Ryan Malloy
48cddc91cf
Lays the groundwork for a future CoreDNS rfc2136 plugin that will accept TSIG-authenticated dynamic DNS updates from Caddy (via caddy-dns/rfc2136), enabling self-hosted ACME DNS-01 cert automation without depending on registrar APIs. Nothing in this commit is active at runtime: - Corefile additions are commented out - coredns/Dockerfile references a plugin repo that doesn't exist yet - scripts/acme-add-domain.sh just appends CNAME glue but has nothing to talk to until the plugin is built Architecture and implementation plan: ~/.claude/plans/dood-does-coredns-offer-enumerated-piglet.md Secret management: TSIG key generated and stored in .env.local (gitignored). .env.local.example documents the expected shape.
8 lines
318 B
Plaintext
8 lines
318 B
Plaintext
# Template for .env.local — copy to .env.local and fill in real values.
|
|
# .env.local is gitignored; this file documents what must be in it.
|
|
|
|
# TSIG shared secret for rfc2136 plugin + caddy-dns/rfc2136.
|
|
# Generate with: openssl rand -base64 32
|
|
# Rotate by regenerating + restarting CoreDNS + Caddy.
|
|
ACME_TSIG_SECRET=
|