infrastructure/machines/core-services-01/subZone.nix

58 lines
1.2 KiB
Nix
Raw Normal View History

{ config, dns, ... }:
with dns.lib.combinators;
let
my = config.my;
delegateACMEDNSChallenge = acme: { _acme-challenge.CNAME = [ acme ]; };
in
with my.ipv6; # contains { standard, acme }
{
SOA = {
nameServer = "ns1.${my.subZone}.";
adminEmail = my.email;
serial = 2021072400; # Y M D Version
};
NS = [
"ns1.${my.subZone}."
];
AAAA = standard;
CAA = letsEncrypt my.email;
subdomains = {
git.AAAA = standard;
drone.AAAA = standard;
wiki.AAAA = standard;
monitoring.AAAA = standard;
auth.AAAA = standard;
push.AAAA = standard;
ns1.AAAA = standard;
# Délégation de sous zone à he.gdd pour la certification HE.
gdd.subdomains.he = {
NS = [ "ns1.he.gdd.${my.subZone}." ];
subdomains.ns1.AAAA = [ "2001:470:1f13:187:b80d:21ff:fe43:f1a5" ];
};
acme = {
NS = [ "acme.${my.subZone}." ];
AAAA = [ acme ];
};
internal.subdomains = {
core01 = {
A = [ "10.1.1.20" ];
};
pve01 = {
A = [ "10.1.1.10" ];
subdomains = {
idrac.A = [ "10.1.2.20" ];
} // delegateACMEDNSChallenge "7c663a49-151c-4eea-a34f-725ff9f19d41.acme.rz.ens.wtf.";
};
};
};
}