lbailly/infrastructure
1
0
Fork 0
forked from DGNum/infrastructure
Code Pull requests Activity

feat(dgn-dns): Remove module as the DNS will be hosted externally

Browse source
This commit is contained in:
Tom Hubrecht 2024-01-31 16:52:00 +01:00
parent 3c8e3f39fc
commit 31e2387a25
4 changed files with 0 additions and 183 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
modules/dgn-dns/default.nix
View file

@ -1,33 +0,0 @@
args@{ config, lib, meta, name, sources, ... }:
let
inherit (lib)
mkEnableOption
mkIf;
dns = import sources."dns.nix";
cfg = config.dgn-dns;
in
{
options.dgn-dns = {
enable = mkEnableOption "an authoritative dns service on this server.";
};
config = mkIf cfg.enable {
services.nsd = {
enable = true;
interfaces = meta.network.${name}.addresses.public;
zones = import ./zones (args // { inherit dns; });
};
networking.firewall = {
allowedTCPPorts = [ 53 ];
allowedUDPPorts = [ 53 ];
};
};
}

1
modules/dgn-dns/serial.nix
View file

@ -1 +0,0 @@
2024012101

97
modules/dgn-dns/zones/_dgnum.eu.nix
View file

@ -1,97 +0,0 @@
{ lib, meta, dns, ... }:
let
inherit (lib.extra)
fuseAttrs
mapSingleFuse;
inherit (dns.lib.combinators)
mx
spf
ttl;
mkCNAME = host: { CNAME = [ host ]; };
mkRecord = host:
let net = meta.network.${host}; in
{
A = net.addresses.publicV4;
AAAA = net.addresses.publicV6;
};
mkNS = { A, AAAA, ... }: { inherit A AAAA; };
mkHosted = server: mapSingleFuse (_: mkCNAME "${server}.${meta.nodes.${server}.zone}.infra");
hosted = fuseAttrs (builtins.attrValues
(builtins.mapAttrs mkHosted {
compute01 = [
"social"
];
storage01 = [
"cloud"
"git"
"s3"
"video"
];
web01 = [
"analytics"
"erp"
];
})
);
infra.subdomains = builtins.mapAttrs
(_: nodes: { subdomains = mapSingleFuse mkRecord nodes; })
meta.infra;
kurisuDKIM = [{
selector = "kurisu";
k = "rsa";
s = [ "email" ];
p = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDa5KuK6ry+Ss2VsKL0FsDpoBlc7dcXZyp62fGqFJFJv4/GEivPWiwbr2o5oLKjQVI4kIYjIZsyQJFtI/Xcu4BrtDdBknb5WvCN8V9EvIMh3pfXOBLVx4oqw4BR7wF8Rw1J9xyfgsfK+m2n0M39XlMHH0Nuy6kU48jH9vYpZs17ZQIDAQAB";
}];
in
{
# Primary DNS servers
NS = [
"ns01.dgnum.eu."
];
# dgnum.codeberg.pages
# ALIAS = [ "codeberg.page" ];
A = [ "217.197.91.145" ];
AAAA = [ "2001:67c:1401:20f0::1" ];
MX = map (ttl 3600) [
(mx.mx 10 "kurisu.lahfa.xyz.")
];
TXT = [
"dgnum.codeberg.page"
(spf.strict [ "a:kurisu.lahfa.xyz" ])
];
DMARC = [{ p = "none"; }];
DKIM = kurisuDKIM;
subdomains = hosted // {
ns01 = mkNS infra.subdomains.par01.subdomains.compute01;
} // {
infra = infra // {
MX = map (ttl 3600) [
(mx.mx 10 "kurisu.lahfa.xyz.")
];
TXT = [ (spf.strict [ "a:kurisu.lahfa.xyz" ]) ];
DMARC = [{ p = "none"; }];
DKIM = kurisuDKIM;
};
dev.CNAME = [ "dev.pages.codeberg.page." ];
irc.CNAME = [ "public.p.lahfa.xyz." ];
webmail.CNAME = [ "kurisu.dual.lahfa.xyz." ];
};
}

52
modules/dgn-dns/zones/default.nix
View file

@ -1,52 +0,0 @@
args@{ lib, dns, ... }:
let
inherit (lib.extra)
mapSingleFuse
mkRel
recursiveFuse;
delegations = {
"dgnum.eu" = {
"ns-01.hubrecht.ovh." = [ "51.15.174.50" ];
"ns-03.hubrecht.ovh." = [ "51.178.27.125" ];
"kurisu.dual.lahfa.xyz." = [ ];
};
};
servedZones = [
"dgnum.eu"
# For reverse DNS
# "ip6.arpa"
];
SOA = {
nameServer = "ns01.dgnum.eu.";
adminEmail = "dns.dgnum.eu";
serial = import ../serial.nix;
retry = 3600;
minimum = 300;
};
mkZone = zone:
let
secondaryDNS = builtins.map
(ip: "${ip} NOKEY")
(builtins.concatLists (builtins.attrValues (delegations.${zone} or { })));
in
{
data =
let attrs = import (mkRel ./. "_${zone}.nix") args; in
dns.lib.toString zone (recursiveFuse [
{ inherit SOA; }
attrs
{ NS = attrs.NS ++ (builtins.attrNames (delegations.${zone} or { })); }
]);
provideXFR = secondaryDNS;
notify = secondaryDNS;
};
in
mapSingleFuse mkZone servedZones