feat(dgn-dns): Remove module as the DNS will be hosted externally
Some checks failed
build configuration / build_compute01 (push) Failing after 41s
build configuration / build_storage01 (push) Failing after 42s
build configuration / build_web02 (push) Failing after 43s
build configuration / build_web01 (push) Failing after 44s
build configuration / build_vault01 (push) Failing after 47s
ds-fr update / npins_update (push) Successful in 2m1s
Some checks failed
build configuration / build_compute01 (push) Failing after 41s
build configuration / build_storage01 (push) Failing after 42s
build configuration / build_web02 (push) Failing after 43s
build configuration / build_web01 (push) Failing after 44s
build configuration / build_vault01 (push) Failing after 47s
ds-fr update / npins_update (push) Successful in 2m1s
This commit is contained in:
parent
3c8e3f39fc
commit
31e2387a25
|
|
@ -1,33 +0,0 @@
|
|||
args@{ config, lib, meta, name, sources, ... }:
|
||||
|
||||
let
|
||||
inherit (lib)
|
||||
mkEnableOption
|
||||
mkIf;
|
||||
|
||||
dns = import sources."dns.nix";
|
||||
|
||||
cfg = config.dgn-dns;
|
||||
in
|
||||
|
||||
{
|
||||
options.dgn-dns = {
|
||||
enable = mkEnableOption "an authoritative dns service on this server.";
|
||||
};
|
||||
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services.nsd = {
|
||||
enable = true;
|
||||
|
||||
interfaces = meta.network.${name}.addresses.public;
|
||||
|
||||
zones = import ./zones (args // { inherit dns; });
|
||||
};
|
||||
|
||||
networking.firewall = {
|
||||
allowedTCPPorts = [ 53 ];
|
||||
allowedUDPPorts = [ 53 ];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -1 +0,0 @@
|
|||
2024012101
|
||||
|
|
@ -1,97 +0,0 @@
|
|||
{ lib, meta, dns, ... }:
|
||||
|
||||
let
|
||||
inherit (lib.extra)
|
||||
fuseAttrs
|
||||
mapSingleFuse;
|
||||
|
||||
inherit (dns.lib.combinators)
|
||||
mx
|
||||
spf
|
||||
ttl;
|
||||
|
||||
mkCNAME = host: { CNAME = [ host ]; };
|
||||
|
||||
mkRecord = host:
|
||||
let net = meta.network.${host}; in
|
||||
{
|
||||
A = net.addresses.publicV4;
|
||||
AAAA = net.addresses.publicV6;
|
||||
};
|
||||
|
||||
mkNS = { A, AAAA, ... }: { inherit A AAAA; };
|
||||
|
||||
mkHosted = server: mapSingleFuse (_: mkCNAME "${server}.${meta.nodes.${server}.zone}.infra");
|
||||
|
||||
hosted = fuseAttrs (builtins.attrValues
|
||||
(builtins.mapAttrs mkHosted {
|
||||
compute01 = [
|
||||
"social"
|
||||
];
|
||||
|
||||
storage01 = [
|
||||
"cloud"
|
||||
"git"
|
||||
"s3"
|
||||
"video"
|
||||
];
|
||||
|
||||
web01 = [
|
||||
"analytics"
|
||||
"erp"
|
||||
];
|
||||
})
|
||||
);
|
||||
|
||||
infra.subdomains = builtins.mapAttrs
|
||||
(_: nodes: { subdomains = mapSingleFuse mkRecord nodes; })
|
||||
meta.infra;
|
||||
|
||||
kurisuDKIM = [{
|
||||
selector = "kurisu";
|
||||
k = "rsa";
|
||||
s = [ "email" ];
|
||||
p = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDa5KuK6ry+Ss2VsKL0FsDpoBlc7dcXZyp62fGqFJFJv4/GEivPWiwbr2o5oLKjQVI4kIYjIZsyQJFtI/Xcu4BrtDdBknb5WvCN8V9EvIMh3pfXOBLVx4oqw4BR7wF8Rw1J9xyfgsfK+m2n0M39XlMHH0Nuy6kU48jH9vYpZs17ZQIDAQAB";
|
||||
}];
|
||||
in
|
||||
|
||||
{
|
||||
# Primary DNS servers
|
||||
NS = [
|
||||
"ns01.dgnum.eu."
