feat(meta): Add dns config v0
All checks were successful
build configuration / build_storage01 (push) Successful in 49s
build configuration / build_vault01 (push) Successful in 44s
build configuration / build_compute01 (push) Successful in 1m10s
build configuration / build_web02 (push) Successful in 41s
build configuration / build_web01 (push) Successful in 1m1s

This commit is contained in:
Tom Hubrecht 2024-01-31 15:27:26 +01:00
parent ef460753a8
commit 1e254d5f27
2 changed files with 193 additions and 14 deletions

View file

@ -15,31 +15,48 @@ let
# node02 = zone01; # node02 = zone01;
# node03 = zone02; # node03 = zone02;
# } # }
locations = builtins.foldl' locations = builtins.foldl' (a: loc: a // loc) { } (
(a: loc: a // loc) builtins.concatLists (
{ } builtins.attrValues (builtins.mapAttrs (zone: builtins.map (n: { ${n} = zone; })) infra)
(builtins.concatLists (builtins.attrValues (builtins.mapAttrs )
(zone: builtins.map (n: { ${n} = zone; })) );
infra)));
### ###
# Add computed data about the nodes : # Add computed data about the nodes :
# - zone # - zone
# - deployment tags # - deployment tags
# - network information # - network information
mkNode = node: attrs: attrs // { mkNode =
zone = locations.${node}; node: attrs:
deployment = let old = attrs.deployment; in old // { attrs
tags = (old.tags or [ ]) ++ [ "infra-${locations.${node}}" ]; // {
targetHost = old.targetHost or (builtins.head network.${node}.addresses.public); zone = locations.${node};
deployment =
let
old = attrs.deployment;
in
old
// {
tags = (old.tags or [ ]) ++ [ "infra-${locations.${node}}" ];
targetHost = old.targetHost or (builtins.head network.${node}.addresses.public);
};
}; };
};
infra = import ./infrastructure.nix; infra = import ./infrastructure.nix;
members = import ./members.nix; members = import ./members.nix;
network = import ./network.nix; network = import ./network.nix;
nodes = builtins.mapAttrs mkNode (import ./nodes.nix); nodes = builtins.mapAttrs mkNode (import ./nodes.nix);
in
{ inherit infra members network nodes; } meta = {
inherit
infra
members
network
nodes
;
};
dns = args: import ./dns.nix (args // { inherit meta; });
in
meta // { inherit dns; }

162
meta/dns.nix Normal file
View file

@ -0,0 +1,162 @@
{
lib,
meta,
dns,
...
}:
let
inherit (lib.extra) fuseAttrs mapSingleFuse;
inherit (dns.lib.combinators) mx spf ttl;
mkCNAME = host: { CNAME = [ host ]; };
mkRecord =
host:
let
net = meta.network.${host};
in
{
A = net.addresses.publicV4;
AAAA = net.addresses.publicV6;
};
mkHosted = server: mapSingleFuse (_: mkCNAME "${server}.${meta.nodes.${server}.zone}.infra");
cnames = builtins.mapAttrs (_: to: { CNAME = [ to ]; }) {
dev = "dev.pages.codeberg.page.";
irc = "public.p.lahfa.xyz.";
webmail = "kurisu.dual.lahfa.xyz.";
"*.cal" = "cal.dgnum.eu.";
};
hosted = fuseAttrs (
builtins.attrValues (
builtins.mapAttrs mkHosted {
compute01 = [
# Nextcloud
"cloud"
# Collabora Online
"code"
# Démarches Normaliennes
"demarches"
# Outline
"docs"
# Hedgedoc
"pads"
# Vaultwarden
"pass"
# Mastodon
"social"
# R Studio
"rstudio"
# Satosa
"saml-idp"
# Kanidm
"sso"
# Support
"support"
];
storage01 = [
# Attic
"cachix"
# Forgejo
"git"
# Netbird
"netbird"
# Garage S3
"cdn"
"s3"
"*.cdn"
"*.s3"
# Peertube
"video"
];
web01 = [
# Plausible Analytics
"analytics"
# Linkal
"*.cal"
"cal"
"linkal"
# Metis
"calendrier"
# Static websites
"retired"
"eleves"
"qr"
"retired"
# Crab Fit
"api.meet"
"meet"
# ???
"erp"
# Castopod
"podcasts"
# Ntfy.sh
"push"
# Wordpress
"*.wp"
];
}
)
);
infra.subdomains =
builtins.mapAttrs (_: nodes: { subdomains = mapSingleFuse mkRecord nodes; })
meta.infra;
kurisuDKIM = [
{
selector = "kurisu";
k = "rsa";
s = [ "email" ];
p = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDa5KuK6ry+Ss2VsKL0FsDpoBlc7dcXZyp62fGqFJFJv4/GEivPWiwbr2o5oLKjQVI4kIYjIZsyQJFtI/Xcu4BrtDdBknb5WvCN8V9EvIMh3pfXOBLVx4oqw4BR7wF8Rw1J9xyfgsfK+m2n0M39XlMHH0Nuy6kU48jH9vYpZs17ZQIDAQAB";
}
];
in
{
# Primary DNS servers
NS = [
"ns01.dgnum.eu." # ns-03.hubrecht.ovh
"ns02.dgnum.eu."
];
# dgnum.codeberg.pages
# ALIAS = [ "codeberg.page" ];
A = [ "217.197.91.145" ];
AAAA = [ "2001:67c:1401:20f0::1" ];
MX = map (ttl 3600) [ (mx.mx 10 "kurisu.lahfa.xyz.") ];
TXT = [
"dgnum.codeberg.page"
(spf.strict [ "a:kurisu.lahfa.xyz" ])
];
DMARC = [ { p = "none"; } ];
DKIM = kurisuDKIM;
subdomains =
hosted
// cnames
// {
ns01 = {
A = [ "51.178.27.125" ];
AAAA = [ "2001:41d0:305:2100::542c" ];
};
}
// {
infra = infra // {
MX = map (ttl 3600) [ (mx.mx 10 "kurisu.lahfa.xyz.") ];
TXT = [ (spf.strict [ "a:kurisu.lahfa.xyz" ]) ];
DMARC = [ { p = "none"; } ];
DKIM = kurisuDKIM;
};
};
}