add ddns support for ladok

dns-rest-api1.sunet.se/overlay/etc/knot/conf.d/0sunet.catalog.conf

@@ -1,15 +1,24 @@
 # 0sunet.catalog (catalog generator)
 
-#acl:
-#  - id: slave_xfr
-#    address: [ <needs to be IPs> ]
-#    action: transfer
+# hmac-sha256:knot-ladok:NkiX/2BhxLFO8FPWGp6g0F9uHNvKw0I8GufIFkGOuYM=
+key:
+  - id: knot-ladok
+    algorithm: hmac-sha256
+    secret: NkiX/2BhxLFO8FPWGp6g0F9uHNvKw0I8GufIFkGOuYM=
+
+acl:
+  - id: txt_ddns_allow
+    action: update
+    key: knot-ladok
+    update-type: [CNAME]
+    update-owner: name
+    update-owner-name: [ _acme-challenge.*.ladok.se. ]
+    update-owner-match: pattern
 
 template:
   - id: 0sunet-catz
     catalog-role: member
     catalog-zone: 0sunet.catalog.
-    #acl: slave_xfr
     notify: [ ns1-sunet-se, sunic-node1, sunic-node2, sunic-node3 ]
     storage: "/var/lib/knot/catzones"
     file: "%s.zone"
@@ -17,12 +26,13 @@ template:
 zone:
   - domain: 0sunet.catalog.
     catalog-role: generate
-    #acl: slave_xfr
     notify: [ ns1-sunet-se, sunic-node1, sunic-node2, sunic-node3 ]
 
   - domain: alternativ.ladok.se.
     template: 0sunet-catz
+    acl: [txt_ddns_allow]
 
   - domain: alt.ladok.se.
     template: 0sunet-catz
+    acl: [txt_ddns_allow]