add dco.sunet.se zone

dns-rest-api1.sunet.se/overlay/etc/hiera/data/local.eyaml

@@ -1,5 +1,11 @@
 ---
 knot_rest_token_secret: ENC[PKCS7,MIIC8gYJKoZIhvcNAQcDoIIC4zCCAt8CAQAxggJ6MIICdgIBADBeMEYxCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxFzAVBgNVBAMMDjE5Mi4zNi4xNzEuMjE5AhQNByDxtRKM7mjQvskJVp1wrj/QxjANBgkqhkiG9w0BAQEFAASCAgBJrZoCKLB9RrjZtwYb5uFxDcuSngzvXVVZe3BtQdSgSq9PzG5dg9me59s7nhIj2WdWFuAdW+BuQ5pa8D+xxeKoqHhUQNCfgIE70tlhI0s9TrWJogDH+QZHE7TC3z8gUNdBo51C8Aq5FqU/Mql8MxnGMe2vgsT79pyM+2PZ6uqMqw1QiOjpFOgQ0uVb1qdYlOx6WbUuuRjGPxvxTogyX+ujdvVPnDmibgAv9UKYkfArsFLYRRB/p6uo4bTvyvwWLu1FLrVH8JSWP5o9otBNAJTCu49ayz09ED8CfnVRyRrgkKOOmqTeh44vyMJtgKjTKvldbypsdbvqFYgIazHBl3aCYlNs0GPyKVFtCNoWaAqv+waZCEccv6uz4q/9XdMLw6vcKYcc38EaYHUc0hp0XbKnGjgojsjhIjCEcqEsvbWyLqkH7Kf6Yot3zE8S3kp1LfV7eHipVysxVyHPTRKZXVl8s6nKvVGk5ZCyXS6B1Ky+aRVk7yt/QvtSAG19RRywhGVEOniugICCASnc4Dyeb1eQq6PBwq6O7b0A7QFIudR2LXNG8YHWqKBBOQMCk1n4sR0S+XgurQ5RX6G3L4hIJf6awZzD9pUdoDlRmnOduv7e1eg6vUstsFU1opEQM3P9BVQThv4wOVTjyJwscXAMFvwXEx2euyYY1qNp9rquBi/FHjBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBD1ryvEYNdTd0+wpque24SfgDBOr110Jqv+Xq/onLdb1vWs6czuTQsoXqglRuZ9xxl4jcbbTawO9IHpvWug233sWQY=]
+knot_tsig:
+  knot-ladok: ENC[PKCS7,MIIC8gYJKoZIhvcNAQcDoIIC4zCCAt8CAQAxggJ6MIICdgIBADBeMEYxCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxFzAVBgNVBAMMDjE5Mi4zNi4xNzEuMjE5AhQNByDxtRKM7mjQvskJVp1wrj/QxjANBgkqhkiG9w0BAQEFAASCAgArQaSsFq9yJcYkht/l3/FmpgcDcS4u9bWM27LKTgKAb86SSZmnkB9W2nYGqq1RZ9R9HmGrqQrwmT0xdNWWQSXpAHZ/EIg/Xeg/jGRvRuND9upuSLfrY72/dWDPGt1fXGPNXzgozhMIYC8DmPuZ1GfAC3PRJJAFmhq0Ynqe761aj2Bz//K5SGTzuYcTSRz42ZQ8Sojj9pTI7BmtRxISFpgBSO6jf/X0/6Xh/mHpgDQ/Rt4X6X1shqyqfGv4Wqlf81jE+DflXpcs+iPz/irpHKmfiYkKosOFLsPLqxe7esLCx4c/yC2DPS6cmCMVNCgjaL8oQrULnhisXwzl8FBAZIr8lMvPlitxjG4GebToYPIglTbdqaEi1sdDarSpNudjkJwMUAd8ZMGL0Yc5D5iCiCHjNHc6aN/dkBZAF5P53Du+GDlfGuDOoskPjBPkcLhJJkLYKYhx9Kl9X55/3DozXd4jocWz/pvKx8hnIWmpYqDFAgn+ZKg4o/ZoGu6Z1rrSCtlqqGE/ydpiZNdFZ1oY7Mt2hXVOcnJuhbTe1k+1bTTEBfvgp6aEonLgXaYt/59R75W8UZcO3n0fivBuo8KWtkLORgm6L/OrEYPToI6TlqIfGRnCtqgQKmzBs+FoTrTVW/C98G7SzwW5dtkRHglRZp93HUr8Vb50IqjI8jFEKnq3tjBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAA7BBQTzi6WiPdXX4fXqMkgDDTkjtTf+zbSFSAuGoDAhRmODplTdJpViYxgnuu3UvX/G4qFRmA4X2giqe591qFXCA=]
