commit 1b3e77bd7c82f1a86a1f6d31dfc18e8c96e4007d
parent cf5d29df462dba5e48754f9c4bbaf49f456518cc
Author: Leah (ctucx) <leah@ctu.cx>
Date: Sun, 1 May 2022 19:31:16 +0200
parent cf5d29df462dba5e48754f9c4bbaf49f456518cc
Author: Leah (ctucx) <leah@ctu.cx>
Date: Sun, 1 May 2022 19:31:16 +0200
services/bind: add dns-zones
10 files changed, 220 insertions(+), 43 deletions(-)
A
|
98
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
diff --git a/configurations/services/bind.nix b/configurations/services/bind.nix @@ -1,42 +0,0 @@ -{config, lib, pkgs, ...}: - -let - dns-zones = pkgs.fetchgit { - url = "https://cgit.ctu.cx/dns-zones"; - rev = "c41b1a88d6b3890991709d9eadd28bbf56aecda0"; - sha256 = "0ri4hk24pgbimf4p67il2ap8yxlpdxjyb927ar8wmi9amcvnwr1d"; - }; - -in { - - services.bind = { - enable = true; - zones = { - "ctu.cx" = { - file = "${dns-zones}/ctu.cx.zone"; - master = true; - }; - "ctucx.de" = { - file = "${dns-zones}/ctucx.de.zone"; - master = true; - }; - "thein.ovh" = { - file = "${dns-zones}/thein.ovh.zone"; - master = true; - }; - "oeffisear.ch" = { - file = "${dns-zones}/oeffisear.ch.zone"; - master = true; - }; - "trans-agenda.de" = { - file = "${dns-zones}/trans-agenda.de.zone"; - master = true; - }; - }; - }; - - networking.firewall = { - allowedTCPPorts = [ 53 ]; - allowedUDPPorts = [ 53 ]; - }; -}
diff --git a/configurations/services/bind/default.nix b/configurations/services/bind/default.nix @@ -0,0 +1,38 @@ +{config, lib, pkgs, ...}: + +let + dns-zones = ./dns-zones; + +in { + + services.bind = { + enable = true; + zones = { + "ctu.cx" = { + file = "${dns-zones}/ctu.cx.zone"; + master = true; + }; + "ctucx.de" = { + file = "${dns-zones}/ctucx.de.zone"; + master = true; + }; + "thein.ovh" = { + file = "${dns-zones}/thein.ovh.zone"; + master = true; + }; + "oeffisear.ch" = { + file = "${dns-zones}/oeffisear.ch.zone"; + master = true; + }; + "trans-agenda.de" = { + file = "${dns-zones}/trans-agenda.de.zone"; + master = true; + }; + }; + }; + + networking.firewall = { + allowedTCPPorts = [ 53 ]; + allowedUDPPorts = [ 53 ]; + }; +}
diff --git a/configurations/services/bind/dns-zones/antifa.jetzt.zone b/configurations/services/bind/dns-zones/antifa.jetzt.zone @@ -0,0 +1,18 @@ +@ IN SOA ns1.ctu.cx. antifa.jetzt (2205011734 7200 900 1209600 86400) +@ IN NS ns1.ctu.cx. +@ IN NS ns2.ctu.cx. + +@ 3600 IN A 185.232.70.80 +@ 3600 IN AAAA 2a03:4000:4e:af1::1 + +* 3600 IN A 185.232.70.80 +* 3600 IN AAAA 2a03:4000:4e:af1::1 + +_imaps._tcp 3600 IN SRV 0 1 993 osterei.ctu.cx. +_submission._tcp 3600 IN SRV 0 1 587 osterei.ctu.cx. + +@ 3600 IN MX 10 osterei.ctu.cx. +@ 3600 IN TXT "v=spf1 a mx ip4:185.232.70.80 +ip6:2a03:4000:4e:af1::1 ~all" + +_dmarc 3600 IN TXT "v=DMARC1; p=reject; pct=100; adkim=s; aspf=s" +default._domainkey 3600 IN TXT "v=DKIM1; k=ed25519; p=9iVaUr6DbUKcowyZCpN/LfFOei0JX4s4+qZ7zbIFTj0="
