infrastructure/machines/core-services-01/subZone.nix

{ config, lib, dns, ... }:

with dns.lib.combinators;
let
  my = config.my;
  public-cof-ips = {
    A = [ "45.13.104.27" ];
    AAAA = [ "2001:470:1f13:187:c08e:feff:fe4d:f5f5" ];
  };
  delegateACMEDNSChallenge = acme: { _acme-challenge.CNAME = [ acme ]; };

  remoteBuilders = {
    nix01 = [ "2001:470:1f13:187:611:4514:d93a:f80a" ];
  };
  mkProxyRecord = AAAA: { inherit AAAA; A = [ "45.13.104.29" ]; };
  dualstack = {
    A = my.ipv4;
    AAAA = my.ipv6.standard;
  };
in
dualstack // {
  SOA = {
    nameServer = "ns1.${my.subZone}.";
    adminEmail = my.email;
    serial = 2021111400; # Y M D Version
  };

  NS = [
    "ns1.${my.subZone}."
  ];

  CAA = letsEncrypt my.email;

  subdomains = {
    git = dualstack;
    drone = dualstack;
    wiki = dualstack;
    monitoring = dualstack;
    auth = dualstack;
    push = dualstack;
    tailscale = dualstack;
    inventory = dualstack;
    core01 = dualstack;
    ns1 = dualstack;

    builders.subdomains = lib.mapAttrs (n: AAAA: { inherit AAAA; }) remoteBuilders;

    gdd = {
      NS = [ "ns1.gdd.${my.subZone}." ];
      subdomains.ns1.AAAA = [ "2001:470:1f13:187:350a:214a:639c:b97b" ];
      AAAA = [ "2001:470:1f13:187:350a:214a:639c:b97b" ];
    };

    acme = {
      NS = [ "acme.${my.subZone}." ];
      A = my.ipv4;
      AAAA = [ my.ipv6.acme ];
    };

    beta = public-cof-ips // {
      subdomains = {
        traque = mkProxyRecord [ "2001:470:1f13:187:f053:94ff:fe46:9664" ];
        nuage = public-cof-ips;
        todo = public-cof-ips;
        minecraft = public-cof-ips;
        factorio = public-cof-ips;
        home = public-cof-ips;
        pads = public-cof-ips // {
          subdomains = {
            api = public-cof-ips;
            files = public-cof-ips;
            sandbox = public-cof-ips;
          };
        };
        docs = public-cof-ips;
        jurisprudens = public-cof-ips;
        rstudio = public-cof-ips;
    };
  };


    internal.subdomains = {
      # Routers
      router01.A = [ "10.1.1.1" ];
      router02.A = [ "10.1.1.1" ];

      # Hypervisors
      pve01 = {
        A = [ "10.1.1.10" ];
        subdomains = {
          idrac.A = [ "10.1.2.20" ];
        } // delegateACMEDNSChallenge "7c663a49-151c-4eea-a34f-725ff9f19d41.acme.rz.ens.wtf.";
      };

