32 100644 --- a/nodes/home.openhab3.py +++ b/nodes/home.openhab3.py @@ -40,6 +40,11 @@ }, }, }, + 'letsencrypt': { + 'domains': { + 'test12.ckn.li': {}, + } + }, 'java': { 'version': 11, },