From 1e254d5f279dae7e6ec222f94a47304bf9678c50 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Wed, 31 Jan 2024 15:27:26 +0100 Subject: [PATCH] feat(meta): Add dns config v0 --- meta/default.nix | 45 +++++++++---- meta/dns.nix | 162 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 193 insertions(+), 14 deletions(-) create mode 100644 meta/dns.nix diff --git a/meta/default.nix b/meta/default.nix index a719a8b..cbbfa6e 100644 --- a/meta/default.nix +++ b/meta/default.nix @@ -15,31 +15,48 @@ let # node02 = zone01; # node03 = zone02; # } - locations = builtins.foldl' - (a: loc: a // loc) - { } - (builtins.concatLists (builtins.attrValues (builtins.mapAttrs - (zone: builtins.map (n: { ${n} = zone; })) - infra))); + locations = builtins.foldl' (a: loc: a // loc) { } ( + builtins.concatLists ( + builtins.attrValues (builtins.mapAttrs (zone: builtins.map (n: { ${n} = zone; })) infra) + ) + ); ### # Add computed data about the nodes : # - zone # - deployment tags # - network information - mkNode = node: attrs: attrs // { - zone = locations.${node}; - deployment = let old = attrs.deployment; in old // { - tags = (old.tags or [ ]) ++ [ "infra-${locations.${node}}" ]; - targetHost = old.targetHost or (builtins.head network.${node}.addresses.public); + mkNode = + node: attrs: + attrs + // { + zone = locations.${node}; + deployment = + let + old = attrs.deployment; + in + old + // { + tags = (old.tags or [ ]) ++ [ "infra-${locations.${node}}" ]; + targetHost = old.targetHost or (builtins.head network.${node}.addresses.public); + }; }; - }; infra = import ./infrastructure.nix; members = import ./members.nix; network = import ./network.nix; nodes = builtins.mapAttrs mkNode (import ./nodes.nix); -in -{ inherit infra members network nodes; } + meta = { + inherit + infra + members + network + nodes + ; + }; + + dns = args: import ./dns.nix (args // { inherit meta; }); +in +meta // { inherit dns; } diff --git a/meta/dns.nix b/meta/dns.nix new file mode 100644 index 0000000..4cdb787 --- /dev/null +++ b/meta/dns.nix @@ -0,0 +1,162 @@ +{ + lib, + meta, + dns, + ... +}: + +let + inherit (lib.extra) fuseAttrs mapSingleFuse; + + inherit (dns.lib.combinators) mx spf ttl; + + mkCNAME = host: { CNAME = [ host ]; }; + + mkRecord = + host: + let + net = meta.network.${host}; + in + { + A = net.addresses.publicV4; + AAAA = net.addresses.publicV6; + }; + + mkHosted = server: mapSingleFuse (_: mkCNAME "${server}.${meta.nodes.${server}.zone}.infra"); + + cnames = builtins.mapAttrs (_: to: { CNAME = [ to ]; }) { + dev = "dev.pages.codeberg.page."; + irc = "public.p.lahfa.xyz."; + webmail = "kurisu.dual.lahfa.xyz."; + + "*.cal" = "cal.dgnum.eu."; + }; + + hosted = fuseAttrs ( + builtins.attrValues ( + builtins.mapAttrs mkHosted { + compute01 = [ + # Nextcloud + "cloud" + # Collabora Online + "code" + # Démarches Normaliennes + "demarches" + # Outline + "docs" + # Hedgedoc + "pads" + # Vaultwarden + "pass" + # Mastodon + "social" + # R Studio + "rstudio" + # Satosa + "saml-idp" + # Kanidm + "sso" + # Support + "support" + ]; + + storage01 = [ + # Attic + "cachix" + # Forgejo + "git" + # Netbird + "netbird" + # Garage S3 + "cdn" + "s3" + "*.cdn" + "*.s3" + # Peertube + "video" + ]; + + web01 = [ + # Plausible Analytics + "analytics" + # Linkal + "*.cal" + "cal" + "linkal" + # Metis + "calendrier" + # Static websites + "retired" + "eleves" + "qr" + "retired" + # Crab Fit + "api.meet" + "meet" + # ??? + "erp" + # Castopod + "podcasts" + # Ntfy.sh + "push" + # Wordpress + "*.wp" + ]; + } + ) + ); + + infra.subdomains = + builtins.mapAttrs (_: nodes: { subdomains = mapSingleFuse mkRecord nodes; }) + meta.infra; + + kurisuDKIM = [ + { + selector = "kurisu"; + k = "rsa"; + s = [ "email" ]; + p = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDa5KuK6ry+Ss2VsKL0FsDpoBlc7dcXZyp62fGqFJFJv4/GEivPWiwbr2o5oLKjQVI4kIYjIZsyQJFtI/Xcu4BrtDdBknb5WvCN8V9EvIMh3pfXOBLVx4oqw4BR7wF8Rw1J9xyfgsfK+m2n0M39XlMHH0Nuy6kU48jH9vYpZs17ZQIDAQAB"; + } + ]; +in + +{ + # Primary DNS servers + NS = [ + "ns01.dgnum.eu." # ns-03.hubrecht.ovh + "ns02.dgnum.eu." + ]; + + # dgnum.codeberg.pages + # ALIAS = [ "codeberg.page" ]; + A = [ "217.197.91.145" ]; + AAAA = [ "2001:67c:1401:20f0::1" ]; + + MX = map (ttl 3600) [ (mx.mx 10 "kurisu.lahfa.xyz.") ]; + + TXT = [ + "dgnum.codeberg.page" + (spf.strict [ "a:kurisu.lahfa.xyz" ]) + ]; + DMARC = [ { p = "none"; } ]; + DKIM = kurisuDKIM; + + subdomains = + hosted + // cnames + // { + ns01 = { + A = [ "51.178.27.125" ]; + AAAA = [ "2001:41d0:305:2100::542c" ]; + }; + } + // { + infra = infra // { + MX = map (ttl 3600) [ (mx.mx 10 "kurisu.lahfa.xyz.") ]; + + TXT = [ (spf.strict [ "a:kurisu.lahfa.xyz" ]) ]; + DMARC = [ { p = "none"; } ]; + DKIM = kurisuDKIM; + }; + }; +}