Tom Hubrecht
88d9b8c3e3
Some checks failed
Check meta / check_dns (pull_request) Successful in 19s
Check meta / check_meta (pull_request) Successful in 20s
Check workflows / check_workflows (pull_request) Successful in 24s
Build all the nodes / ap01 (pull_request) Successful in 1m15s
Build all the nodes / bridge01 (pull_request) Successful in 1m53s
Build all the nodes / geo01 (pull_request) Successful in 1m55s
Build all the nodes / geo02 (pull_request) Successful in 1m53s
Build all the nodes / compute01 (pull_request) Successful in 2m33s
Build all the nodes / rescue01 (pull_request) Successful in 2m13s
Build all the nodes / storage01 (pull_request) Successful in 1m57s
Run pre-commit on all files / check (pull_request) Successful in 30s
Build all the nodes / web02 (pull_request) Successful in 1m47s
Build all the nodes / vault01 (pull_request) Successful in 2m21s
Build all the nodes / web03 (pull_request) Successful in 1m40s
Build all the nodes / web01 (pull_request) Successful in 2m54s
Check meta / check_dns (push) Successful in 20s
Check meta / check_meta (push) Successful in 19s
Check workflows / check_workflows (push) Successful in 25s
Build all the nodes / ap01 (push) Successful in 1m16s
Build all the nodes / bridge01 (push) Successful in 1m41s
Build all the nodes / geo02 (push) Successful in 1m44s
Build all the nodes / geo01 (push) Successful in 1m53s
Build all the nodes / compute01 (push) Successful in 2m20s
Build all the nodes / rescue01 (push) Successful in 1m49s
Build all the nodes / storage01 (push) Successful in 1m46s
Build all the nodes / vault01 (push) Successful in 1m45s
Run pre-commit on all files / check (push) Successful in 30s
Build all the nodes / web02 (push) Has been cancelled
Build all the nodes / web01 (push) Has been cancelled
Build all the nodes / web03 (push) Has been cancelled
Signed-off-by: Tom Hubrecht <tom.hubrecht@dgnum.eu> Acked-by: Ryan Lahfa <ryan.lahfa@dgnum.eu> Acked-by: Maurice Debray <maurice.debray@dgnum.eu> Acked-by: Lubin Bailly <lubin.bailly@dgnum.eu> Acked-by: Jean-Marc Gailis <jean-marc.gailis@dgnum.eu> as the legal authority, at the time of writing, in DGNum. Acked-by: Elias Coppens <elias.coppens@dgnum.eu> as a member, at the time of writing, of the DGNum executive counsel.
257 lines
5.8 KiB
Nix
257 lines
5.8 KiB
Nix
# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
|
|
# SPDX-FileContributor: Maurice Debray <maurice.debray@dgnum.eu>
|
|
# SPDX-FileContributor: Ryan Lahfa <ryan.lahfa@dgnum.eu>
|
|
#
|
|
# SPDX-License-Identifier: EUPL-1.2
|
|
|
|
{ lib, dns, ... }:
|
|
|
|
let
|
|
inherit (lib)
|
|