      # Core machines
      core01.A = [ "10.1.1.20" ];
    };
  };
}
dns: add nix01.builders.rz.ens.wtf 2021-07-28 23:55:23 +02:00			`{ config, lib, dns, ... }:`
Integrate core-services-01 in a nice workflow (#1) This enables the tracking of core-services-01 over the infrastructure repository. Co-authored-by: Gabriel DORIATH DOHLER <gabriel.doriath.dohler@ens.psl.eu> Reviewed-on: https://git.rz.ens.wtf/Klub-RZ/infrastructure/pulls/1 Co-authored-by: raito <raito@noreply.git.rz.ens.wtf> Co-committed-by: raito <raito@noreply.git.rz.ens.wtf> 2021-07-26 01:29:05 +02:00
			`with dns.lib.combinators;`
			`let`
			`my = config.my;`
ipv4 for public-cof 2022-01-25 18:12:54 +01:00			`public-cof-ips = {`
			`A = [ "45.13.104.27" ];`
			`AAAA = [ "2001:470:1f13:187:c08e:feff:fe4d:f5f5" ];`
			`};`
Integrate core-services-01 in a nice workflow (#1) This enables the tracking of core-services-01 over the infrastructure repository. Co-authored-by: Gabriel DORIATH DOHLER <gabriel.doriath.dohler@ens.psl.eu> Reviewed-on: https://git.rz.ens.wtf/Klub-RZ/infrastructure/pulls/1 Co-authored-by: raito <raito@noreply.git.rz.ens.wtf> Co-committed-by: raito <raito@noreply.git.rz.ens.wtf> 2021-07-26 01:29:05 +02:00			`delegateACMEDNSChallenge = acme: { _acme-challenge.CNAME = [ acme ]; };`
dns: add nix01.builders.rz.ens.wtf 2021-07-28 23:55:23 +02:00
			`remoteBuilders = {`
Fix remote builder ip address 2022-08-15 00:00:55 +02:00			`nix01 = [ "2001:470:1f13:187:611:4514:d93a:f80a" ];`
dns: add nix01.builders.rz.ens.wtf 2021-07-28 23:55:23 +02:00			`};`
feat(public-cof): add IPv4 → IPv6 proxy 2022-09-10 15:29:51 +02:00			`mkProxyRecord = AAAA: { inherit AAAA; A = [ "45.13.104.29" ]; };`
core-services: adjust to our changes in IPv4 network for MWAN/local net 2021-12-19 14:51:12 +01:00			`dualstack = {`
			`A = my.ipv4;`
			`AAAA = my.ipv6.standard;`
			`};`
Integrate core-services-01 in a nice workflow (#1) This enables the tracking of core-services-01 over the infrastructure repository. Co-authored-by: Gabriel DORIATH DOHLER <gabriel.doriath.dohler@ens.psl.eu> Reviewed-on: https://git.rz.ens.wtf/Klub-RZ/infrastructure/pulls/1 Co-authored-by: raito <raito@noreply.git.rz.ens.wtf> Co-committed-by: raito <raito@noreply.git.rz.ens.wtf> 2021-07-26 01:29:05 +02:00			`in`
core-services: adjust to our changes in IPv4 network for MWAN/local net 2021-12-19 14:51:12 +01:00			`dualstack // {`
Integrate core-services-01 in a nice workflow (#1) This enables the tracking of core-services-01 over the infrastructure repository. Co-authored-by: Gabriel DORIATH DOHLER <gabriel.doriath.dohler@ens.psl.eu> Reviewed-on: https://git.rz.ens.wtf/Klub-RZ/infrastructure/pulls/1 Co-authored-by: raito <raito@noreply.git.rz.ens.wtf> Co-committed-by: raito <raito@noreply.git.rz.ens.wtf> 2021-07-26 01:29:05 +02:00			`SOA = {`
			`nameServer = "ns1.${my.subZone}.";`
			`adminEmail = my.email;`
start a cryptpad module 2021-11-15 00:09:44 +01:00			`serial = 2021111400; # Y M D Version`
Integrate core-services-01 in a nice workflow (#1) This enables the tracking of core-services-01 over the infrastructure repository. Co-authored-by: Gabriel DORIATH DOHLER <gabriel.doriath.dohler@ens.psl.eu> Reviewed-on: https://git.rz.ens.wtf/Klub-RZ/infrastructure/pulls/1 Co-authored-by: raito <raito@noreply.git.rz.ens.wtf> Co-committed-by: raito <raito@noreply.git.rz.ens.wtf> 2021-07-26 01:29:05 +02:00			`};`

