{ lib, dns, ... }: let inherit (lib) mapAttrs' nameValuePair optional; inherit (lib.extra) fuseAttrs mapSingleFuse; inherit (dns.lib.combinators) mx spf ttl; meta = (import ./.) lib; mkCNAME = host: { CNAME = [ host ]; }; mkHosted = server: { dual ? [ ], v4 ? [ ], v6 ? [ ], }: let base = "${server}.${meta.nodes.${server}.site}.infra"; mkHost = host: mapSingleFuse (_: mkCNAME host); in fuseAttrs [ (mkHost base dual) (mkHost "v4.${base}" v4) (mkHost "v6.${base}" v6) ]; cnames = builtins.mapAttrs (_: to: { CNAME = [ to ]; }) { "dev" = "dev.pages.codeberg.page."; "irc" = "public.p.lahfa.xyz."; "webmail" = "kurisu.dual.lahfa.xyz."; # Transition to new site names "web01.dmi01.infra" = "web01.rat01.infra"; "web02.dmi01.infra" = "web02.rat01.infra"; "compute01.par01.infra" = "compute01.pav01.infra"; "storage01.par01.infra" = "storage01.pav01.infra"; # Miscelleanous redirections "traque" = "traque.katvayor.net."; # Temporary redirection for the BDS # FIXME: finish the django apps module "gestiobds.dj" = "cof.ens.fr."; }; hosted = fuseAttrs ( builtins.attrValues ( builtins.mapAttrs mkHosted { compute01.dual = [ "analytics" # Plausible Analytics "arkheon" # Arkheon "bridge" # Signal <-> IRC bridge "cloud" # Nextcloud "code" # Collabora Online "demarches" # Démarches Normaliennes "docs" # Outline "grafana" # Grafana "nms" # LibreNMS "pads" # Hedgedoc "pass" # Vaultwarden "pdf" # Stirling PDF "saml-idp" # Satosa "social" # Mastodon "sso" # Kanidm "support" # Zammad support "telegraf" # Telegraf # Beta-grade machine learning API servers "ollama01.beta" "openui.beta" "whisper.beta" "stable-diffusion.beta" # DGSI "dgsi" "profil" ]; storage01.dual = [ "tvix-store" # tvix store "git" # Forgejo "influx" # InfluxDB "netbird" # Netbird "prometheus" # Prometheus "victoria-metrics" # Victoria Metrics "videos" # Peertube # Garage S3 "*.cdn" "*.s3" "cdn" "s3" # The administration endpoint for Garage. "s3-admin" ]; rescue01.dual = [ "status" # Uptime Kuma ]; vault01.dual = [ "radius" # FreeRADIUS ]; web01.dual = [ "*.wp" # Wordpress "calendrier" # Metis "netbox" # Netbox "podcasts" # Castopod "push" # Ntfy.sh "pub" # Url de promotion (qrcodes etc...) # Static websites "eleves" "migrated.rz" "qr" "retired" "web-static" # Linkal "*.cal" "cal" "linkal" # Crab Fit "api.meet" "meet" "rdv" # C.f. loi Toubon ]; web02.dual = [ "cas-eleves" # CAS server "chat" # Mattermost "vote" # Kadenios ]; web03.dual = [ # Django Apps "*.webapps" "apps-webhook" ]; } ) ); kurisuDKIM = [ { selector = "kurisu"; k = "rsa"; s = [ "email" ]; p = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDa5KuK6ry+Ss2VsKL0FsDpoBlc7dcXZyp62fGqFJFJv4/GEivPWiwbr2o5oLKjQVI4kIYjIZsyQJFtI/Xcu4BrtDdBknb5WvCN8V9EvIMh3pfXOBLVx4oqw4BR7wF8Rw1J9xyfgsfK+m2n0M39XlMHH0Nuy6kU48jH9vYpZs17ZQIDAQAB"; } ]; in { SOA = { nameServer = "ns01.dgnum.eu."; adminEmail = "dns.dgnum.eu"; retry = 3600; minimum = 300; }; # Primary DNS servers NS = [ "ns01.dgnum.eu." # ns-03.hubrecht.ovh "ns02.dgnum.eu." # kurisu.lahfa.xyz ]; # dgnum.codeberg.pages # ALIAS = [ "codeberg.page" ]; A = [ "217.197.91.145" ]; AAAA = [ "2001:67c:1401:20f0::1" ]; MX = map (ttl 3600) [ (mx.mx 10 "kurisu.lahfa.xyz.") ]; SRV = [ { service = "autodiscover"; proto = "tcp"; port = 443; target = "autoconfig.mail.lahfa.xyz."; } ]; TXT = [ "dgnum.codeberg.page" (spf.strict [ "a:kurisu.lahfa.xyz" ]) ]; DMARC = [ { p = "none"; } ]; DKIM = kurisuDKIM; subdomains = hosted // cnames // { ns01 = { A = [ "51.178.27.125" ]; AAAA = [ "2001:41d0:305:2100::542c" ]; }; ns02 = { A = [ "163.172.69.160" ]; AAAA = [ "2001:bc8:38ee::1" ]; }; } // { infra = { MX = map (ttl 3600) [ (mx.mx 10 "kurisu.lahfa.xyz.") ]; TXT = [ (spf.strict [ "a:kurisu.lahfa.xyz" ]) ]; DMARC = [ { p = "none"; } ]; DKIM = kurisuDKIM; subdomains = mapAttrs' ( host: { site, ... }: let net = meta.network.${host}; inherit (net.addresses) ipv4 ipv6; in nameValuePair "${host}.${site}" { A = ipv4; AAAA = ipv6; subdomains = { v4.A = ipv4; v6.AAAA = ipv6; private.A = optional (net.netbirdIp != null) net.netbirdIp; }; } ) meta.nodes; }; }; }