2024-12-12 14:41:43 +01:00
|
|
|
# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
|
|
|
|
# SPDX-FileContributor: Maurice Debray <maurice.debray@dgnum.eu>
|
|
|
|
# SPDX-FileContributor: Ryan Lahfa <ryan.lahfa@dgnum.eu>
|
|
|
|
#
|
|
|
|
# SPDX-License-Identifier: EUPL-1.2
|
|
|
|
|
2024-02-23 12:20:12 +01:00
|
|
|
{ lib, dns, ... }:
|
2024-01-31 15:27:26 +01:00
|
|
|
|
|
|
|
let
|
2024-12-08 12:19:31 +01:00
|
|
|
inherit (lib)
|
|
|
|
filterAttrs
|
|
|
|
mapAttrs'
|
|
|
|
nameValuePair
|
|
|
|
optional
|
|
|
|
;
|
|
|
|
|
2024-01-31 15:27:26 +01:00
|
|
|
inherit (lib.extra) fuseAttrs mapSingleFuse;
|
|
|
|
|
|
|
|
inherit (dns.lib.combinators) mx spf ttl;
|
|
|
|
|
2024-02-23 12:20:12 +01:00
|
|
|
meta = (import ./.) lib;
|
2024-02-23 10:50:50 +01:00
|
|
|
|
2024-01-31 15:27:26 +01:00
|
|
|
mkCNAME = host: { CNAME = [ host ]; };
|
|
|
|
|
2024-03-29 11:41:13 +01:00
|
|
|
mkHosted =
|
|
|
|
server:
|
|
|
|
{
|
|
|
|
dual ? [ ],
|
|
|
|
v4 ? [ ],
|
|
|
|
v6 ? [ ],
|
|
|
|
}:
|
|
|
|
let
|
|
|
|
base = "${server}.${meta.nodes.${server}.site}.infra";
|
|
|
|
mkHost = host: mapSingleFuse (_: mkCNAME host);
|
|
|
|
in
|
|
|
|
fuseAttrs [
|
|
|
|
(mkHost base dual)
|
|
|
|
(mkHost "v4.${base}" v4)
|
|
|
|
(mkHost "v6.${base}" v6)
|
|
|
|
];
|
2024-01-31 15:27:26 +01:00
|
|
|
|
|
|
|
cnames = builtins.mapAttrs (_: to: { CNAME = [ to ]; }) {
|
2024-02-23 12:20:12 +01:00
|
|
|
"dev" = "dev.pages.codeberg.page.";
|
|
|
|
"irc" = "public.p.lahfa.xyz.";
|
|
|
|
"webmail" = "kurisu.dual.lahfa.xyz.";
|
2024-03-22 20:51:04 +01:00
|
|
|
|
|
|
|
# Transition to new site names
|
|
|
|
"web01.dmi01.infra" = "web01.rat01.infra";
|
|
|
|
"web02.dmi01.infra" = "web02.rat01.infra";
|
|
|
|
"compute01.par01.infra" = "compute01.pav01.infra";
|
|
|
|
"storage01.par01.infra" = "storage01.pav01.infra";
|
2024-07-11 11:06:57 +02:00
|
|
|
|
|
|
|
# Miscelleanous redirections
|
2024-07-11 11:06:57 +02:00
|
|
|
"traque" = "traque.katvayor.net.";
|
2024-08-30 10:07:44 +02:00
|
|
|
|
|
|
|
# Temporary redirection for the BDS
|
|
|
|
# FIXME: finish the django apps module
|
2024-08-30 10:13:33 +02:00
|
|
|
"gestiobds.dj" = "cof.ens.fr.";
|
2024-01-31 15:27:26 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
hosted = fuseAttrs (
|
|
|
|
builtins.attrValues (
|
|
|
|
builtins.mapAttrs mkHosted {
|
2024-03-29 11:41:13 +01:00
|
|
|
compute01.dual = [
|
2024-04-21 21:49:59 +02:00
|
|
|
"analytics" # Plausible Analytics
|
2024-03-08 11:07:19 +01:00
|
|
|
"arkheon" # Arkheon
|
2024-07-19 17:26:59 +02:00
|
|
|
"bridge" # Signal <-> IRC bridge
|
2024-02-23 13:44:16 +01:00
|
|
|
"cloud" # Nextcloud
|
|
|
|
"code" # Collabora Online
|
|
|
|
"demarches" # Démarches Normaliennes
|
|
|
|
"docs" # Outline
|
|
|
|
"grafana" # Grafana
|
|
|
|
"nms" # LibreNMS
|
|
|
|
"pads" # Hedgedoc
|
|
|
|
"pass" # Vaultwarden