filterAttrs
|
|
mapAttrs'
|
|
nameValuePair
|
|
optional
|
|
;
|
|
|
|
inherit (lib.extra) fuseAttrs mapSingleFuse;
|
|
|
|
inherit (dns.lib.combinators) mx spf ttl;
|
|
|
|
meta = (import ./.) lib;
|
|
|
|
mkCNAME = host: { CNAME = [ host ]; };
|
|
|
|
mkHosted =
|
|
server:
|
|
{
|
|
dual ? [ ],
|
|
v4 ? [ ],
|
|
v6 ? [ ],
|
|
}:
|
|
let
|
|
base = "${server}.${meta.nodes.${server}.site}.infra";
|
|
mkHost = host: mapSingleFuse (_: mkCNAME host);
|
|
in
|
|
fuseAttrs [
|
|
(mkHost base dual)
|
|
(mkHost "v4.${base}" v4)
|
|
(mkHost "v6.${base}" v6)
|
|
];
|
|
|
|
cnames = builtins.mapAttrs (_: to: { CNAME = [ to ]; }) {
|
|
"dev" = "dev.pages.codeberg.page.";
|
|
"irc" = "public.p.lahfa.xyz.";
|
|
"webmail" = "kurisu.dual.lahfa.xyz.";
|
|
|
|
# Transition to new site names
|
|
"web01.dmi01.infra" = "web01.rat01.infra";
|
|
"web02.dmi01.infra" = "web02.rat01.infra";
|
|
"compute01.par01.infra" = "compute01.pav01.infra";
|
|
"storage01.par01.infra" = "storage01.pav01.infra";
|
|
|
|
# Miscelleanous redirections
|
|
"traque" = "traque.katvayor.net.";
|
|
|
|
# Temporary redirection for the BDS
|
|
# FIXME: finish the django apps module
|
|
"gestiobds.dj" = "cof.ens.fr.";
|
|
};
|
|
|
|
hosted = fuseAttrs (
|
|
builtins.attrValues (
|
|
builtins.mapAttrs mkHosted {
|
|
compute01.dual = [
|
|
"analytics" # Plausible Analytics
|
|
"arkheon" # Arkheon
|
|
"bridge" # Signal <-> IRC bridge
|
|
"cloud" # Nextcloud
|
|
"code" # Collabora Online
|
|
"demarches" # Démarches Normaliennes
|
|
"docs" # Outline
|
|
"grafana" # Grafana
|
|
"nms" # LibreNMS
|
|
"pads" # Hedgedoc
|
|
"pass" # Vaultwarden
|
|
"pdf" # Stirling PDF
|
|
"saml-idp" # Satosa
|
|
"social" # Mastodon
|
|
"sso" # Kanidm
|
|
"support" # Zammad support
|
|
"telegraf" # Telegraf
|
|
|
|
# Beta-grade machine learning API servers
|
|
"ollama01.beta"
|
|
"openui.beta"
|
|
"whisper.beta"
|
|
"stable-diffusion.beta"
|
|
|
|
# DGSI
|
|
"dgsi"
|
|
"profil"
|
|
];
|
|
|
|
storage01.dual = [
|
|
"tvix-store" # tvix store
|
|
"git" # Forgejo
|
|
"influx" # InfluxDB
|
|
"netbird" # Netbird
|
|
"prometheus" # Prometheus
|
|
"victoria-metrics" # Victoria Metrics
|
|
"videos" # Peertube
|
|
|
|
# Garage S3
|
|
"*.cdn"
|
|
"*.s3"
|
|
"cdn"
|
|
"s3"
|
|
# The administration endpoint for Garage.
|
|
"s3-admin"
|
|
];
|
|
|
|
rescue01.dual = [
|
|
"status" # Uptime Kuma
|
|
];
|
|
|
|
vault01.dual = [
|
|
"radius" # FreeRADIUS
|
|
];
|
|
|
|
web01.dual = [
|
|
"*.wp" # Wordpress
|
|
"calendrier" # Metis
|
|
"netbox" # Netbox
|
|
"podcasts" # Castopod
|
|
"push" # Ntfy.sh
|
|
"pub" # Url de promotion (qrcodes etc...)
