From 31e2387a25febd1be7e1b6ae3064b3164756de3b Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Wed, 31 Jan 2024 16:52:00 +0100 Subject: [PATCH] feat(dgn-dns): Remove module as the DNS will be hosted externally --- modules/dgn-dns/default.nix | 33 ---------- modules/dgn-dns/serial.nix | 1 - modules/dgn-dns/zones/_dgnum.eu.nix | 97 ----------------------------- modules/dgn-dns/zones/default.nix | 52 ---------------- 4 files changed, 183 deletions(-) delete mode 100644 modules/dgn-dns/default.nix delete mode 100644 modules/dgn-dns/serial.nix delete mode 100644 modules/dgn-dns/zones/_dgnum.eu.nix delete mode 100644 modules/dgn-dns/zones/default.nix diff --git a/modules/dgn-dns/default.nix b/modules/dgn-dns/default.nix deleted file mode 100644 index ee46589..0000000 --- a/modules/dgn-dns/default.nix +++ /dev/null @@ -1,33 +0,0 @@ -args@{ config, lib, meta, name, sources, ... }: - -let - inherit (lib) - mkEnableOption - mkIf; - - dns = import sources."dns.nix"; - - cfg = config.dgn-dns; -in - -{ - options.dgn-dns = { - enable = mkEnableOption "an authoritative dns service on this server."; - }; - - - config = mkIf cfg.enable { - services.nsd = { - enable = true; - - interfaces = meta.network.${name}.addresses.public; - - zones = import ./zones (args // { inherit dns; }); - }; - - networking.firewall = { - allowedTCPPorts = [ 53 ]; - allowedUDPPorts = [ 53 ]; - }; - }; -} diff --git a/modules/dgn-dns/serial.nix b/modules/dgn-dns/serial.nix deleted file mode 100644 index 40eaf9e..0000000 --- a/modules/dgn-dns/serial.nix +++ /dev/null @@ -1 +0,0 @@ -2024012101 \ No newline at end of file diff --git a/modules/dgn-dns/zones/_dgnum.eu.nix b/modules/dgn-dns/zones/_dgnum.eu.nix deleted file mode 100644 index 5382f66..0000000 --- a/modules/dgn-dns/zones/_dgnum.eu.nix +++ /dev/null @@ -1,97 +0,0 @@ -{ lib, meta, dns, ... }: - -let - inherit (lib.extra) - fuseAttrs - mapSingleFuse; - - inherit (dns.lib.combinators) - mx - spf - ttl; - - mkCNAME = host: { CNAME = [ host ]; }; - - mkRecord = host: - let net = meta.network.${host}; in - { - A = net.addresses.publicV4; - AAAA = net.addresses.publicV6; - }; - - mkNS = { A, AAAA, ... }: { inherit A AAAA; }; - - mkHosted = server: mapSingleFuse (_: mkCNAME "${server}.${meta.nodes.${server}.zone}.infra"); - - hosted = fuseAttrs (builtins.attrValues - (builtins.mapAttrs mkHosted { - compute01 = [ - "social" - ]; - - storage01 = [ - "cloud" - "git" - "s3" - "video" - ]; - - web01 = [ - "analytics" - "erp" - ]; - }) - ); - - infra.subdomains = builtins.mapAttrs - (_: nodes: { subdomains = mapSingleFuse mkRecord nodes; }) - meta.infra; - - kurisuDKIM = [{ - selector = "kurisu"; - k = "rsa"; - s = [ "email" ]; - p = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDa5KuK6ry+Ss2VsKL0FsDpoBlc7dcXZyp62fGqFJFJv4/GEivPWiwbr2o5oLKjQVI4kIYjIZsyQJFtI/Xcu4BrtDdBknb5WvCN8V9EvIMh3pfXOBLVx4oqw4BR7wF8Rw1J9xyfgsfK+m2n0M39XlMHH0Nuy6kU48jH9vYpZs17ZQIDAQAB"; - }]; -in - -{ - # Primary DNS servers - NS = [ - "ns01.dgnum.eu." - ]; - - # dgnum.codeberg.pages - # ALIAS = [ "codeberg.page" ]; - A = [ "217.197.91.145" ]; - AAAA = [ "2001:67c:1401:20f0::1" ]; - - MX = map (ttl 3600) [ - (mx.mx 10 "kurisu.lahfa.xyz.") - ]; - - TXT = [ - "dgnum.codeberg.page" - (spf.strict [ "a:kurisu.lahfa.xyz" ]) - ]; - DMARC = [{ p = "none"; }]; - DKIM = kurisuDKIM; - - subdomains = hosted // { - ns01 = mkNS infra.subdomains.par01.subdomains.compute01; - } // { - infra = infra // { - MX = map (ttl 3600) [ - (mx.mx 10 "kurisu.lahfa.xyz.") - ]; - - TXT = [ (spf.strict [ "a:kurisu.lahfa.xyz" ]) ]; - DMARC = [{ p = "none"; }]; - DKIM = kurisuDKIM; - }; - - dev.CNAME = [ "dev.pages.codeberg.page." ]; - irc.CNAME = [ "public.p.lahfa.xyz." ]; - webmail.CNAME = [ "kurisu.dual.lahfa.xyz." ]; - }; -} diff --git a/modules/dgn-dns/zones/default.nix b/modules/dgn-dns/zones/default.nix deleted file mode 100644 index e835896..0000000 --- a/modules/dgn-dns/zones/default.nix +++ /dev/null @@ -1,52 +0,0 @@ -args@{ lib, dns, ... }: - -let - inherit (lib.extra) - mapSingleFuse - mkRel - recursiveFuse; - - delegations = { - "dgnum.eu" = { - "ns-01.hubrecht.ovh." = [ "51.15.174.50" ]; - "ns-03.hubrecht.ovh." = [ "51.178.27.125" ]; - "kurisu.dual.lahfa.xyz." = [ ]; - }; - }; - - servedZones = [ - "dgnum.eu" - - # For reverse DNS - # "ip6.arpa" - ]; - - SOA = { - nameServer = "ns01.dgnum.eu."; - adminEmail = "dns.dgnum.eu"; - serial = import ../serial.nix; - retry = 3600; - minimum = 300; - }; - - mkZone = zone: - let - secondaryDNS = builtins.map - (ip: "${ip} NOKEY") - (builtins.concatLists (builtins.attrValues (delegations.${zone} or { }))); - in - { - data = - let attrs = import (mkRel ./. "_${zone}.nix") args; in - dns.lib.toString zone (recursiveFuse [ - { inherit SOA; } - attrs - { NS = attrs.NS ++ (builtins.attrNames (delegations.${zone} or { })); } - ]); - - provideXFR = secondaryDNS; - notify = secondaryDNS; - }; -in - -mapSingleFuse mkZone servedZones