Tom Hubrecht
76ec967fba
Some checks failed
build configuration / build_compute01 (push) Failing after 46s
build configuration / build_vault01 (push) Failing after 47s
build configuration / build_web02 (push) Failing after 46s
build configuration / build_web01 (push) Failing after 47s
build configuration / build_storage01 (push) Failing after 47s
173 lines
3.4 KiB
Nix
173 lines
3.4 KiB
Nix
{
|
|
lib,
|
|
meta,
|
|
dns,
|
|
...
|
|
}:
|
|
|
|
let
|
|
inherit (lib.extra) fuseAttrs mapSingleFuse;
|
|
|
|
inherit (dns.lib.combinators) mx spf ttl;
|
|
|
|
mkCNAME = host: { CNAME = [ host ]; };
|
|
|
|
mkRecord =
|
|
host:
|
|
let
|
|
net = meta.network.${host};
|
|
in
|
|
{
|
|
A = net.addresses.publicV4;
|
|
AAAA = net.addresses.publicV6;
|
|
};
|
|
|
|
mkHosted = server: mapSingleFuse (_: mkCNAME "${server}.${meta.nodes.${server}.zone}.infra");
|
|
|
|
cnames = builtins.mapAttrs (_: to: { CNAME = [ to ]; }) {
|
|
dev = "dev.pages.codeberg.page.";
|
|
irc = "public.p.lahfa.xyz.";
|
|
webmail = "kurisu.dual.lahfa.xyz.";
|
|
|
|
"*.cal" = "cal.dgnum.eu.";
|
|
};
|
|
|
|
hosted = fuseAttrs (
|
|
builtins.attrValues (
|
|
builtins.mapAttrs mkHosted {
|
|
compute01 = [
|
|
# Nextcloud
|
|
"cloud"
|
|
# Collabora Online
|
|
"code"
|
|
# Démarches Normaliennes
|
|
"demarches"
|
|
# Outline
|
|
"docs"
|
|
# Hedgedoc
|
|
"pads"
|
|
# Vaultwarden
|
|
"pass"
|
|
# Mastodon
|
|
"social"
|
|
# R Studio
|
|
"rstudio"
|
|
# Satosa
|
|
"saml-idp"
|
|
# Kanidm
|
|
"sso"
|
|
# Support
|
|
"support"
|
|
];
|
|
|
|
storage01 = [
|
|
# Attic
|
|
"cachix"
|
|
# Forgejo
|
|
"git"
|
|
# Netbird
|
|
"netbird"
|
|
# Garage S3
|
|
"cdn"
|
|
"s3"
|
|
"*.cdn"
|
|
"*.s3"
|
|
# Peertube
|
|
"video"
|
|
];
|
|
|
|
web01 = [
|
|
# Plausible Analytics
|
|
"analytics"
|
|
# Linkal
|
|
"*.cal"
|
|
"cal"
|
|
"linkal"
|
|
# Metis
|
|
"calendrier"
|
|
# Static websites
|
|
"retired"
|
|
"eleves"
|
|
"qr"
|
|
"retired"
|
|
# Crab Fit
|
|
"api.meet"
|
|
"meet"
|
|
# ???
|
|
"erp"
|
|
# Castopod
|
|
"podcasts"
|
|
# Ntfy.sh
|
|
"push"
|
|
# Wordpress
|
|
"*.wp"
|
|
];
|
|
}
|
|
)
|
|
);
|
|
|
|
infra.subdomains =
|
|
builtins.mapAttrs (_: nodes: { subdomains = mapSingleFuse mkRecord nodes; })
|
|
meta.infra;
|
|
|
|
kurisuDKIM = [
|
|
{
|
|
selector = "kurisu";
|
|
k = "rsa";
|
|
s = [ "email" ];
|
|
p = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDa5KuK6ry+Ss2VsKL0FsDpoBlc7dcXZyp62fGqFJFJv4/GEivPWiwbr2o5oLKjQVI4kIYjIZsyQJFtI/Xcu4BrtDdBknb5WvCN8V9EvIMh3pfXOBLVx4oqw4BR7wF8Rw1J9xyfgsfK+m2n0M39XlMHH0Nuy6kU48jH9vYpZs17ZQIDAQAB";
|
|
}
|
|
];
|
|
in
|
|
|
|
{
|
|
SOA = {
|
|
nameServer = "ns01.dgnum.eu.";
|
|
adminEmail = "dns.dgnum.eu";
|
|
retry = 3600;
|
|
minimum = 300;
|
|
};
|
|
|
|
# Primary DNS servers
|
|
NS = [
|
|
"ns01.dgnum.eu." # ns-03.hubrecht.ovh
|
|
"ns02.dgnum.eu." # kurisu.lahfa.xyz
|
|
];
|
|
|
|
# dgnum.codeberg.pages
|
|
# ALIAS = [ "codeberg.page" ];
|
|
A = [ "217.197.91.145" ];
|
|
AAAA = [ "2001:67c:1401:20f0::1" ];
|
|
|
|
MX = map (ttl 3600) [ (mx.mx 10 "kurisu.lahfa.xyz.") ];
|
|
|
|
TXT = [
|
|
"dgnum.codeberg.page"
|
|
(spf.strict [ "a:kurisu.lahfa.xyz" ])
|
|
];
|
|
DMARC = [ { p = "none"; } ];
|
|
DKIM = kurisuDKIM;
|
|
|
|
subdomains =
|
|
hosted
|
|
// cnames
|
|
// {
|
|
ns01 = {
|
|
A = [ "51.178.27.125" ];
|
|
AAAA = [ "2001:41d0:305:2100::542c" ];
|
|
};
|
|
ns02 = {
|
|
A = [ "163.172.69.160" ];
|
|
AAAA = [ "2001:bc8:38ee::1" ];
|
|
};
|
|
}
|
|
// {
|
|
infra = infra // {
|
|
MX = map (ttl 3600) [ (mx.mx 10 "kurisu.lahfa.xyz.") ];
|
|
|
|
TXT = [ (spf.strict [ "a:kurisu.lahfa.xyz" ]) ];
|
|
DMARC = [ { p = "none"; } ];
|
|
DKIM = kurisuDKIM;
|
|
};
|
|
};
|
|
}
|