{ lib, dns, ... }: let inherit (lib) mapAttrs' nameValuePair; inherit (lib.extra) fuseAttrs mapSingleFuse; inherit (dns.lib.combinators) mx spf ttl; meta = (import ./.) lib; mkCNAME = host: { CNAME = [ host ]; }; mkHosted = server: mapSingleFuse (_: mkCNAME "${server}.${meta.nodes.${server}.site}.infra"); cnames = builtins.mapAttrs (_: to: { CNAME = [ to ]; }) { "dev" = "dev.pages.codeberg.page."; "irc" = "public.p.lahfa.xyz."; "webmail" = "kurisu.dual.lahfa.xyz."; "*.cal" = "cal.dgnum.eu."; "retired" = "web-static"; "eleves" = "web-static"; "qr" = "web-static"; }; hosted = fuseAttrs ( builtins.attrValues ( builtins.mapAttrs mkHosted { compute01 = [ # Nextcloud "cloud" # Collabora Online "code" # Démarches Normaliennes "demarches" # Outline "docs" # Hedgedoc "pads" # Vaultwarden "pass" # Mastodon "social" # R Studio "rstudio" # Satosa "saml-idp" # Kanidm "sso" # Support "support" ]; storage01 = [ # Attic "cachix" # Forgejo "git" # Netbird "netbird" # Garage S3 "cdn" "s3" "*.cdn" "*.s3" # Peertube "videos" ]; web01 = [ # Plausible Analytics "analytics" # Linkal "*.cal" "cal" "linkal" # Metis "calendrier" # Static websites "web-static" # Crab Fit "api.meet" "meet" # ??? "erp" # Castopod "podcasts" # Ntfy.sh "push" # Wordpress "*.wp" ]; } ) ); kurisuDKIM = [ { selector = "kurisu"; k = "rsa"; s = [ "email" ]; p = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDa5KuK6ry+Ss2VsKL0FsDpoBlc7dcXZyp62fGqFJFJv4/GEivPWiwbr2o5oLKjQVI4kIYjIZsyQJFtI/Xcu4BrtDdBknb5WvCN8V9EvIMh3pfXOBLVx4oqw4BR7wF8Rw1J9xyfgsfK+m2n0M39XlMHH0Nuy6kU48jH9vYpZs17ZQIDAQAB"; } ]; in { SOA = { nameServer = "ns01.dgnum.eu."; adminEmail = "dns.dgnum.eu"; retry = 3600; minimum = 300; }; # Primary DNS servers NS = [ "ns01.dgnum.eu." # ns-03.hubrecht.ovh "ns02.dgnum.eu." # kurisu.lahfa.xyz ]; # dgnum.codeberg.pages # ALIAS = [ "codeberg.page" ]; A = [ "217.197.91.145" ]; AAAA = [ "2001:67c:1401:20f0::1" ]; MX = map (ttl 3600) [ (mx.mx 10 "kurisu.lahfa.xyz.") ]; TXT = [ "dgnum.codeberg.page" (spf.strict [ "a:kurisu.lahfa.xyz" ]) ]; DMARC = [ { p = "none"; } ]; DKIM = kurisuDKIM; subdomains = hosted // cnames // { ns01 = { A = [ "51.178.27.125" ]; AAAA = [ "2001:41d0:305:2100::542c" ]; }; ns02 = { A = [ "163.172.69.160" ]; AAAA = [ "2001:bc8:38ee::1" ]; }; } // { infra = { MX = map (ttl 3600) [ (mx.mx 10 "kurisu.lahfa.xyz.") ]; TXT = [ (spf.strict [ "a:kurisu.lahfa.xyz" ]) ]; DMARC = [ { p = "none"; } ]; DKIM = kurisuDKIM; subdomains = mapAttrs' ( host: { site, ... }: nameValuePair "${host}.${site}" ( with meta.network.${host}.addresses; { A = ipv4; AAAA = ipv6; } ) ) meta.nodes; }; }; }