diff --git a/configurations/services/bind/dns-zones/ctu.cx.zone b/configurations/services/bind/dns-zones/ctu.cx.zone @@ -0,0 +1,98 @@ +@ IN SOA ns1.ctu.cx. ctu.cx (2205011734 7200 900 1209600 86400) +@ IN NS ns1.ctu.cx. +@ IN NS ns2.ctu.cx. +home 3600 IN NS home.ctu.cx. + +@ 3600 IN A 185.232.70.80 +@ 3600 IN AAAA 2a03:4000:4e:af1::1 + +@ 3600 IN MX 10 osterei.ctu.cx. +@ 3600 IN TXT "v=spf1 a mx ip4:185.232.70.80 +ip6:2a03:4000:4e:af1::1 ~all" +_dmarc 3600 IN TXT "v=DMARC1; p=none" +default._domainkey 3600 IN TXT "v=DKIM1; k=ed25519; p=nWRKCHE19fL1RHJ2cVkC8Xvfzm9OtgeF5VC2lD+EaEo=" + +ns1 3600 IN A 185.232.70.80 +ns1 3600 IN AAAA 2a03:4000:4e:af1::1 +ns2 3600 IN A 46.38.253.139 +ns2 3600 IN AAAA 2a03:4000:1:45d::1 + +wanderduene 3600 IN A 46.38.253.139 +wanderduene 3600 IN AAAA 2a03:4000:1:45d::1 + +taurus 3600 IN A 37.221.196.131 +taurus 3600 IN AAAA 2a03:4000:9:f8::1 + +osterei 3600 IN A 185.232.70.80 +osterei 3600 IN AAAA 2a03:4000:4e:af1::1 + +lollo 3600 IN A 195.39.246.41 +lollo 3600 IN AAAA 2a0f:4ac0:acab::1 +home 3600 IN A 195.39.246.41 +home 3600 IN AAAA 2a0f:4ac0:acab::1 + +stasicontainer 3600 IN A 195.39.246.42 +stasicontainer 3600 IN AAAA 2a0f:4ac0:acab:1234::42 + +coladose 3600 IN A 195.39.246.43 +coladose 3600 IN AAAA 2a0f:4ac0:acab:1234::43 + +hector 3600 IN AAAA 2a01:4f9:6b:2d99:2829:acab::1 + +desastro 3600 IN CNAME desastro.wolfsburg.petabyte.dev. + +48-247-39-195.wireguard 3600 IN A 195.39.247.48 +49-247-39-195.wireguard 3600 IN A 195.39.247.49 +50-247-39-195.wireguard 3600 IN A 195.39.247.50 +51-247-39-195.wireguard 3600 IN A 195.39.247.51 +52-247-39-195.wireguard 3600 IN A 195.39.247.52 +53-247-39-195.wireguard 3600 IN A 195.39.247.53 +54-247-39-195.wireguard 3600 IN A 195.39.247.54 +55-247-39-195.wireguard 3600 IN A 195.39.247.55 + +32-246-39-195.dynamic 3600 IN A 195.39.246.32 +33-246-39-195.dynamic 3600 IN A 195.39.246.32 +34-246-39-195.dynamic 3600 IN A 195.39.246.33 +35-246-39-195.dynamic 3600 IN A 195.39.246.35 +36-246-39-195.dynamic 3600 IN A 195.39.246.36 +37-246-39-195.dynamic 3600 IN A 195.39.246.37 +38-246-39-195.dynamic 3600 IN A 195.39.246.38 +39-246-39-195.dynamic 3600 IN A 195.39.246.39 +40-246-39-195.dynamic 3600 IN A 195.39.246.40 +41-246-39-195.dynamic 3600 IN A 195.39.246.41 +42-246-39-195.dynamic 3600 IN A 195.39.246.42 +43-246-39-195.dynamic 3600 IN A 195.39.246.43 +44-246-39-195.dynamic 3600 IN A 195.39.246.44 +45-246-39-195.dynamic 3600 IN A 195.39.246.45 +46-246-39-195.dynamic 3600 IN A 195.39.246.46 +47-246-39-195.dynamic 3600 IN A 195.39.246.47 + +frp 3600 IN CNAME osterei.ctu.cx. +*.frp 3600 IN CNAME osterei.ctu.cx. + +prometheus 3600 IN CNAME osterei.ctu.cx. +grafana 3600 IN CNAME osterei.ctu.cx. +webmail 3600 IN CNAME osterei.ctu.cx. +fbexporter 3600 IN CNAME osterei.ctu.cx. +dav 3600 IN CNAME osterei.ctu.cx. +cgit 3600 IN CNAME osterei.ctu.cx. +oeffi 3600 In CNAME osterei.ctu.cx. +pleroma 3600 IN CNAME osterei.ctu.cx. +matrix 3600 IN CNAME osterei.ctu.cx. +restic 3600 IN CNAME desastro.ctu.cx. +photos 3600 IN CNAME osterei.ctu.cx. + +syncthing.taurus 3600 IN CNAME taurus.ctu.cx. +syncthing.lollo 3600 IN CNAME lollo.ctu.cx. +syncthing.joguhrtbecher 3600 IN CNAME joguhrtbecher.ctu.cx. +syncthing.desastro 3600 IN CNAME desastro.ctu.cx. +syncthing.osterei 3600 IN CNAME osterei.ctu.cx. +syncthing.hector 3600 IN CNAME hector.ctu.cx. + +restic.desastro 3600 IN CNAME desastro.ctu.cx. +restic.lollo 3600 IN CNAME lollo.ctu.cx. +restic.hector 3600 IN CNAME hector.ctu.cx. + +;_matrix._tcp 3600 IN SRV 10 0 443 matrix.ctu.cx. +_imaps._tcp 3600 IN SRV 10 0 993 osterei.ctu.cx. +_imap._tcp 3600 IN SRV 10 0 143 osterei.ctu.cx. +_submission._tcp 3600 IN SRV 10 0 587 osterei.ctu.cx.