+  alt-ladok: ENC[PKCS7,MIIC8gYJKoZIhvcNAQcDoIIC4zCCAt8CAQAxggJ6MIICdgIBADBeMEYxCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxFzAVBgNVBAMMDjE5Mi4zNi4xNzEuMjE5AhQNByDxtRKM7mjQvskJVp1wrj/QxjANBgkqhkiG9w0BAQEFAASCAgBJkVAcgcKO8YR0yr2nGVTSQWb7A1eJMqBbPrjTojKepIJN4zdGhLSjETmcMDDBhOVoWSRoE6U9+FRZSwjtRy2yVyPBvoMo7lENncLbT8vISWlyBhWTsXrk8SctgyaDhjD/lNwfzk1VquVuw7ncAEP/iquS+3oTM8BGs62jmVUdKaug5wJWsGDeEkxXhWwmllXCbqblkLZ2oDVW1cbMrgDAda+YT4XsncKjpyiouyvxyPvWM+6e2/9Ijg/TMljhKBT/2NRSglUH5crqpg2LDBbLavjO1gS9nsgPEUkDcUD1sWVJU4J5o+TTuPuVe69G2M4koFNEzmuM37C9jiGKWUKwzX11ayD2xs4QGWKLfG62MdlPycHcMwTHnF+Cbej9iLx5MobXFhGN1VSpUCMRdPswwrWwPodR8h/19NVYoRegiS6E/h4iWDcWlaA1b/MVk/iBy9vWXR/XHDym+8W0TwNHhYT/U4LhmPJ3BvagP86eNwyjO6XyGPxO9QOqG2f2lkB33XqE39UlJacmwV/ex2Fvej4wG3dL0qN51tH6a4KpYU+kpFYckntm9jnvnclTF8D0WjU/sH19W/GjYVoad5fzrllZr/5wGKRJr+g7X5c1GLGV8Lwu2SU36NVlHQiz5XPCoDKHVR5Qfc03FfWVDsdAJ8fJijVMAUwh/xTuhSaoijBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBC/AZcyUWdl4sVHFWcs9xfkgDBwgB9SrJWksAkDU+GCplJz1ZsvqYVfIbzYb4omVc0LT0W4p12k4aCI0diQaBgIgAY=]
+  sun-ladok: ENC[PKCS7,MIIC8gYJKoZIhvcNAQcDoIIC4zCCAt8CAQAxggJ6MIICdgIBADBeMEYxCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxFzAVBgNVBAMMDjE5Mi4zNi4xNzEuMjE5AhQNByDxtRKM7mjQvskJVp1wrj/QxjANBgkqhkiG9w0BAQEFAASCAgDcoiR9utHDFLRo0tTqOVpSkqwR0zq4ZYINcRT7FQJfN7A/3G6pJw5HbR62RxPXAZFWIoC/bqUWN4Yu7h47oSjG/rWPBlYRRPvs6Qk5BTkbkCofj32z+VT2dH65jgP0Td72kQFRVQ26j3S4D4WdylXZ/5aSIth9NxiKWcPo3to2WkDae2hPBoIg0OraLr3eRIQ3E/Ac8Mn6+zcN1HivE0QAz5jQPfagItbKqOitRY+hkCXWMxZhCJeGH7NQUizSuEEborqrsNIlQVuRs2/dhu4GZlZ4q7QnJCzl+ZjADhvXWfz0p1wDUkOArv7fmemAKkEkAIEOPTOC+nOKxceNYXDibguEV1U1Y2fWXIVdSUg5ghEuDm8683UtfFaf2MtMD0/zLdGc1n6j7FjTjYcPPs0vLdbbgSM0v87aWAgCnoEZnrAe58uUQuJKHjil96SI0blmaVLJkYeIlXtmV8b88jXdmpj8Ad1ZUczW/hANRd7Eu32CDRI9t6Ng57yH063yE7ulxzP0XhWyES47YttDCC97jqWx1qwx5I6a03rIZR17XJUvcXqX2D+W7W3IOjPlfi6N2LqnbZextZRdOyr6Kc1/hb05zRr+m8k6hhPoDPmckQURwPttpB/DRrTLFVr+ENukPmpxRyXL21Dhg1uT4KKl+1dbztgo5rQW5JNi9jn5wDBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBD6+s0d1++YsLTwWtCwPP/GgDDrNDxqNaifS5dl81F/Nv+9YNcYDt5l0YjYJhoXrcMstCIJdQk5yUHZ+o/yGpY4I9w=]