|
||||
];
|
||||
|
||||
# dgnum.codeberg.pages
|
||||
# ALIAS = [ "codeberg.page" ];
|
||||
A = [ "217.197.91.145" ];
|
||||
AAAA = [ "2001:67c:1401:20f0::1" ];
|
||||
|
||||
MX = map (ttl 3600) [
|
||||
(mx.mx 10 "kurisu.lahfa.xyz.")
|
||||
];
|
||||
|
||||
TXT = [
|
||||
"dgnum.codeberg.page"
|
||||
(spf.strict [ "a:kurisu.lahfa.xyz" ])
|
||||
];
|
||||
DMARC = [{ p = "none"; }];
|
||||
DKIM = kurisuDKIM;
|
||||
|
||||
subdomains = hosted // {
|
||||
ns01 = mkNS infra.subdomains.par01.subdomains.compute01;
|
||||
} // {
|
||||
infra = infra // {
|
||||
MX = map (ttl 3600) [
|
||||
(mx.mx 10 "kurisu.lahfa.xyz.")
|
||||
];
|
||||
|
||||
TXT = [ (spf.strict [ "a:kurisu.lahfa.xyz" ]) ];
|
||||
DMARC = [{ p = "none"; }];
|
||||
DKIM = kurisuDKIM;
|
||||
};
|
||||
|
||||
dev.CNAME = [ "dev.pages.codeberg.page." ];
|
||||
irc.CNAME = [ "public.p.lahfa.xyz." ];
|
||||
webmail.CNAME = [ "kurisu.dual.lahfa.xyz." ];
|
||||
};
|
||||
}
|
||||
|
|
@ -1,52 +0,0 @@
|
|||
args@{ lib, dns, ... }:
|
||||
|
||||
let
|
||||
inherit (lib.extra)
|
||||
mapSingleFuse
|
||||
mkRel
|
||||
recursiveFuse;
|
||||
|
||||
delegations = {
|
||||
"dgnum.eu" = {
|
||||
"ns-01.hubrecht.ovh." = [ "51.15.174.50" ];
|
||||
"ns-03.hubrecht.ovh." = [ "51.178.27.125" ];
|
||||
"kurisu.dual.lahfa.xyz." = [ ];
|
||||
};
|
||||
};
|
||||
|
||||
servedZones = [
|
||||
"dgnum.eu"
|
||||
|
||||
# For reverse DNS
|
||||
# "ip6.arpa"
|
||||
];
|
||||
|
||||
SOA = {
|
||||
nameServer = "ns01.dgnum.eu.";
|
||||
adminEmail = "dns.dgnum.eu";
|
||||
serial = import ../serial.nix;
|
||||
retry = 3600;
|
||||
minimum = 300;
|
||||
};
|
||||
|
||||
mkZone = zone:
|
||||
let
|
||||
secondaryDNS = builtins.map
|
||||
(ip: "${ip} NOKEY")
|
||||
(builtins.concatLists (builtins.attrValues (delegations.${zone} or { })));
|
||||
in
|
||||
{
|
||||
data =
|
||||
let attrs = import (mkRel ./. "_${zone}.nix") args; in
|
||||
dns.lib.toString zone (recursiveFuse [
|
||||
{ inherit SOA; }
|
||||
attrs
|
||||
{ NS = attrs.NS ++ (builtins.attrNames (delegations.${zone} or { })); }
|
||||
]);
|
||||
|
||||
provideXFR = secondaryDNS;
|
||||
notify = secondaryDNS;
|
||||
};
|
||||
in
|
||||
|
||||
mapSingleFuse mkZone servedZones
|
||||
Loading…
Reference in a new issue