commit 336147b7f38bb651baa3e935444efc016d13559d
parent dbc75eb0801c26308dc175f96e06f18ecf108d95
Author: Leah (ctucx) <leah@ctu.cx>
Date: Mon, 12 Sep 2022 23:09:43 +0200
parent dbc75eb0801c26308dc175f96e06f18ecf108d95
Author: Leah (ctucx) <leah@ctu.cx>
Date: Mon, 12 Sep 2022 23:09:43 +0200
services: rename `bind` to `dns` and use dns-module!
36 files changed, 186 insertions(+), 207 deletions(-)
D
|
88
-------------------------------------------------------------------------------
M
|
103
+++++++++++++++++++++++++++++++++++++++++++++++++++++++------------------------
diff --git a/configurations/services/bind/dns-zones/ctu.cx.zone b/configurations/services/bind/dns-zones/ctu.cx.zone @@ -1,88 +0,0 @@ -@ IN SOA ns1.ctu.cx. ctu.cx (2207111518 7200 900 1209600 86400) -@ IN NS ns1.ctu.cx. -@ IN NS ns2.ctu.cx. -home 3600 IN NS home.ctu.cx. - -@ 3600 IN A 185.232.70.80 -@ 3600 IN AAAA 2a03:4000:4e:af1::1 - -@ 3600 IN MX 10 osterei.ctu.cx. -@ 3600 IN TXT "v=spf1 a mx ip4:185.232.70.80 +ip6:2a03:4000:4e:af1::1 ~all" -_dmarc 3600 IN TXT "v=DMARC1; p=none" -default._domainkey 3600 IN TXT "v=DKIM1; k=ed25519; p=nWRKCHE19fL1RHJ2cVkC8Xvfzm9OtgeF5VC2lD+EaEo=" - -ns1 3600 IN A 185.232.70.80 -ns1 3600 IN AAAA 2a03:4000:4e:af1::1 -ns2 3600 IN A 46.38.253.139 -ns2 3600 IN AAAA 2a03:4000:1:45d::1 - -wanderduene 3600 IN A 46.38.253.139 -wanderduene 3600 IN AAAA 2a03:4000:1:45d::1 - -osterei 3600 IN A 185.232.70.80 -osterei 3600 IN AAAA 2a03:4000:4e:af1::1 - -lollo 3600 IN A 195.39.246.41 -lollo 3600 IN AAAA 2a0f:4ac0:acab::1 -home 3600 IN A 195.39.246.41 -home 3600 IN AAAA 2a0f:4ac0:acab::1 - -blechkasten 3600 IN A 195.39.246.42 -blechkasten 3600 IN AAAA 2a0f:4ac0:acab:1234::42 - -coladose 3600 IN A 195.39.246.43 -coladose 3600 IN AAAA 2a0f:4ac0:acab:1234::43 - -hector 3600 IN AAAA 2a01:4f9:6b:2d99:2829:acab::1 -desastro 3600 IN CNAME desastro.wolfsburg.petabyte.dev. - -48-247-39-195.wireguard 3600 IN A 195.39.247.48 -49-247-39-195.wireguard 3600 IN A 195.39.247.49 -50-247-39-195.wireguard 3600 IN A 195.39.247.50 -51-247-39-195.wireguard 3600 IN A 195.39.247.51 -52-247-39-195.wireguard 3600 IN A 195.39.247.52 -53-247-39-195.wireguard 3600 IN A 195.39.247.53 -54-247-39-195.wireguard 3600 IN A 195.39.247.54 -55-247-39-195.wireguard 3600 IN A 195.39.247.55 - -32-246-39-195.dynamic 3600 IN A 195.39.246.32 -33-246-39-195.dynamic 3600 IN A 195.39.246.32 -34-246-39-195.dynamic 3600 IN A 195.39.246.33 -35-246-39-195.dynamic 3600 IN A 195.39.246.35 -36-246-39-195.dynamic 3600 IN A 195.39.246.36 -37-246-39-195.dynamic 3600 IN A 195.39.246.37 -38-246-39-195.dynamic 3600 IN A 195.39.246.38 -39-246-39-195.dynamic 3600 IN A 195.39.246.39 -40-246-39-195.dynamic 