infrastructure/meta/dns.nix

259 lines
5.8 KiB
Nix
Raw Permalink Normal View History

# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
# SPDX-FileContributor: Maurice Debray <maurice.debray@dgnum.eu>
# SPDX-FileContributor: Ryan Lahfa <ryan.lahfa@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2
2024-02-23 12:20:12 +01:00
{ lib, dns, ... }:
2024-01-31 15:27:26 +01:00
let
inherit (lib)
filterAttrs
mapAttrs'
nameValuePair
optional
;
2024-01-31 15:27:26 +01:00
inherit (lib.extra) fuseAttrs mapSingleFuse;
inherit (dns.lib.combinators) mx spf ttl;
2024-02-23 12:20:12 +01:00
meta = (import ./.) lib;
2024-02-23 10:50:50 +01:00
2024-01-31 15:27:26 +01:00
mkCNAME = host: { CNAME = [ host ]; };
2024-03-29 11:41:13 +01:00
mkHosted =
server:
{
dual ? [ ],
v4 ? [ ],
v6 ? [ ],
}:
let
base = "${server}.${meta.nodes.${server}.site}.infra";
mkHost = host: mapSingleFuse (_: mkCNAME host);
in
fuseAttrs [
(mkHost base dual)
(mkHost "v4.${base}" v4)
(mkHost "v6.${base}" v6)
];
2024-01-31 15:27:26 +01:00
cnames = builtins.mapAttrs (_: to: { CNAME = [ to ]; }) {
2024-02-23 12:20:12 +01:00
"dev" = "dev.pages.codeberg.page.";
"irc" = "public.p.lahfa.xyz.";
"webmail" = "kurisu.dual.lahfa.xyz.";
# Transition to new site names
"web01.dmi01.infra" = "web01.rat01.infra";
"web02.dmi01.infra" = "web02.rat01.infra";
"compute01.par01.infra" = "compute01.pav01.infra";
"storage01.par01.infra" = "storage01.pav01.infra";
# Miscelleanous redirections
2024-07-11 11:06:57 +02:00
"traque" = "traque.katvayor.net.";
2024-08-30 10:07:44 +02:00
# Temporary redirection for the BDS
# FIXME: finish the django apps module
2024-08-30 10:13:33 +02:00
"gestiobds.dj" = "cof.ens.fr.";
2024-01-31 15:27:26 +01:00
};
hosted = fuseAttrs (
builtins.attrValues (
builtins.mapAttrs mkHosted {
2024-03-29 11:41:13 +01:00
compute01.dual = [
"analytics" # Plausible Analytics
2024-03-08 11:07:19 +01:00
"arkheon" # Arkheon
"bridge" # Signal <-> IRC bridge
2024-02-23 13:44:16 +01:00
"cloud" # Nextcloud
"code" # Collabora Online
"demarches" # Démarches Normaliennes
"docs" # Outline
"grafana" # Grafana
"nms" # LibreNMS
"pads" # Hedgedoc
"pass" # Vaultwarden
"pdf" # Stirling PDF
2024-02-23 13:44:16 +01:00
"saml-idp" # Satosa
2024-12-28 22:43:55 +01:00
"search.infra" # Extranix
2024-02-23 13:44:16 +01:00
"social" # Mastodon
"sso" # Kanidm
"support" # Zammad support
"telegraf" # Telegraf
# Beta-grade machine learning API servers
"ollama01.beta"
"openui.beta"
"whisper.beta"
"stable-diffusion.beta"
# DGSI
"dgsi"
"profil"
2024-01-31 15:27:26 +01:00
];
2024-03-29 11:41:13 +01:00
storage01.dual = [
2024-07-23 20:47:25 +02:00
"tvix-store" # tvix store
2024-02-23 13:44:16 +01:00
"git" # Forgejo
"influx" # InfluxDB
"netbird" # Netbird
"prometheus" # Prometheus
2024-10-21 11:15:31 +02:00
"victoria-metrics" # Victoria Metrics
2024-02-23 13:44:16 +01:00
"videos" # Peertube
2024-12-17 22:14:40 +01:00
"pub"
2024-02-23 13:44:16 +01:00
2024-01-31 15:27:26 +01:00
# Garage S3
"*.cdn"
"*.s3"
2024-02-23 13:44:16 +01:00
"cdn"
"s3"
