infrastructure/meta/dns.nix

173 lines
3.6 KiB
Nix
Raw Normal View History

2024-02-23 12:20:12 +01:00
{ lib, dns, ... }:
2024-01-31 15:27:26 +01:00
let
2024-02-23 12:20:12 +01:00
inherit (lib) mapAttrs' nameValuePair;
2024-01-31 15:27:26 +01:00
inherit (lib.extra) fuseAttrs mapSingleFuse;
inherit (dns.lib.combinators) mx spf ttl;
2024-02-23 12:20:12 +01:00
meta = (import ./.) lib;
2024-02-23 10:50:50 +01:00
2024-01-31 15:27:26 +01:00
mkCNAME = host: { CNAME = [ host ]; };
2024-02-23 12:20:12 +01:00
mkHosted = server: mapSingleFuse (_: mkCNAME "${server}.${meta.nodes.${server}.site}.infra");
2024-01-31 15:27:26 +01:00
cnames = builtins.mapAttrs (_: to: { CNAME = [ to ]; }) {
2024-02-23 12:20:12 +01:00
"dev" = "dev.pages.codeberg.page.";
"irc" = "public.p.lahfa.xyz.";
"webmail" = "kurisu.dual.lahfa.xyz.";
2024-01-31 15:27:26 +01:00
"*.cal" = "cal.dgnum.eu.";
2024-02-01 13:35:40 +01:00
"retired" = "web-static";
"eleves" = "web-static";
"qr" = "web-static";
2024-01-31 15:27:26 +01:00
};
hosted = fuseAttrs (
builtins.attrValues (
builtins.mapAttrs mkHosted {
compute01 = [
# Nextcloud
"cloud"
# Collabora Online
"code"
# Démarches Normaliennes
"demarches"
# Outline
"docs"
# Hedgedoc
"pads"
# Vaultwarden
"pass"
# Mastodon
"social"
# R Studio
"rstudio"
# Satosa
"saml-idp"
# Kanidm
"sso"
# Support
"support"
];
storage01 = [
# Attic
"cachix"
# Forgejo
"git"
# Netbird
"netbird"
# Garage S3
"cdn"
"s3"
"*.cdn"
"*.s3"
# Peertube
2024-02-01 13:35:40 +01:00
"videos"
2024-01-31 15:27:26 +01:00
];
web01 = [
# Plausible Analytics
"analytics"
# Linkal
"*.cal"
"cal"
"linkal"
# Metis
"calendrier"
# Static websites
2024-02-01 13:35:40 +01:00
"web-static"
2024-01-31 15:27:26 +01:00
# Crab Fit
"api.meet"
"meet"
# ???
"erp"
# Castopod
"podcasts"
# Ntfy.sh
"push"
# Wordpress
"*.wp"
];
}
)
);
kurisuDKIM = [
{
selector = "kurisu";
k = "rsa";
s = [ "email" ];
p = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDa5KuK6ry+Ss2VsKL0FsDpoBlc7dcXZyp62fGqFJFJv4/GEivPWiwbr2o5oLKjQVI4kIYjIZsyQJFtI/Xcu4BrtDdBknb5WvCN8V9EvIMh3pfXOBLVx4oqw4BR7wF8Rw1J9xyfgsfK+m2n0M39XlMHH0Nuy6kU48jH9vYpZs17ZQIDAQAB";
}
];
in
{
2024-01-31 15:46:31 +01:00
SOA = {
nameServer = "ns01.dgnum.eu.";
adminEmail = "dns.dgnum.eu";
retry = 3600;
minimum = 300;
};
2024-01-31 15:27:26 +01:00
# Primary DNS servers
NS = [
"ns01.dgnum.eu." # ns-03.hubrecht.ovh
"ns02.dgnum.eu." # kurisu.lahfa.xyz
2024-01-31 15:27:26 +01:00
];
# dgnum.codeberg.pages
# ALIAS = [ "codeberg.page" ];
A = [ "217.197.91.145" ];
AAAA = [ "2001:67c:1401:20f0::1" ];
MX = map (ttl 3600) [ (mx.mx 10 "kurisu.lahfa.xyz.") ];
TXT = [
"dgnum.codeberg.page"
(spf.strict [ "a:kurisu.lahfa.xyz" ])
];
DMARC = [ { p = "none"; } ];
DKIM = kurisuDKIM;
subdomains =
hosted
// cnames
// {
ns01 = {
A = [ "51.178.27.125" ];
AAAA = [ "2001:41d0:305:2100::542c" ];
};
ns02 = {
A = [ "163.172.69.160" ];
AAAA = [ "2001:bc8:38ee::1" ];
};
2024-01-31 15:27:26 +01:00
}
// {
2024-02-23 12:20:12 +01:00
infra = {
2024-01-31 15:27:26 +01:00
MX = map (ttl 3600) [ (mx.mx 10 "kurisu.lahfa.xyz.") ];
TXT = [ (spf.strict [ "a:kurisu.lahfa.xyz" ]) ];
DMARC = [ { p = "none"; } ];
DKIM = kurisuDKIM;
2024-02-23 12:20:12 +01:00
subdomains =
mapAttrs'
(
host:
{ site, ... }:
nameValuePair "${host}.${site}" (
with meta.network.${host}.addresses;
{
A = ipv4;
AAAA = ipv6;
}
)
)
meta.nodes;
2024-01-31 15:27:26 +01:00
};
};
}