feat(meta): Add dns config v0

2024-01-31 15:27:26 +01:00 · 2024-01-31 15:27:26 +01:00 · 1e254d5f27
commit 1e254d5f27
parent ef460753a8
2 changed files with 193 additions and 14 deletions
--- a/meta/default.nix
+++ b/meta/default.nix
@ -15,31 +15,48 @@ let
  #   node02 = zone01;
  #   node03 = zone02;
  # }
-  locations = builtins.foldl'
-    (a: loc: a // loc)
-    { }
-    (builtins.concatLists (builtins.attrValues (builtins.mapAttrs
-      (zone: builtins.map (n: { ${n} = zone; }))
-      infra)));
+  locations = builtins.foldl' (a: loc: a // loc) { } (
+    builtins.concatLists (
+      builtins.attrValues (builtins.mapAttrs (zone: builtins.map (n: { ${n} = zone; })) infra)
+    )
+  );

  ###
  # Add computed data about the nodes :
  # - zone
  # - deployment tags
  # - network information
-  mkNode = node: attrs: attrs // {
-    zone = locations.${node};
-    deployment = let old = attrs.deployment; in old // {
-      tags = (old.tags or [ ]) ++ [ "infra-${locations.${node}}" ];
-      targetHost = old.targetHost or (builtins.head network.${node}.addresses.public);
+  mkNode =
+    node: attrs:
+    attrs
+    // {
+      zone = locations.${node};
+      deployment =
+        let
+          old = attrs.deployment;
+        in
+        old
+        // {
+          tags = (old.tags or [ ]) ++ [ "infra-${locations.${node}}" ];
+          targetHost = old.targetHost or (builtins.head network.${node}.addresses.public);
+        };
    };
-  };

  infra = import ./infrastructure.nix;
  members = import ./members.nix;
  network = import ./network.nix;

  nodes = builtins.mapAttrs mkNode (import ./nodes.nix);
-in

-{ inherit infra members network nodes; }
+  meta = {
+    inherit
+      infra
+      members
+      network
+      nodes
+      ;
+  };
+
+  dns = args: import ./dns.nix (args // { inherit meta; });
+in
+meta // { inherit dns; }
--- a/meta/dns.nix
+++ b/meta/dns.nix
@ -0,0 +1,162 @@
+{
+  lib,
+  meta,
+  dns,
+  ...
+}:
+
+let
+  inherit (lib.extra) fuseAttrs mapSingleFuse;
+
+  inherit (dns.lib.combinators) mx spf ttl;
+
+  mkCNAME = host: { CNAME = [ host ]; };
+
+  mkRecord =
+    host:
+    let
+      net = meta.network.${host};
+    in
+    {
+      A = net.addresses.publicV4;
+      AAAA = net.addresses.publicV6;
+    };
+
+  mkHosted = server: mapSingleFuse (_: mkCNAME "${server}.${meta.nodes.${server}.zone}.infra");
+
+  cnames = builtins.mapAttrs (_: to: { CNAME = [ to ]; }) {
+    dev = "dev.pages.codeberg.page.";
+    irc = "public.p.lahfa.xyz.";
+    webmail = "kurisu.dual.lahfa.xyz.";
+
+    "*.cal" = "cal.dgnum.eu.";
+  };
+
+  hosted = fuseAttrs (
+    builtins.attrValues (
+      builtins.mapAttrs mkHosted {
+        compute01 = [
+          # Nextcloud
+          "cloud"
+          # Collabora Online
+          "code"
+          # Démarches Normaliennes
+          "demarches"
+          # Outline
+          "docs"
+          # Hedgedoc
+          "pads"
+          # Vaultwarden
+          "pass"
+          # Mastodon
+          "social"
+          # R Studio
+          "rstudio"
+          # Satosa
+          "saml-idp"
+          # Kanidm
+          "sso"
+          # Support
+          "support"
+        ];
+
+        storage01 = [
+          # Attic
+          "cachix"
+          # Forgejo
+          "git"
+          # Netbird
+          "netbird"
+          # Garage S3
+          "cdn"
+          "s3"
+          "*.cdn"
+          "*.s3"
+          # Peertube
+          "video"
+        ];
+
+        web01 = [
+          # Plausible Analytics
+          "analytics"
+          # Linkal
+          "*.cal"
+          "cal"
+          "linkal"
+          # Metis
+          "calendrier"
+          # Static websites
+          "retired"
+          "eleves"
+          "qr"
+          "retired"
+          # Crab Fit
+          "api.meet"
+          "meet"
+          # ???
+          "erp"
+          # Castopod
+          "podcasts"
+          # Ntfy.sh
+          "push"
+          # Wordpress
+          "*.wp"
+        ];
+      }
+    )
+  );
+
+  infra.subdomains =
+    builtins.mapAttrs (_: nodes: { subdomains = mapSingleFuse mkRecord nodes; })
+      meta.infra;
+
+  kurisuDKIM = [
+    {
+      selector = "kurisu";
+      k = "rsa";
+      s = [ "email" ];
+      p = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDa5KuK6ry+Ss2VsKL0FsDpoBlc7dcXZyp62fGqFJFJv4/GEivPWiwbr2o5oLKjQVI4kIYjIZsyQJFtI/Xcu4BrtDdBknb5WvCN8V9EvIMh3pfXOBLVx4oqw4BR7wF8Rw1J9xyfgsfK+m2n0M39XlMHH0Nuy6kU48jH9vYpZs17ZQIDAQAB";
+    }
+  ];
+in
+
+{
+  # Primary DNS servers
+  NS = [
+    "ns01.dgnum.eu." # ns-03.hubrecht.ovh
+    "ns02.dgnum.eu."
+  ];
+
+  # dgnum.codeberg.pages
+  # ALIAS = [ "codeberg.page" ];
+  A = [ "217.197.91.145" ];
+  AAAA = [ "2001:67c:1401:20f0::1" ];
+
+  MX = map (ttl 3600) [ (mx.mx 10 "kurisu.lahfa.xyz.") ];
+
+  TXT = [
+    "dgnum.codeberg.page"
+    (spf.strict [ "a:kurisu.lahfa.xyz" ])
+  ];
+  DMARC = [ { p = "none"; } ];
+  DKIM = kurisuDKIM;
+
+  subdomains =
+    hosted
+    // cnames
+    // {
+      ns01 = {
+        A = [ "51.178.27.125" ];
+        AAAA = [ "2001:41d0:305:2100::542c" ];
+      };
+    }
+    // {
+      infra = infra // {
+        MX = map (ttl 3600) [ (mx.mx 10 "kurisu.lahfa.xyz.") ];
+
+        TXT = [ (spf.strict [ "a:kurisu.lahfa.xyz" ]) ];
+        DMARC = [ { p = "none"; } ];
+        DKIM = kurisuDKIM;
+      };
+    };
+}