# The administration endpoint for Garage.
"s3-admin"
2024-01-31 15:27:26 +01:00
];
2024-04-04 13:36:41 +02:00
rescue01.dual = [
"status" # Uptime Kuma
];
2024-03-29 11:41:13 +01:00
vault01.dual = [
"radius" # FreeRADIUS
];
2024-03-29 11:41:13 +01:00
web01.dual = [
2024-02-23 13:44:16 +01:00
"*.wp" # Wordpress
"calendrier" # Metis
"netbox" # Netbox
"podcasts" # Castopod
"push" # Ntfy.sh
# Static websites
"eleves"
"migrated.rz"
"qr"
"retired"
"web-static"
2024-01-31 15:27:26 +01:00
# Linkal
"*.cal"
"cal"
"linkal"
2024-02-23 13:44:16 +01:00
2024-01-31 15:27:26 +01:00
# Crab Fit
"api.meet"
"meet"
2024-02-23 13:44:16 +01:00
"rdv" # C.f. loi Toubon
2024-01-31 15:27:26 +01:00
];
2024-07-02 18:04:46 +02:00
2024-07-07 13:10:58 +02:00
web02.dual = [
2024-10-17 23:02:54 +02:00
"cas-eleves" # CAS server
"chat" # Mattermost
"vote" # Kadenios
2024-07-07 13:10:58 +02:00
];
web03.dual = [
# Django Apps
"*.webapps"
"apps-webhook"
];
2024-01-31 15:27:26 +01:00
}
)
);
kurisuDKIM = [
{
selector = "kurisu";
k = "rsa";
s = [ "email" ];
p = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDa5KuK6ry+Ss2VsKL0FsDpoBlc7dcXZyp62fGqFJFJv4/GEivPWiwbr2o5oLKjQVI4kIYjIZsyQJFtI/Xcu4BrtDdBknb5WvCN8V9EvIMh3pfXOBLVx4oqw4BR7wF8Rw1J9xyfgsfK+m2n0M39XlMHH0Nuy6kU48jH9vYpZs17ZQIDAQAB";
}
];
in
{
2024-01-31 15:46:31 +01:00
SOA = {
nameServer = "ns01.dgnum.eu.";
adminEmail = "dns.dgnum.eu";
retry = 3600;
minimum = 300;
};
2024-01-31 15:27:26 +01:00
# Primary DNS servers
NS = [
"ns01.dgnum.eu." # ns-03.hubrecht.ovh
"ns02.dgnum.eu." # kurisu.lahfa.xyz
2024-01-31 15:27:26 +01:00
];
# dgnum.codeberg.pages
# ALIAS = [ "codeberg.page" ];
A = [ "217.197.91.145" ];
AAAA = [ "2001:67c:1401:20f0::1" ];
MX = map (ttl 3600) [ (mx.mx 10 "kurisu.lahfa.xyz.") ];
2024-02-23 14:16:07 +01:00
SRV = [
{
service = "autodiscover";
proto = "tcp";
port = 443;
target = "autoconfig.mail.lahfa.xyz.";
}
];
2024-01-31 15:27:26 +01:00
TXT = [
"dgnum.codeberg.page"
(spf.strict [ "a:kurisu.lahfa.xyz" ])
];
DMARC = [ { p = "none"; } ];
DKIM = kurisuDKIM;
subdomains =
hosted
// cnames
// {
ns01 = {
A = [ "51.178.27.125" ];
AAAA = [ "2001:41d0:305:2100::542c" ];
};
ns02 = {
A = [ "163.172.69.160" ];
AAAA = [ "2001:bc8:38ee::1" ];
};
2024-01-31 15:27:26 +01:00
}
// {
2024-02-23 12:20:12 +01:00
infra = {
2024-01-31 15:27:26 +01:00
MX = map (ttl 3600) [ (mx.mx 10 "kurisu.lahfa.xyz.") ];
TXT = [ (spf.strict [ "a:kurisu.lahfa.xyz" ]) ];
DMARC = [ { p = "none"; } ];
DKIM = kurisuDKIM;
2024-02-23 12:20:12 +01:00
subdomains = mapAttrs' (
host:
{ site, ... }:
let
net = meta.network.${host};
inherit (net.addresses) ipv4 ipv6;
in
nameValuePair "${host}.${site}" {
A = ipv4;
AAAA = ipv6;
subdomains = {
v4.A = ipv4;
v6.AAAA = ipv6;
private.A = optional (net.netbirdIp != null) net.netbirdIp;
};
}
) (filterAttrs (_: { nixpkgs, ... }: nixpkgs.system == "nixos") meta.nodes);
2024-01-31 15:27:26 +01:00
};
}
// {
lab = {
NS = [ "ns01.lab.dgnum.eu." ];
subdomains.ns01 = {
A = [ "45.13.104.26" ];
};
};
2024-01-31 15:27:26 +01:00
};
}