{ config, lib, dns, ... }: with dns.lib.combinators; let my = config.my; delegateACMEDNSChallenge = acme: { _acme-challenge.CNAME = [ acme ]; }; remoteBuilders = { nix01 = [ "2001:470:1f13:187:1e07:c670:3958:f8f1" ]; }; in with my.ipv6; # contains { standard, acme } { SOA = { nameServer = "ns1.${my.subZone}."; adminEmail = my.email; serial = 2021072400; # Y M D Version }; NS = [ "ns1.${my.subZone}." ]; AAAA = standard; CAA = letsEncrypt my.email; subdomains = { git.AAAA = standard; drone.AAAA = standard; wiki.AAAA = standard; monitoring.AAAA = standard; auth.AAAA = standard; push.AAAA = standard; ns1.AAAA = standard; builders.subdomains = lib.mapAttrs (n: AAAA: { inherit AAAA; }) remoteBuilders; # Délégation de sous zone à he.gdd pour la certification HE. gdd.subdomains.he = { NS = [ "ns1.he.gdd.${my.subZone}." ]; subdomains.ns1.AAAA = [ "2001:470:1f13:187:b80d:21ff:fe43:f1a5" ]; }; acme = { NS = [ "acme.${my.subZone}." ]; AAAA = [ acme ]; }; internal.subdomains = { # Routers router01.A = [ "10.1.1.1" ]; router02.A = [ "10.1.1.2" ]; # Hypervisors pve01 = { A = [ "10.1.1.10" ]; subdomains = { idrac.A = [ "10.1.2.20" ]; } // delegateACMEDNSChallenge "7c663a49-151c-4eea-a34f-725ff9f19d41.acme.rz.ens.wtf."; }; # Core machines core01.A = [ "10.1.1.20" ]; }; }; }