3600 IN A 195.39.246.40 -41-246-39-195.dynamic 3600 IN A 195.39.246.41 -42-246-39-195.dynamic 3600 IN A 195.39.246.42 -43-246-39-195.dynamic 3600 IN A 195.39.246.43 -44-246-39-195.dynamic 3600 IN A 195.39.246.44 -45-246-39-195.dynamic 3600 IN A 195.39.246.45 -46-246-39-195.dynamic 3600 IN A 195.39.246.46 -47-246-39-195.dynamic 3600 IN A 195.39.246.47 - -prometheus 3600 IN CNAME osterei.ctu.cx. -grafana 3600 IN CNAME osterei.ctu.cx. -webmail 3600 IN CNAME osterei.ctu.cx. -dav 3600 IN CNAME osterei.ctu.cx. -cgit 3600 IN CNAME osterei.ctu.cx. -git 3600 IN CNAME osterei.ctu.cx. -oeffi 3600 In CNAME osterei.ctu.cx. -pleroma 3600 IN CNAME osterei.ctu.cx. -matrix 3600 IN CNAME osterei.ctu.cx. -restic 3600 IN CNAME desastro.ctu.cx. -photos 3600 IN CNAME osterei.ctu.cx. - -syncthing.lollo 3600 IN CNAME lollo.ctu.cx. -syncthing.desastro 3600 IN CNAME desastro.ctu.cx. -syncthing.osterei 3600 IN CNAME osterei.ctu.cx. -syncthing.hector 3600 IN CNAME hector.ctu.cx. - -restic.desastro 3600 IN CNAME desastro.ctu.cx. -restic.lollo 3600 IN CNAME lollo.ctu.cx. -restic.hector 3600 IN CNAME hector.ctu.cx. - -_imaps._tcp 3600 IN SRV 0 1 993 osterei.ctu.cx. -_imap._tcp 3600 IN SRV 0 1 143 osterei.ctu.cx. -_submission._tcp 3600 IN SRV 0 1 587 osterei.ctu.cx.
diff --git a/configurations/services/bind/dns-zones/ctucx.de.zone b/configurations/services/bind/dns-zones/ctucx.de.zone @@ -1,11 +0,0 @@ -@ IN SOA ns1.ctu.cx. ctucx.de (2207111518 7200 900 1209600 86400) -@ IN NS ns1.ctu.cx. -@ IN NS ns2.ctu.cx. - -@ 3600 IN A 185.232.70.80 -@ 3600 IN AAAA 2a03:4000:4e:af1::1 - -@ 3600 IN MX 10 osterei.ctu.cx. -@ 3600 IN TXT "v=spf1 a mx ip4:185.232.70.80 +ip6:2a03:4000:4e:af1::1 ~all" -_dmarc 3600 IN TXT "v=DMARC1; p=none" -mail._domainkey 3600 IN TXT "v=DKIM1; k=ed25519; p=U9JMZlv7BpLXGIpO7WdJ/7ephxwJtJ02jaVUUadyP9s="
diff --git a/configurations/services/bind/dns-zones/flauschehorn.sexy.zone b/configurations/services/bind/dns-zones/flauschehorn.sexy.zone @@ -1,16 +0,0 @@ -@ IN SOA ns1.ctu.cx. flauschehorn.sexy (2205171731 7200 900 1209600 86400) -@ IN NS ns1.ctu.cx. -@ IN NS ns2.ctu.cx. - -@ 3600 IN A 185.232.70.80 -@ 3600 IN AAAA 2a03:4000:4e:af1::1 - -@ 3600 IN MX 10 rx300.kunbox.net. -@ 3600 IN TXT "v=spf1 mx ~all" - -_dmarc 3600 IN TXT "v=DMARC1; p=quarantine; rua=mailto:hostmaster@kunbox.net; ruf=mailto:postmaster@kunsmann.eu; fo=0:d:s; adkim=r; aspf=r" - -uO4aNejDvVdw8BKne3KJIqAvCQMJ0416._domainkey 3600 IN TXT ( "v=DKIM1; k=rsa; " - "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnh5Ym9PO7r+wdOIKfopvHzn3KU3qT6IlCG/gvvbmIqoeFQfRbAe3gQmcG6RcLue55cJQGhI6y2r0lm59ZeoHR40aM+VabAOlplekM7xWmoXb/9vG2OZLIqAyF4I+7GQmTN6B9keBHp9SWtDUkI0B0G9neZ5MkXJP705M0duxritqQlb4YvCZwteHiyckKcg9aE9j+GF2EEawBoVDp" - "oveoB3+wgde3lWEUjjwKFtXNXxuN354o6jgXgPNWtIEdPMLfK/o0CaCjZNlzaLTsTegY/+67hdHFqDmm8zXO9s+Xiyfq7CVq21t7wDhQ2W1agj+up6lH82FMh5rZNxJ6XB0yQIDAQAB" -);
