LukaDeka/HexName-NixOS
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
HexName-NixOS/scripts/pdns-init-config-dns.sh

96 lines
3.6 KiB
Bash
Executable file
Raw Blame History

#!/usr/bin/env bash
set -euo pipefail
API_URL="http://127.0.0.1:8081/api/v1/servers/localhost/zones/hexname.com."
API_KEY="${API_KEY:?API_KEY not set}"
declare -A RRSETS
add_record() {
local type="$1"
local ttl="$2"
local name="$3"
local content="$4"
local key="${name}|${type}|${ttl}"
RRSETS["$key"]+="${content}"$'\n'
}
flush_rrsets() {
local rrsets_json="[]"
for key in "${!RRSETS[@]}"; do
IFS='|' read -r name type ttl <<<"$key"
local records_json
records_json=$(printf '%s' "${RRSETS[$key]}" \
| sed '/^$/d' \
| jq -R '{content: ., disabled: false}' \
| jq -s '.')
rrsets_json=$(jq \
--arg name "$name" \
--arg type "$type" \
--argjson ttl "$ttl" \
--argjson records "$records_json" \
'. + [{
name: $name,
type: $type,
ttl: $ttl,
changetype: "REPLACE",
records: $records
}]' <<<"$rrsets_json")
done
jq -n --argjson rrsets "$rrsets_json" '{ rrsets: $rrsets }' \
| curl -sS -X PATCH \
-H "X-API-Key: $API_KEY" \
-H "Content-Type: application/json" \
--data-binary @- \
"$API_URL"
}
add_record "NS" 604800 "hexname.com." "ns1.hexname.com."
add_record "NS" 604800 "hexname.com." "ns2.hexname.com."
add_record "A" 604800 "hexname.com." "188.245.239.209"
add_record "A" 604800 "ns1.hexname.com." "188.245.239.209"
add_record "A" 604800 "ns2.hexname.com." "91.99.69.65"
# Mailserver records
add_record "A" 3600 "mx.hexname.com." "188.245.239.209"
add_record "A" 3600 "email.hexname.com." "188.245.239.209"
add_record "A" 3600 "mta-sts.hexname.com." "188.245.239.209"
add_record "CNAME" 3600 "mail.hexname.com." "mx.hexname.com."
add_record "MX" 3600 "hexname.com." "10 mx.hexname.com."
add_record "TXT" 3600 "_mta-sts.hexname.com." "\"v=STSv1; id=20260127182600Z;\""
add_record "TXT" 3600 "202601e._domainkey.hexname.com." "\"v=DKIM1; k=ed25519; h=sha256; p=C30gZd1CbkUpIGInw/wZgZQD0pmUEnwTp+svCLm1oCk=\""
add_record "TXT" 3600 "202601r._domainkey.hexname.com." "\"v=DKIM1; k=rsa; h=sha256; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyQRHisJtMpgRCAKAE5mfq63n1hvguiNheRrGWcLjEziA9r3M8oaxM71gDNeDEZj19yXlYBWlZZiPsdkMNsumFaElTt3E810JjZxvWslvRgCQ9qMK6lE4ytJZHXJD1a+g82/j4Pfu3C0iz0GfMvngXf03pDl5jWeScwfSFgvKx/0tRdzCAzwkSZfZaSKCh5bcvVwoxzXqHjz3zxwxDJGlUPoERymd18/7NkdRRfJZoqAo/aHdsh5JsYa8APtNIHjSjp2vUBPQnNrtx9+lI0qRnwdyrim8v8CRKin+QUW0sstWGuyqZxgxOGXO2Ek2fqTrpzVu2fu6pzGqJdbTVf5BQIDAQAB\""
add_record "TXT" 3600 "mx.hexname.com." "\"v=spf1 a ra=spf-reports -all\""
add_record "TXT" 3600 "hexname.com." "\"v=spf1 mx ra=spf-reports -all\""
add_record "TXT" 3600 "_dmarc.hexname.com." "\"v=DMARC1; p=reject; rua=mailto:dmarc-reports@hexname.com; ruf=mailto:dmarc-reports@hexname.com\""
add_record "TXT" 3600 "_smtp._tls.hexname.com." "\"v=TLSRPTv1; rua=mailto:tls-reports@hexname.com\""
add_record "SRV" 3600 "_imaps._tcp.hexname.com." "0 1 993 mx.hexname.com."
add_record "SRV" 3600 "_imap._tcp.hexname.com." "0 1 143 mx.hexname.com."
add_record "SRV" 3600 "_submissions._tcp.hexname.com." "0 1 465 mx.hexname.com."
add_record "SRV" 3600 "_submission._tcp.hexname.com." "0 1 587 mx.hexname.com."
add_record "TLSA" 3600 "_25._tcp.mx.hexname.com." "3 1 1 88151fff33b6c5b820d83b3030d55376f57085a154652a27089d9d9a71fe6a7e"
# Create the zone
curl -d '{
"name": "hexname.com.",
"kind": "Native",
"masters": [],
"nameservers": [
"ns1.hexname.com.",
"ns2.hexname.com."
]
}' -X POST -H "X-API-Key: $API_KEY" http://127.0.0.1:8081/api/v1/servers/localhost/zones
flush_rrsets
# Secure/update DDNSEC
sudo podman exec -it hexname-powerdns pdnsutil zone secure hexname.com
Reference in a new issue View git blame Copy permalink