diff --git a/configurations/services/bind/dns-zones/ctucx.de.zone b/configurations/services/bind/dns-zones/ctucx.de.zone @@ -0,0 +1,14 @@ +@ IN SOA ns1.ctu.cx. ctucx.de (2205011734 7200 900 1209600 86400) +@ IN NS ns1.ctu.cx. +@ IN NS ns2.ctu.cx. + +@ 3600 IN A 185.232.70.80 +@ 3600 IN AAAA 2a03:4000:4e:af1::1 + +* 3600 IN A 185.232.70.80 +* 3600 IN AAAA 2a03:4000:4e:af1::1 + +@ 3600 IN MX 10 osterei.ctu.cx. +@ 3600 IN TXT "v=spf1 a mx ip4:185.232.70.80 +ip6:2a03:4000:4e:af1::1 ~all" +_dmarc 3600 IN TXT "v=DMARC1; p=none" +mail._domainkey 3600 IN TXT "v=DKIM1; k=ed25519; p=U9JMZlv7BpLXGIpO7WdJ/7ephxwJtJ02jaVUUadyP9s="
diff --git a/configurations/services/bind/dns-zones/oeffisear.ch.zone b/configurations/services/bind/dns-zones/oeffisear.ch.zone @@ -0,0 +1,13 @@ +@ IN SOA ns1.ctu.cx. ctu.cx (2205011734 7200 900 1209600 86400) +@ IN NS ns1.ctu.cx. +@ IN NS ns2.ctu.cx. + +@ 3600 IN A 185.232.70.80 +@ 3600 IN AAAA 2a03:4000:4e:af1::1 + +* 3600 IN A 185.232.70.80 +* 3600 IN AAAA 2a03:4000:4e:af1::1 + +@ 3600 IN MX 10 osterei.ctu.cx. +@ 3600 IN TXT "v=spf1 a mx ip4:185.232.70.80 +ip6:2a03:4000:4e:af1::1 ~all" +_dmarc 3600 IN TXT "v=DMARC1; p=none"
diff --git a/configurations/services/bind/dns-zones/thein.ovh.zone b/configurations/services/bind/dns-zones/thein.ovh.zone @@ -0,0 +1,14 @@ +@ IN SOA ns1.ctu.cx. thein.ovh (2205011734 7200 900 1209600 86400) +@ IN NS ns1.ctu.cx. +@ IN NS ns2.ctu.cx. + +@ 3600 IN A 185.232.70.80 +@ 3600 IN AAAA 2a03:4000:4e:af1::1 + +* 3600 IN A 185.232.70.80 +* 3600 IN AAAA 2a03:4000:4e:af1::1 + +@ 3600 IN MX 10 osterei.ctu.cx. +@ 3600 IN TXT "v=spf1 a mx ip4:185.232.70.80 +ip6:2a03:4000:4e:af1::1 ~all" +dmarc 3600 IN TXT "v=DMARC1; p=none" +default._domainkey 3600 IN TXT "v=DKIM1; k=ed25519; p=KYkebiXYSc/+7Rtdz/ZZFRAXAsQnyLPYA6r2uboh5oc="
diff --git a/configurations/services/bind/dns-zones/trans-agenda.de.zone b/configurations/services/bind/dns-zones/trans-agenda.de.zone @@ -0,0 +1,18 @@ +@ IN SOA ns1.ctu.cx. trans-agenda.de (2205011734 7200 900 1209600 86400) +@ IN NS ns1.ctu.cx. +@ IN NS ns2.ctu.cx. + +@ 3600 IN A 37.221.196.131 +@ 3600 IN AAAA 2a03:4000:9:f8::1 + +matrix 3600 IN A 37.221.196.131 +matrix 3600 IN AAAA 2a03:4000:9:f8::1 + +gts-test 3600 IN A 37.221.196.131 +gts-test 3600 IN AAAA 2a03:4000:9:f8::1 + + +@ 3600 IN MX 10 osterei.ctu.cx. +@ 3600 IN TXT "v=spf1 a mx ip4:185.232.70.80 +ip6:2a03:4000:4e:af1::1 ~all" +_dmarc 3600 IN TXT "v=DMARC1; p=none" +default._domainkey 3600 IN TXT "v=DKIM1; k=ed25519; p=GXLhvWLRcJW6GAQ/1WvRGRgHGADEBpB7rLaLi4VjxZg="
diff --git a/configurations/services/bind/dns-zones/update-serial.sh b/configurations/services/bind/dns-zones/update-serial.sh @@ -0,0 +1,6 @@ +#!/usr/bin/env bash +cd $(dirname $0) +for i in *.zone +do + sed "s/\(SOA.*(\)[0-9]\+ /\1$(date "+%y%m%d%H%M") /g" -i $i +done
diff --git a/machines/osterei/configuration.nix b/machines/osterei/configuration.nix @@ -8,7 +8,7 @@ ../../configurations/notify-failure.nix ../../configurations/services/prometheus-node-exporter.nix - ../../configurations/services/bind.nix + ../../configurations/services/bind ./git ./syncthing.nix