			`NS = [`
			`"ns1.${my.subZone}."`
			`];`

			`CAA = letsEncrypt my.email;`

			`subdomains = {`
core-services: adjust to our changes in IPv4 network for MWAN/local net 2021-12-19 14:51:12 +01:00			`git = dualstack;`
			`drone = dualstack;`
			`wiki = dualstack;`
			`monitoring = dualstack;`
			`auth = dualstack;`
			`push = dualstack;`
Headscale support (upgrade to latest nixpkgs) (#9) This adds Headscale support. It provides also an upgrade to Keycloak 18.0.0 (Quarkus distribution). It upgrades NextCloud from 22 to 23. Reviewed-on: https://git.rz.ens.wtf/Klub-RZ/infrastructure/pulls/9 Co-authored-by: Ryan Lahfa <raito@noreply.git.rz.ens.wtf> Co-committed-by: Ryan Lahfa <raito@noreply.git.rz.ens.wtf> 2022-06-26 23:48:43 +02:00			`tailscale = dualstack;`
feat(core01): add inventory.rz.ens.wtf → snipe-it instance 2022-09-06 01:06:39 +02:00			`inventory = dualstack;`
core-services: adjust to our changes in IPv4 network for MWAN/local net 2021-12-19 14:51:12 +01:00			`core01 = dualstack;`
			`ns1 = dualstack;`
Integrate core-services-01 in a nice workflow (#1) This enables the tracking of core-services-01 over the infrastructure repository. Co-authored-by: Gabriel DORIATH DOHLER <gabriel.doriath.dohler@ens.psl.eu> Reviewed-on: https://git.rz.ens.wtf/Klub-RZ/infrastructure/pulls/1 Co-authored-by: raito <raito@noreply.git.rz.ens.wtf> Co-committed-by: raito <raito@noreply.git.rz.ens.wtf> 2021-07-26 01:29:05 +02:00
dns: add nix01.builders.rz.ens.wtf 2021-07-28 23:55:23 +02:00			`builders.subdomains = lib.mapAttrs (n: AAAA: { inherit AAAA; }) remoteBuilders;`

delegate the gdd subzone 2021-11-12 00:59:59 +01:00			`gdd = {`
			`NS = [ "ns1.gdd.${my.subZone}." ];`
			`subdomains.ns1.AAAA = [ "2001:470:1f13:187:350a:214a:639c:b97b" ];`
add AAAA for gdd.rz.ens.wtf 2021-11-13 00:59:59 +01:00			`AAAA = [ "2001:470:1f13:187:350a:214a:639c:b97b" ];`
delegate the gdd subzone 2021-11-12 00:59:59 +01:00			`};`
Integrate core-services-01 in a nice workflow (#1) This enables the tracking of core-services-01 over the infrastructure repository. Co-authored-by: Gabriel DORIATH DOHLER <gabriel.doriath.dohler@ens.psl.eu> Reviewed-on: https://git.rz.ens.wtf/Klub-RZ/infrastructure/pulls/1 Co-authored-by: raito <raito@noreply.git.rz.ens.wtf> Co-committed-by: raito <raito@noreply.git.rz.ens.wtf> 2021-07-26 01:29:05 +02:00
			`acme = {`
			`NS = [ "acme.${my.subZone}." ];`
core01: add MrF key, default gateway, A for acme 2022-01-25 00:37:12 +01:00			`A = my.ipv4;`
core-services: adjust to our changes in IPv4 network for MWAN/local net 2021-12-19 14:51:12 +01:00			`AAAA = [ my.ipv6.acme ];`
Integrate core-services-01 in a nice workflow (#1) This enables the tracking of core-services-01 over the infrastructure repository. Co-authored-by: Gabriel DORIATH DOHLER <gabriel.doriath.dohler@ens.psl.eu> Reviewed-on: https://git.rz.ens.wtf/Klub-RZ/infrastructure/pulls/1 Co-authored-by: raito <raito@noreply.git.rz.ens.wtf> Co-committed-by: raito <raito@noreply.git.rz.ens.wtf> 2021-07-26 01:29:05 +02:00			`};`