+  infra-utv-ladok: ENC[PKCS7,MIIC8gYJKoZIhvcNAQcDoIIC4zCCAt8CAQAxggJ6MIICdgIBADBeMEYxCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxFzAVBgNVBAMMDjE5Mi4zNi4xNzEuMjE5AhQNByDxtRKM7mjQvskJVp1wrj/QxjANBgkqhkiG9w0BAQEFAASCAgC0nCdeNmvlWHOrudr321lWnkSKHQiLL3/QV/a+PGXFH6zvlQQmWIXB/GXbkdqp6LV/9fBUQayW2jW71jqi1eOvkWAUeESaCxj7FEdCJvvIsJWal7Wz5zrlhrPZsDi5KkCi2FDyUnbSNiJ39b6PsG9N4uODGaSn0K+y2t1hX+yvSA/be+nNoIsj5qidv9g554u+hMVLYuv3Ha+5v4NQA+uBQqzeo3k1arzX0XtcAYQza2Se1ZkHyyTfnHx3P2a8PUcnfhJheLFlZGtFYPfS5saNjfjfalvCdOpZ/ptIhTZxQ6qT22d9pVWxppLjJQC8yunO/ZKgj73sXqe8XAww/0rbseqWvwk2TK+aK7TkAt0/m0J9+5PC4F9liCN1oOA/RhgOqcqfT132c4D2Zszol6oKWWp8wFIzE+sNFVM2tv3a+T/z0P4+l0oHkWS6Km+IrWqeR4Z2/I/VPdfGavhOZnjwVb9jy5x0rfcCA/UekCORuHXCIAz/bVFgQ0GpqLZfSATg0CFHU5V6x3JMNbe1QBvN55Q3loWHu8pygPz/fN/fnS59CMU1JBdKHyhzlyj5ooa1eiScX2go60JvYfIcQUTk0ZP45NyLMdpVa10cgYlMCcdhe7KrsjPCj6fvLoj/qrgTse8ws/ihAsTeX1bCWmPe8DIFHCRA1NRVcEGDz+S28DBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBtZBGN6rYNGhGlphF+SjkkgDBMoBy/RLBRBGENGaZxZ9vPSUxojCtq0z60nwZT05r/x27+WqNHJ1og6us/xhpVD3Q=]
+  lab-utv-ladok: ENC[PKCS7,MIIC8gYJKoZIhvcNAQcDoIIC4zCCAt8CAQAxggJ6MIICdgIBADBeMEYxCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRVlBTUwxFzAVBgNVBAMMDjE5Mi4zNi4xNzEuMjE5AhQNByDxtRKM7mjQvskJVp1wrj/QxjANBgkqhkiG9w0BAQEFAASCAgAV+Z3THlWHgOwWt6+KFt3peYIZkXs+JAzdzoCWhm1qqqMHZQ0lI2wDqvsyHX7ffh1h2hNUh9cFSGl8YSmJLqcFhKIJ3tpCEyIH4vYxY5IyBEXCAvng/fDrK9K46nIsL9oND6lamEDJc/PVEoiSwY4BdLcFGDdM7m8BXmi/vE2V93WRT99BWABhFE9vBtQ3bniphtGVvgraaoaO1e2Pc6Pn15EbRKWRlhGRcLyI3Db/k4DVoQZAbGRAmNUQJf5jPLNqz5kNwAEnsAU06V2ky37o041EMxaIF6zfBfFfhgkk1L8oIqjfRdN520XNCX0pUbYGakIP7OkTlKyoL9p3buUY0F3ou6MHUFHJENBslyXHra1AlOU6oP8VFDX6gWTpRNixTllGEnkuitBYcVFNeFoqqUjCp5wrq0nFDjJHtOiTmieAI9sPwRS+rvs2c5kdDnNpowzyBwFMF3pfH2T3s05KKmuFT04W6ajTXYz3mJ1xVuHnrkR2+jPC3I7t7Bf0edWeusDpGnz9x53NoarL99/FzjSb+Gxmtsao/1LSz0IC/Oe6xH1s4u/VxkDOMcHem4rBgr0bR8jixijdiA604MWiyP/1xvOlE3YhO33I8kus96TeS2YjrjXBAQCTOyIRyst/BpL0ISVUEH1i/j0wAw0XnyPR4nAPegd89Y/UJKMRCDBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCoUpXn8Nq9hu0sx22HpLOSgDBksY4jO87KhP9Qws/bBeeRuDNSZo1245AYbBVcF9DZmkjcqZKGFFuLYgj/g4fqrIo=]
 certbot_acmed_clients:
   dns-rest-api.sunet.se:
     allowfrom: []

