{ lib, meta, dns, ... }: let inherit (lib.extra) fuseAttrs mapSingleFuse; inherit (dns.lib.combinators) mx spf ttl; mkCNAME = host: { CNAME = [ host ]; }; mkRecord = host: let net = meta.network.${host}; in { A = net.addresses.publicV4; AAAA = net.addresses.publicV6; }; mkHosted = server: mapSingleFuse (_: mkCNAME "${server}.${meta.nodes.${server}.zone}.infra"); cnames = builtins.mapAttrs (_: to: { CNAME = [ to ]; }) { dev = "dev.pages.codeberg.page."; irc = "public.p.lahfa.xyz."; webmail = "kurisu.dual.lahfa.xyz."; "*.cal" = "cal.dgnum.eu."; }; hosted = fuseAttrs ( builtins.attrValues ( builtins.mapAttrs mkHosted { compute01 = [ # Nextcloud "cloud" # Collabora Online "code" # Démarches Normaliennes "demarches" # Outline "docs" # Hedgedoc "pads" # Vaultwarden "pass" # Mastodon "social" # R Studio "rstudio" # Satosa "saml-idp" # Kanidm "sso" # Support "support" ]; storage01 = [ # Attic "cachix" # Forgejo "git" # Netbird "netbird" # Garage S3 "cdn" "s3" "*.cdn" "*.s3" # Peertube "video" ]; web01 = [ # Plausible Analytics "analytics" # Linkal "*.cal" "cal" "linkal" # Metis "calendrier" # Static websites "retired" "eleves" "qr" "retired" # Crab Fit "api.meet" "meet" # ??? "erp" # Castopod "podcasts" # Ntfy.sh "push" # Wordpress "*.wp" ]; } ) ); infra.subdomains = builtins.mapAttrs (_: nodes: { subdomains = mapSingleFuse mkRecord nodes; }) meta.infra; kurisuDKIM = [ { selector = "kurisu"; k = "rsa"; s = [ "email" ]; p = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDa5KuK6ry+Ss2VsKL0FsDpoBlc7dcXZyp62fGqFJFJv4/GEivPWiwbr2o5oLKjQVI4kIYjIZsyQJFtI/Xcu4BrtDdBknb5WvCN8V9EvIMh3pfXOBLVx4oqw4BR7wF8Rw1J9xyfgsfK+m2n0M39XlMHH0Nuy6kU48jH9vYpZs17ZQIDAQAB"; } ]; in { SOA = { nameServer = "ns01.dgnum.eu."; adminEmail = "dns.dgnum.eu"; retry = 3600; minimum = 300; }; # Primary DNS servers NS = [ "ns01.dgnum.eu." # ns-03.hubrecht.ovh "ns02.dgnum.eu." ]; # dgnum.codeberg.pages # ALIAS = [ "codeberg.page" ]; A = [ "217.197.91.145" ]; AAAA = [ "2001:67c:1401:20f0::1" ]; MX = map (ttl 3600) [ (mx.mx 10 "kurisu.lahfa.xyz.") ]; TXT = [ "dgnum.codeberg.page" (spf.strict [ "a:kurisu.lahfa.xyz" ]) ]; DMARC = [ { p = "none"; } ]; DKIM = kurisuDKIM; subdomains = hosted // cnames // { ns01 = { A = [ "51.178.27.125" ]; AAAA = [ "2001:41d0:305:2100::542c" ]; }; } // { infra = infra // { MX = map (ttl 3600) [ (mx.mx 10 "kurisu.lahfa.xyz.") ]; TXT = [ (spf.strict [ "a:kurisu.lahfa.xyz" ]) ]; DMARC = [ { p = "none"; } ]; DKIM = kurisuDKIM; }; }; }