ipv4 for public-cof 2022-01-25 18:12:54 +01:00			`beta = public-cof-ips // {`
core-services: adjust to our changes in IPv4 network for MWAN/local net 2021-12-19 14:51:12 +01:00			`subdomains = {`
feat(public-cof): add IPv4 → IPv6 proxy 2022-09-10 15:29:51 +02:00			`traque = mkProxyRecord [ "2001:470:1f13:187:f053:94ff:fe46:9664" ];`
ipv4 for public-cof 2022-01-25 18:12:54 +01:00			`nuage = public-cof-ips;`
core01: add todo.beta.rz.ens.wtf DNS 2022-09-13 18:49:38 +02:00			`todo = public-cof-ips;`
ipv4 for public-cof 2022-01-25 18:12:54 +01:00			`minecraft = public-cof-ips;`
			`factorio = public-cof-ips;`
			`home = public-cof-ips;`
			`pads = public-cof-ips // {`
			`subdomains = {`
			`api = public-cof-ips;`
			`files = public-cof-ips;`
			`sandbox = public-cof-ips;`
			`};`
core01/public-cof: flush changes, router02 → router01 2022-01-24 22:04:43 +01:00			`};`
ipv4 for public-cof 2022-01-25 18:12:54 +01:00			`docs = public-cof-ips;`
			`jurisprudens = public-cof-ips;`
feat: add rstudio.beta.rz.ens.wtf basic features 2022-08-17 18:06:26 +02:00			`rstudio = public-cof-ips;`
add DNS records for public-cof's future services 2021-11-13 00:59:59 +01:00			`};`
core-services: adjust to our changes in IPv4 network for MWAN/local net 2021-12-19 14:51:12 +01:00			`};`
dns: add backup.gdd.rz.ens.wtf 2021-08-04 15:59:21 +02:00
start a cryptpad module 2021-11-15 00:09:44 +01:00
Integrate core-services-01 in a nice workflow (#1) This enables the tracking of core-services-01 over the infrastructure repository. Co-authored-by: Gabriel DORIATH DOHLER <gabriel.doriath.dohler@ens.psl.eu> Reviewed-on: https://git.rz.ens.wtf/Klub-RZ/infrastructure/pulls/1 Co-authored-by: raito <raito@noreply.git.rz.ens.wtf> Co-committed-by: raito <raito@noreply.git.rz.ens.wtf> 2021-07-26 01:29:05 +02:00			`internal.subdomains = {`
core-services-01: add backup repository for VyOS 2021-08-04 15:59:02 +02:00			`# Routers`
			`router01.A = [ "10.1.1.1" ];`
core01/public-cof: flush changes, router02 → router01 2022-01-24 22:04:43 +01:00			`router02.A = [ "10.1.1.1" ];`
core-services-01: add backup repository for VyOS 2021-08-04 15:59:02 +02:00
			`# Hypervisors`
Integrate core-services-01 in a nice workflow (#1) This enables the tracking of core-services-01 over the infrastructure repository. Co-authored-by: Gabriel DORIATH DOHLER <gabriel.doriath.dohler@ens.psl.eu> Reviewed-on: https://git.rz.ens.wtf/Klub-RZ/infrastructure/pulls/1 Co-authored-by: raito <raito@noreply.git.rz.ens.wtf> Co-committed-by: raito <raito@noreply.git.rz.ens.wtf> 2021-07-26 01:29:05 +02:00			`pve01 = {`
			`A = [ "10.1.1.10" ];`
			`subdomains = {`
			`idrac.A = [ "10.1.2.20" ];`
			`} // delegateACMEDNSChallenge "7c663a49-151c-4eea-a34f-725ff9f19d41.acme.rz.ens.wtf.";`
			`};`
core-services-01: add backup repository for VyOS 2021-08-04 15:59:02 +02:00
			`# Core machines`
			`core01.A = [ "10.1.1.20" ];`
Integrate core-services-01 in a nice workflow (#1) This enables the tracking of core-services-01 over the infrastructure repository. Co-authored-by: Gabriel DORIATH DOHLER <gabriel.doriath.dohler@ens.psl.eu> Reviewed-on: https://git.rz.ens.wtf/Klub-RZ/infrastructure/pulls/1 Co-authored-by: raito <raito@noreply.git.rz.ens.wtf> Co-committed-by: raito <raito@noreply.git.rz.ens.wtf> 2021-07-26 01:29:05 +02:00			`};`
			`};`
			`}`