From aec4b7297e246bbd5ef193a2e4af6ecf2c0ec2ce Mon Sep 17 00:00:00 2001
From: pettai <pettai@sunet.se>
Date: Thu, 27 Feb 2025 20:37:10 +0100
Subject: [PATCH] add ddns support for ladok

---
 .../etc/knot/conf.d/0sunet.catalog.conf       | 22 ++++++++++++++-----
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/dns-rest-api1.sunet.se/overlay/etc/knot/conf.d/0sunet.catalog.conf b/dns-rest-api1.sunet.se/overlay/etc/knot/conf.d/0sunet.catalog.conf
index 6fc32f8..e3e08dd 100644
--- a/dns-rest-api1.sunet.se/overlay/etc/knot/conf.d/0sunet.catalog.conf
+++ b/dns-rest-api1.sunet.se/overlay/etc/knot/conf.d/0sunet.catalog.conf
@@ -1,15 +1,24 @@
 # 0sunet.catalog (catalog generator)
 
-#acl:
-#  - id: slave_xfr
-#    address: [ <needs to be IPs> ]
-#    action: transfer
+# hmac-sha256:knot-ladok:NkiX/2BhxLFO8FPWGp6g0F9uHNvKw0I8GufIFkGOuYM=
+key:
+  - id: knot-ladok
+    algorithm: hmac-sha256
+    secret: NkiX/2BhxLFO8FPWGp6g0F9uHNvKw0I8GufIFkGOuYM=
+
+acl:
+  - id: txt_ddns_allow
+    action: update
+    key: knot-ladok
+    update-type: [CNAME]
+    update-owner: name
+    update-owner-name: [ _acme-challenge.*.ladok.se. ]
+    update-owner-match: pattern
 
 template:
   - id: 0sunet-catz
     catalog-role: member
     catalog-zone: 0sunet.catalog.
-    #acl: slave_xfr
     notify: [ ns1-sunet-se, sunic-node1, sunic-node2, sunic-node3 ]
     storage: "/var/lib/knot/catzones"
     file: "%s.zone"
@@ -17,12 +26,13 @@ template:
 zone:
   - domain: 0sunet.catalog.
     catalog-role: generate
-    #acl: slave_xfr
     notify: [ ns1-sunet-se, sunic-node1, sunic-node2, sunic-node3 ]
 
   - domain: alternativ.ladok.se.
     template: 0sunet-catz
+    acl: [txt_ddns_allow]
 
   - domain: alt.ladok.se.
     template: 0sunet-catz
+    acl: [txt_ddns_allow]