|
|
|
|
# Static websites
|
|
"eleves"
|
|
"migrated.rz"
|
|
"qr"
|
|
"retired"
|
|
"web-static"
|
|
|
|
# Linkal
|
|
"*.cal"
|
|
"cal"
|
|
"linkal"
|
|
|
|
# Crab Fit
|
|
"api.meet"
|
|
"meet"
|
|
"rdv" # C.f. loi Toubon
|
|
];
|
|
|
|
web02.dual = [
|
|
"cas-eleves" # CAS server
|
|
"chat" # Mattermost
|
|
"vote" # Kadenios
|
|
];
|
|
|
|
web03.dual = [
|
|
# Django Apps
|
|
"*.webapps"
|
|
"apps-webhook"
|
|
];
|
|
}
|
|
)
|
|
);
|
|
|
|
kurisuDKIM = [
|
|
{
|
|
selector = "kurisu";
|
|
k = "rsa";
|
|
s = [ "email" ];
|
|
p = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDa5KuK6ry+Ss2VsKL0FsDpoBlc7dcXZyp62fGqFJFJv4/GEivPWiwbr2o5oLKjQVI4kIYjIZsyQJFtI/Xcu4BrtDdBknb5WvCN8V9EvIMh3pfXOBLVx4oqw4BR7wF8Rw1J9xyfgsfK+m2n0M39XlMHH0Nuy6kU48jH9vYpZs17ZQIDAQAB";
|
|
}
|
|
];
|
|
in
|
|
|
|
{
|
|
SOA = {
|
|
nameServer = "ns01.dgnum.eu.";
|
|
adminEmail = "dns.dgnum.eu";
|
|
retry = 3600;
|
|
minimum = 300;
|
|
};
|
|
|
|
# Primary DNS servers
|
|
NS = [
|
|
"ns01.dgnum.eu." # ns-03.hubrecht.ovh
|
|
"ns02.dgnum.eu." # kurisu.lahfa.xyz
|
|
];
|
|
|
|
# dgnum.codeberg.pages
|
|
# ALIAS = [ "codeberg.page" ];
|
|
A = [ "217.197.91.145" ];
|
|
AAAA = [ "2001:67c:1401:20f0::1" ];
|
|
|
|
MX = map (ttl 3600) [ (mx.mx 10 "kurisu.lahfa.xyz.") ];
|
|
|
|
SRV = [
|
|
{
|
|
service = "autodiscover";
|
|
proto = "tcp";
|
|
port = 443;
|
|
target = "autoconfig.mail.lahfa.xyz.";
|
|
}
|
|
];
|
|
|
|
TXT = [
|
|
"dgnum.codeberg.page"
|
|
(spf.strict [ "a:kurisu.lahfa.xyz" ])
|
|
];
|
|
DMARC = [ { p = "none"; } ];
|
|
DKIM = kurisuDKIM;
|
|
|
|
subdomains =
|
|
hosted
|
|
// cnames
|
|
// {
|
|
ns01 = {
|
|
A = [ "51.178.27.125" ];
|
|
AAAA = [ "2001:41d0:305:2100::542c" ];
|
|
};
|
|
ns02 = {
|
|
A = [ "163.172.69.160" ];
|
|
AAAA = [ "2001:bc8:38ee::1" ];
|
|
};
|
|
}
|
|
// {
|
|
infra = {
|
|
MX = map (ttl 3600) [ (mx.mx 10 "kurisu.lahfa.xyz.") ];
|
|
|
|
TXT = [ (spf.strict [ "a:kurisu.lahfa.xyz" ]) ];
|
|
DMARC = [ { p = "none"; } ];
|
|
DKIM = kurisuDKIM;
|
|
|
|
subdomains = mapAttrs' (
|
|
host:
|
|
{ site, ... }:
|
|
let
|
|
net = meta.network.${host};
|
|
inherit (net.addresses) ipv4 ipv6;
|
|
in
|
|
nameValuePair "${host}.${site}" {
|
|
A = ipv4;
|
|
AAAA = ipv6;
|
|
subdomains = {
|
|
v4.A = ipv4;
|
|
v6.AAAA = ipv6;
|
|
private.A = optional (net.netbirdIp != null) net.netbirdIp;
|
|
};
|
|
}
|
|
) (filterAttrs (_: { nixpkgs, ... }: nixpkgs.system == "nixos") meta.nodes);
|
|
};
|
|
}
|
|
// {
|
|
lab = {
|
|
NS = [ "ns01.lab.dgnum.eu." ];
|
|
|
|
subdomains.ns01 = {
|
|
A = [ "45.13.104.26" ];
|
|
};
|
|
};
|
|
};
|
|
}
|