infrastructure/meta/dns.nix
Tom Hubrecht 76ec967fba
Some checks failed
build configuration / build_compute01 (push) Failing after 46s
build configuration / build_vault01 (push) Failing after 47s
build configuration / build_web02 (push) Failing after 46s
build configuration / build_web01 (push) Failing after 47s
build configuration / build_storage01 (push) Failing after 47s
feat(meta.dns): Add kurisu.lahfa.xyz as ns02
2024-01-31 20:20:29 +01:00

173 lines
3.4 KiB
Nix

{
lib,
meta,
dns,
...
}:
let
inherit (lib.extra) fuseAttrs mapSingleFuse;
inherit (dns.lib.combinators) mx spf ttl;
mkCNAME = host: { CNAME = [ host ]; };
mkRecord =
host:
let
net = meta.network.${host};
in
{
A = net.addresses.publicV4;
AAAA = net.addresses.publicV6;
};
mkHosted = server: mapSingleFuse (_: mkCNAME "${server}.${meta.nodes.${server}.zone}.infra");
cnames = builtins.mapAttrs (_: to: { CNAME = [ to ]; }) {
dev = "dev.pages.codeberg.page.";
irc = "public.p.lahfa.xyz.";
webmail = "kurisu.dual.lahfa.xyz.";
"*.cal" = "cal.dgnum.eu.";
};
hosted = fuseAttrs (
builtins.attrValues (
builtins.mapAttrs mkHosted {
compute01 = [
# Nextcloud
"cloud"
# Collabora Online
"code"
# Démarches Normaliennes
"demarches"
# Outline
"docs"
# Hedgedoc
"pads"
# Vaultwarden
"pass"
# Mastodon
"social"
# R Studio
"rstudio"
# Satosa
"saml-idp"
# Kanidm
"sso"
# Support
"support"
];
storage01 = [
# Attic
"cachix"
# Forgejo
"git"
# Netbird
"netbird"
# Garage S3
"cdn"
"s3"
"*.cdn"
"*.s3"
# Peertube
"video"
];
web01 = [
# Plausible Analytics
"analytics"
# Linkal
"*.cal"
"cal"
"linkal"
# Metis
"calendrier"
# Static websites
"retired"
"eleves"
"qr"
"retired"
# Crab Fit
"api.meet"
"meet"
# ???
"erp"
# Castopod
"podcasts"
# Ntfy.sh
"push"
# Wordpress
"*.wp"
];
}
)
);
infra.subdomains =
builtins.mapAttrs (_: nodes: { subdomains = mapSingleFuse mkRecord nodes; })
meta.infra;
kurisuDKIM = [
{
selector = "kurisu";
k = "rsa";
s = [ "email" ];
p = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDa5KuK6ry+Ss2VsKL0FsDpoBlc7dcXZyp62fGqFJFJv4/GEivPWiwbr2o5oLKjQVI4kIYjIZsyQJFtI/Xcu4BrtDdBknb5WvCN8V9EvIMh3pfXOBLVx4oqw4BR7wF8Rw1J9xyfgsfK+m2n0M39XlMHH0Nuy6kU48jH9vYpZs17ZQIDAQAB";
}
];
in
{
SOA = {
nameServer = "ns01.dgnum.eu.";
adminEmail = "dns.dgnum.eu";
retry = 3600;
minimum = 300;
};
# Primary DNS servers
NS = [
"ns01.dgnum.eu." # ns-03.hubrecht.ovh
"ns02.dgnum.eu." # kurisu.lahfa.xyz
];
# dgnum.codeberg.pages
# ALIAS = [ "codeberg.page" ];
A = [ "217.197.91.145" ];
AAAA = [ "2001:67c:1401:20f0::1" ];
MX = map (ttl 3600) [ (mx.mx 10 "kurisu.lahfa.xyz.") ];
TXT = [
"dgnum.codeberg.page"
(spf.strict [ "a:kurisu.lahfa.xyz" ])
];
DMARC = [ { p = "none"; } ];
DKIM = kurisuDKIM;
subdomains =
hosted
// cnames
// {
ns01 = {
A = [ "51.178.27.125" ];
AAAA = [ "2001:41d0:305:2100::542c" ];
};
ns02 = {
A = [ "163.172.69.160" ];
AAAA = [ "2001:bc8:38ee::1" ];
};
}
// {
infra = infra // {
MX = map (ttl 3600) [ (mx.mx 10 "kurisu.lahfa.xyz.") ];
TXT = [ (spf.strict [ "a:kurisu.lahfa.xyz" ]) ];
DMARC = [ { p = "none"; } ];
DKIM = kurisuDKIM;
};
};
}