|
2024-04-19 14:40:09 +02:00
|
|
|
"pdf" # Stirling PDF
|
2024-02-23 13:44:16 +01:00
|
|
|
"saml-idp" # Satosa
|
|
|
|
"social" # Mastodon
|
|
|
|
"sso" # Kanidm
|
|
|
|
"support" # Zammad support
|
|
|
|
"telegraf" # Telegraf
|
2024-09-24 20:53:00 +02:00
|
|
|
|
2024-10-10 17:35:40 +02:00
|
|
|
# Beta-grade machine learning API servers
|
|
|
|
"ollama01.beta"
|
|
|
|
"openui.beta"
|
|
|
|
"whisper.beta"
|
|
|
|
"stable-diffusion.beta"
|
|
|
|
|
2024-09-24 20:53:00 +02:00
|
|
|
# DGSI
|
|
|
|
"dgsi"
|
|
|
|
"profil"
|
2024-01-31 15:27:26 +01:00
|
|
|
];
|
|
|
|
|
2024-03-29 11:41:13 +01:00
|
|
|
storage01.dual = [
|
2024-07-23 20:47:25 +02:00
|
|
|
"tvix-store" # tvix store
|
2024-02-23 13:44:16 +01:00
|
|
|
"git" # Forgejo
|
|
|
|
"influx" # InfluxDB
|
|
|
|
"netbird" # Netbird
|
|
|
|
"prometheus" # Prometheus
|
2024-10-21 11:15:31 +02:00
|
|
|
"victoria-metrics" # Victoria Metrics
|
2024-02-23 13:44:16 +01:00
|
|
|
"videos" # Peertube
|
2024-12-17 22:14:40 +01:00
|
|
|
"pub"
|
2024-02-23 13:44:16 +01:00
|
|
|
|
2024-01-31 15:27:26 +01:00
|
|
|
# Garage S3
|
|
|
|
"*.cdn"
|
|
|
|
"*.s3"
|
2024-02-23 13:44:16 +01:00
|
|
|
"cdn"
|
|
|
|
"s3"
|
2024-10-10 16:45:23 +02:00
|
|
|
# The administration endpoint for Garage.
|
|
|
|
"s3-admin"
|
2024-01-31 15:27:26 +01:00
|
|
|
];
|
|
|
|
|
2024-04-04 13:36:41 +02:00
|
|
|
rescue01.dual = [
|
|
|
|
"status" # Uptime Kuma
|
|
|
|
];
|
2024-03-29 11:41:13 +01:00
|
|
|
|
2024-06-14 21:02:47 +02:00
|
|
|
vault01.dual = [
|
|
|
|
"radius" # FreeRADIUS
|
|
|
|
];
|
|
|
|
|
2024-03-29 11:41:13 +01:00
|
|
|
web01.dual = [
|
2024-02-23 13:44:16 +01:00
|
|
|
"*.wp" # Wordpress
|
|
|
|
"calendrier" # Metis
|
|
|
|
"netbox" # Netbox
|
|
|
|
"podcasts" # Castopod
|
|
|
|
"push" # Ntfy.sh
|
|
|
|
|
|
|
|
# Static websites
|
|
|
|
"eleves"
|
|
|
|
"migrated.rz"
|
|
|
|
"qr"
|
|
|
|
"retired"
|
|
|
|
"web-static"
|
|
|
|
|
2024-01-31 15:27:26 +01:00
|
|
|
# Linkal
|
|
|
|
"*.cal"
|
|
|
|
"cal"
|
|
|
|
"linkal"
|
2024-02-23 13:44:16 +01:00
|
|
|
|
2024-01-31 15:27:26 +01:00
|
|
|
# Crab Fit
|
|
|
|
"api.meet"
|
|
|
|
"meet"
|
2024-02-23 13:44:16 +01:00
|
|
|
"rdv" # C.f. loi Toubon
|
2024-01-31 15:27:26 +01:00
|
|
|
];
|
2024-07-02 18:04:46 +02:00
|
|
|
|
2024-07-07 13:10:58 +02:00
|
|
|
web02.dual = [
|
2024-10-17 23:02:54 +02:00
|
|
|
"cas-eleves" # CAS server
|
|
|
|
"chat" # Mattermost
|
|
|
|
"vote" # Kadenios
|
2024-07-07 13:10:58 +02:00
|
|
|
];
|
2024-10-16 11:24:10 +02:00
|
|
|
|
|
|
|
web03.dual = [
|
2024-10-22 13:55:30 +02:00
|
|
|
# Django Apps
|
|
|
|
"*.webapps"
|
|
|
|
"apps-webhook"
|
2024-10-16 11:24:10 +02:00
|
|
|
];
|
2024-01-31 15:27:26 +01:00
|
|
|
}
|
|
|
|
)
|
|
|
|
);
|
|
|
|
|
|
|
|
kurisuDKIM = [
|
|
|
|
{
|
|
|
|
selector = "kurisu";
|
|
|
|
k = "rsa";
|
|
|
|
s = [ "email" ];
|
|
|
|
p = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDa5KuK6ry+Ss2VsKL0FsDpoBlc7dcXZyp62fGqFJFJv4/GEivPWiwbr2o5oLKjQVI4kIYjIZsyQJFtI/Xcu4BrtDdBknb5WvCN8V9EvIMh3pfXOBLVx4oqw4BR7wF8Rw1J9xyfgsfK+m2n0M39XlMHH0Nuy6kU48jH9vYpZs17ZQIDAQAB";
|
|
|
|
}
|
|
|
|
];
|
|
|
|
in
|
|
|
|
|
|
|
|
{
|
2024-01-31 15:46:31 +01:00
|
|
|
SOA = {
|
|
|
|
nameServer = "ns01.dgnum.eu.";
|
|
|
|
adminEmail = "dns.dgnum.eu";
|
|
|
|
retry = 3600;
|
|
|
|
minimum = 300;
|
|
|
|
};
|
|
|
|
|
2024-01-31 15:27:26 +01:00
|
|
|
# Primary DNS servers
|
|
|
|
NS = [
|
|
|
|
"ns01.dgnum.eu." # ns-03.hubrecht.ovh
|
2024-01-31 20:17:08 +01:00
|
|
|
"ns02.dgnum.eu." # kurisu.lahfa.xyz
|
2024-01-31 15:27:26 +01:00
|
|
|
];
|
|
|
|
|
|
|
|
# dgnum.codeberg.pages
|
|
|
|
# ALIAS = [ "codeberg.page" ];
|
|
|
|
A = [ "217.197.91.145" ];
|
|
|
|
AAAA = [ "2001:67c:1401:20f0::1" ];
|
|
|
|
|
|
|
|
MX = map (ttl 3600) [ (mx.mx 10 "kurisu.lahfa.xyz.") ];
|
|
|
|
|
2024-02-23 14:16:07 +01:00
|
|
|
SRV = [
|
|
|
|
{
|
|
|
|
service = "autodiscover";
|
|
|
|
proto = "tcp";
|
|
|
|
port = 443;
|
|
|
|
target = "autoconfig.mail.lahfa.xyz.";
|
|
|
|
}
|
|
|
|
];
|
|
|
|
|
2024-01-31 15:27:26 +01:00
|
|
|
TXT = [
|
|
|
|
"dgnum.codeberg.page"
|
|
|
|
(spf.strict [ "a:kurisu.lahfa.xyz" ])
|
|
|
|
];
|
|
|
|
DMARC = [ { p = "none"; } ];
|
|
|
|
DKIM = kurisuDKIM;
|
|
|
|
|
|
|
|
subdomains =
|
|
|
|
hosted
|
|
|
|
// cnames
|
|
|
|
// {
|
|
|
|
ns01 = {
|
|
|
|
A = [ "51.178.27.125" ];
|
|
|
|
AAAA = [ "2001:41d0:305:2100::542c" ];
|
|
|
|
};
|
2024-01-31 20:17:08 +01:00
|
|
|
ns02 = {
|
|
|
|
A = [ "163.172.69.160" ];
|
|
|
|
AAAA = [ "2001:bc8:38ee::1" ];
|
|
|
|
};
|
2024-01-31 15:27:26 +01:00
|
|
|
}
|
|
|
|
// {
|
2024-02-23 12:20:12 +01:00
|
|
|
infra = {
|
2024-01-31 15:27:26 +01:00
|
|
|
MX = map (ttl 3600) [ (mx.mx 10 "kurisu.lahfa.xyz.") ];
|
|
|
|
|
|
|
|
TXT = [ (spf.strict [ "a:kurisu.lahfa.xyz" ]) ];
|
|
|
|
DMARC = [ { p = "none"; } ];
|
|
|
|
DKIM = kurisuDKIM;
|
2024-02-23 12:20:12 +01:00
|
|
|
|
2024-03-10 01:03:30 +01:00
|
|
|
subdomains = mapAttrs' (
|
|
|
|
host:
|
|
|
|
{ site, ... }:
|
2024-10-30 10:35:12 +01:00
|
|
|
let
|
|
|
|
net = meta.network.${host};
|
|
|
|
inherit (net.addresses) ipv4 ipv6;
|
|
|
|
in
|
|
|
|
nameValuePair "${host}.${site}" {
|
|
|
|
A = ipv4;
|
|
|
|
AAAA = ipv6;
|
|
|
|
subdomains = {
|
|
|
|
v4.A = ipv4;
|
|
|
|
v6.AAAA = ipv6;
|
|
|
|
private.A = optional (net.netbirdIp != null) net.netbirdIp;
|
|
|
|
};
|
|
|
|
}
|
2024-12-08 12:19:31 +01:00
|
|
|
) (filterAttrs (_: { nixpkgs, ... }: nixpkgs.system == "nixos") meta.nodes);
|
2024-01-31 15:27:26 +01:00
|
|
|
};
|
2024-12-07 11:05:45 +01:00
|
|
|
}
|
|
|
|
// {
|
|
|
|
lab = {
|
|
|
|
NS = [ "ns01.lab.dgnum.eu." ];
|
|
|
|
|
|
|
|
subdomains.ns01 = {
|
|
|
|
A = [ "45.13.104.26" ];
|
|
|
|
};
|
|
|
|
};
|
2024-01-31 15:27:26 +01:00
|
|
|
};
|
|
|
|
}
|