dns-rest-api1.sunet.se/overlay/etc/knot/conf.d/0sunet.catalog.conf

@@ -1,15 +1,51 @@
 # 0sunet.catalog (catalog generator)
 
-#acl:
-#  - id: slave_xfr
-#    address: [ <needs to be IPs> ]
-#    action: transfer
+acl:
+  - id: txt_ddns_allow
+    action: update
+    key: knot-ladok
+    update-type: [TXT]
+    update-owner: name
+    update-owner-name: [ _acme-challenge.*.alternativ.ladok.se. ]
+    update-owner-match: pattern
+
+  - id: ddns_allow_alt_ladok
+    action: update
+    key: alt-ladok
+    update-type: [TXT]
+    update-owner: name
+    update-owner-name: [ _acme-challenge.*.alt.ladok.se., _acme-challenge.*.*.alt.ladok.se. ]
+    update-owner-match: pattern
+
+  - id: ddns_allow_sun_ladok
+    action: update
+    key: sun-ladok
+    update-type: [TXT]
+    update-owner: name
+    update-owner-name: [ _acme-challenge.*.sun.ladok.se., _acme-challenge.*.*.sun.ladok.se. ]
+    update-owner-match: pattern
+
+  - id: ddns_allow_infra_utv_ladok
+    action: update
+    key: infra-utv-ladok
+    update-type: [TXT]
+    update-owner: name
+    update-owner-name: [ _acme-challenge.*.infra.utv.ladok.se. ]
+    update-owner-match: pattern
+
+  - id: ddns_allow_lab_utv_ladok
+    action: update
+    key: lab-utv-ladok
+    update-type: [TXT]
+    update-owner: name
+    update-owner-name: [ _acme-challenge.*.lab.utv.ladok.se. ]
+    update-owner-match: pattern
+
 
 template:
   - id: 0sunet-catz
     catalog-role: member
     catalog-zone: 0sunet.catalog.
-    #acl: slave_xfr
     notify: [ ns1-sunet-se, sunic-node1, sunic-node2, sunic-node3 ]
     storage: "/var/lib/knot/catzones"
     file: "%s.zone"
@@ -17,12 +53,25 @@ template:
 zone:
   - domain: 0sunet.catalog.
     catalog-role: generate
-    #acl: slave_xfr
     notify: [ ns1-sunet-se, sunic-node1, sunic-node2, sunic-node3 ]
 
   - domain: alternativ.ladok.se.
     template: 0sunet-catz
+    acl: [txt_ddns_allow]
 
   - domain: alt.ladok.se.
     template: 0sunet-catz
+    acl: [ddns_allow_alt_ladok]
+
+  - domain: sun.ladok.se.
+    template: 0sunet-catz
+    acl: [ddns_allow_sun_ladok]
+
+  - domain: infra.utv.ladok.se.
+    template: 0sunet-catz
+    acl: [ddns_allow_infra_utv_ladok]
+
+  - domain: lab.utv.ladok.se.
+    template: 0sunet-catz
+    acl: [ddns_allow_lab_utv_ladok]
 

dns-rest-api1.sunet.se/overlay/etc/knot/conf.d/dco.sunet.se.conf

@@ -0,0 +1,6 @@
+# DCO.sunet.se (bj)
+
+zone:
+  - domain: dco.sunet.se
+    dnssec-signing: off
+    notify: [ ns1-sunet-se, sunic-node1, sunic-node2, sunic-node3 ]

dns-rest-api1.sunet.se/overlay/usr/sbin/knot_lastlogin

@@ -0,0 +1,29 @@
+#!/usr/bin/env python3
+
+import yaml
+import sqlite3
+
+try:
+    with open('/etc/knot_rest/knot_rest.yaml') as stream:
+        yamlconf = yaml.safe_load(stream)
+except Exception as e:
+    print(e)
+
+knotrestdb = yamlconf["database"].removeprefix("sqlite:///")
+
+try:
+    with sqlite3.connect(knotrestdb) as conn:
+        cur = conn.cursor()
+        cur.execute('select username, description, logged_in from user')
+        rows = cur.fetchall()
+        for row in rows:
+            username = row[0]
+            description = row[1]
+            if description == None:
+                description = "(no description)"
+            lastlogin = row[2]
+            if lastlogin == None:
+                lastlogin = "**never logged in**"
+            print(f"{username:<27}{description:<27}{lastlogin:<23}")
+except sqlite3.OperationalError as e:
+    print(e)

global/overlay/etc/puppet/modules/dns/manifests/init.pp

@@ -22,4 +22,6 @@ class dns {
   #  match => '^SystemMaxUse=',
   #  line  => 'SystemMaxUse=500M',
   #}
+
+  include sunet::starship
 }