diff --git a/configurations/services/bind/dns-zones/oeffisear.ch.zone b/configurations/services/bind/dns-zones/oeffisear.ch.zone @@ -1,6 +0,0 @@ -@ IN SOA ns1.ctu.cx. ctu.cx (2207111518 7200 900 1209600 86400) -@ IN NS ns1.ctu.cx. -@ IN NS ns2.ctu.cx. - -@ 3600 IN A 185.232.70.80 -@ 3600 IN AAAA 2a03:4000:4e:af1::1
diff --git a/configurations/services/bind/dns-zones/thein.ovh.zone b/configurations/services/bind/dns-zones/thein.ovh.zone @@ -1,11 +0,0 @@ -@ IN SOA ns1.ctu.cx. thein.ovh (2207111518 7200 900 1209600 86400) -@ IN NS ns1.ctu.cx. -@ IN NS ns2.ctu.cx. - -@ 3600 IN A 185.232.70.80 -@ 3600 IN AAAA 2a03:4000:4e:af1::1 - -@ 3600 IN MX 10 osterei.ctu.cx. -@ 3600 IN TXT "v=spf1 a mx ip4:185.232.70.80 +ip6:2a03:4000:4e:af1::1 ~all" -dmarc 3600 IN TXT "v=DMARC1; p=none" -default._domainkey 3600 IN TXT "v=DKIM1; k=ed25519; p=KYkebiXYSc/+7Rtdz/ZZFRAXAsQnyLPYA6r2uboh5oc="
diff --git a/configurations/services/bind/dns-zones/trans-agenda.de.zone b/configurations/services/bind/dns-zones/trans-agenda.de.zone @@ -1,9 +0,0 @@ -@ IN SOA ns1.ctu.cx. trans-agenda.de (2207111518 7200 900 1209600 86400) -@ IN NS ns1.ctu.cx. -@ IN NS ns2.ctu.cx. - -@ 3600 IN A 37.221.196.131 -@ 3600 IN AAAA 2a03:4000:9:f8::1 - -matrix 3600 IN A 37.221.196.131 -matrix 3600 IN AAAA 2a03:4000:9:f8::1
diff --git a/configurations/services/bind/dns-zones/update-serial.sh b/configurations/services/bind/dns-zones/update-serial.sh @@ -1,6 +0,0 @@ -#!/usr/bin/env bash -cd $(dirname $0) -for i in *.zone -do - sed "s/\(SOA.*(\)[0-9]\+ /\1$(date "+%y%m%d%H%M") /g" -i $i -done
diff --git a/configurations/services/bind/dns-zones/wifionic.de.zone b/configurations/services/bind/dns-zones/wifionic.de.zone @@ -1,6 +0,0 @@ -@ IN SOA ns1.ctu.cx. wifionice.de (2207111518 7200 900 1209600 86400) -@ IN NS ns1.ctu.cx. -@ IN NS ns2.ctu.cx. - -@ 3600 IN A 185.232.70.80 -@ 3600 IN AAAA 2a03:4000:4e:af1::1
diff --git a/configurations/services/dns/default.nix b/configurations/services/dns/default.nix @@ -1,49 +1,90 @@ -{config, lib, pkgs, ...}: +{ config, lib, pkgs, ...}: -let - dns-zones = ./dns-zones; - -in { +{ deployment.tags = [ "dns" ]; dns = { enable = true; - extraZones = { + allZones = with pkgs.dns.lib.combinators; let + CAA = [ { issuerCritical = false; tag = "issue"; value = "letsencrypt.org"; } ]; + NS = [ "ns1.ctu.cx." "ns2.ctu.cx." ]; + SOA = { + nameServer = "ns1.ctu.cx."; + adminEmail = "dns@ctu.cx"; # Email address with a real `@`! + serial = lib.toInt ("2022" + "09" + "12" + "03"); + }; + in { + "ctu.cx" = { - file = "${dns-zones}/ctu.cx.zone"; - master = true; + inherit SOA NS CAA; + + subdomains = { + blechkasten = (host "195.39.246.42" "2a0f:4ac0:acab:1234::42"); + ns1 = (host "185.232.70.80" "2a03:4000:4e:af1::1"); + ns2 = (host "46.38.253.139" "2a03:4000:1:45d::1"); + + "48-247-39-195.wireguard".A = [ (a "195.39.247.48") ]; + "49-247-39-195.wireguard".A = [ (a "195.39.247.49") ]; + "50-247-39-195.wireguard".A = [ (a "195.39.247.50") ]; + "51-247-39-195.wireguard".A = [ (a "195.39.247.51") ]; + "52-247-39-195.wireguard".A = [ (a "195.39.247.52") ]; + "53-247-39-195.wireguard".A = [ (a "195.39.247.53") ]; + "54-247-39-195.wireguard".A = [ (a "195.39.247.54") ]; + "55-247-39-195.wireguard".A = [ (a "195.39.247.55") ]; + + "32-246-39-195.dynamic".A = [ (a "195.39.246.32") ]; + "33-246-39-195.dynamic".A = [ (a "195.39.246.33") ]; + "34-246-39-195.dynamic".A = [ (a "195.39.246.34") ]; + "35-246-39-195.dynamic".A = [ (a "195.39.246.35") ]; + "36-246-39-195.dynamic".A = [ (a "195.39.246.36") ]; + "37-246-39-195.dynamic".A = [ (a "195.39.246.37") ]; + "38-246-39-195.dynamic".A = [ (a "195.39.246.38") ]; + "39-246-39-195.dynamic".A = [ (a "195.39.246.39") ]; + "40-246-39-195.dynamic".A = [ (a "195.39.246.40") ]; + "41-246-39-195.dynamic".A = [ (a "195.39.246.41") ]; + "42-246-39-195.dynamic".A = [ (a "195.39.246.42") ]; + "43-246-39-195.dynamic".A = [ (a "195.39.246.43") ]; + "44-246-39-195.dynamic".A = [ (a "195.39.246.44") ]; + "45-246-39-195.dynamic".A = [ (a "195.39.246.45") ]; + "46-246-39-195.dynamic".A = [ (a "195.39.246.46") ]; + "47-246-39-195.dynamic".A = [ (a "195.39.246.47") ]; + }; }; - "ctucx.de" = { - file = "${dns-zones}/ctucx.de.zone"; - master = true; + + "oeffisear.ch" = { + inherit SOA NS CAA; }; - "flauschehorn.sexy" = { - file = "${dns-zones}/flauschehorn.sexy.zone"; - master = true; + + "wifionic.de" = { + inherit SOA NS CAA; }; - "thein.ovh" = { - file = "${dns-zones}/thein.ovh.zone"; - master = true; + + "trans-agenda.de" = { + inherit SOA NS CAA; }; - "oeffisear.ch" = { - file = "${dns-zones}/oeffisear.ch.zone"; - master = true; + + "ctucx.de" = { + inherit SOA NS CAA; }; - "trans-agenda.de" = { - file = "${dns-zones}/trans-agenda.de.zone"; - master = true; + + "thein.ovh" = { + inherit SOA NS CAA; }; - "wifionic.de" = { - file = "${dns-zones}/wifionic.de.zone"; - master = true; + + "flauschehorn.sexy" = { + inherit SOA NS CAA; + + MX = with mx; [ (mx 10 "rx300.kunbox.net.") ]; + TXT = [ "v=spf1 mx ~all" ]; + + subdomains = { + _dmarc.TXT = [ "v=DMARC1; p=quarantine; rua=mailto:hostmaster@kunbox.net; ruf=mailto:postmaster@kunsmann.eu; fo=0:d:s; adkim=r; aspf=r" ]; + "mail._domainkey".TXT = [ "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnh5Ym9PO7r+wdOIKfopvHzn3KU3qT6IlCG/gvvbmIqoeFQfRbAe3gQmcG6RcLue55cJQGhI6y2r0lm59ZeoHR40aM+VabAOlplekM7xWmoXb/9vG2OZLIqAyF4I+7GQmTN6B9keBHp9SWtDUkI0B0G9neZ5MkXJP705M0duxritqQlb4YvCZwteHiyckKcg9aE9j+GF2EEawBoVDpoveoB3+wgde3lWEUjjwKFtXNXxuN354o6jgXgPNWtIEdPMLfK/o0CaCjZNlzaLTsTegY/+67hdHFqDmm8zXO9s+Xiyfq7CVq21t7wDhQ2W1agj+up6lH82FMh5rZNxJ6XB0yQIDAQAB" ]; + }; }; - }; - }; - networking.firewall = { - allowedTCPPorts = [ 53 ]; - allowedUDPPorts = [ 53 ]; + }; }; }
diff --git a/configurations/services/restic-server.nix b/configurations/services/restic-server.nix @@ -7,6 +7,8 @@ owner = "nginx"; }; + dns.zones."${config.networking.domain}".subdomains."restic.${config.networking.hostName}".CNAME = [ "${config.networking.fqdn}." ]; + services = { restic.server = { enable = true;
diff --git a/flake.lock b/flake.lock @@ -75,18 +75,18 @@ ] }, "locked": { - "lastModified": 1635273082, - "narHash": "sha256-EHiDP2jEa7Ai5ZwIf5uld9RVFcV77+2SUxjQXwJsJa0=", - "owner": "kirelagin", - "repo": "dns.nix", - "rev": "c7b9645da9c0ddce4f9de4ef27ec01bb8108039a", - "type": "github" + "lastModified": 1663056410, + "narHash": "sha256-xzUD0euNuP0t7JzLCv8AB4oAwX1Aknvr2SBjp0O/iBY=", + "ref": "master", + "rev": "1d6452f3c6fe65444a6115f49a5cf25724dee42d", + "revCount": 73, + "type": "git", + "url": "https://git.ctu.cx/dns-nix" }, "original": { - "owner": "kirelagin", "ref": "master", - "repo": "dns.nix", - "type": "github" + "type": "git", + "url": "https://git.ctu.cx/dns-nix" } }, "flake-compat": {
diff --git a/flake.nix b/flake.nix @@ -40,9 +40,8 @@ }; dns = { - type = "github"; - owner = "kirelagin"; - repo = "dns.nix"; + type = "git"; + url = "https://git.ctu.cx/dns-nix"; ref = "master"; inputs.nixpkgs.follows = "nixpkgs"; }; @@ -63,8 +62,8 @@ inputs.nixpkgs.follows = "nixpkgs"; }; -# local-secrets.url = "/Users/leah/proj/nix-secrets"; - local-secrets.url = "/home/leah/proj/nix-secrets"; + local-secrets.url = "/Users/leah/proj/nix-secrets"; +# local-secrets.url = "/home/leah/proj/nix-secrets"; }; outputs = inputs: {
diff --git a/machines/coladose/configuration.nix b/machines/coladose/configuration.nix @@ -49,6 +49,8 @@ initrd.availableKernelModules = [ "i915" ]; }; + dns.zones."ctu.cx".subdomains.coladose = (pkgs.dns.lib.combinators.host "195.39.246.43" "2a0f:4ac0:acab:1234::43"); + networking = { dhcpcd.enable = true; wireless.iwd.enable = true;
diff --git a/machines/desastro/configuration.nix b/machines/desastro/configuration.nix @@ -45,6 +45,8 @@ age.secrets.wireguard-privkey.file = ../../secrets/desastro/wireguard-privkey.age; age.secrets.restic-server-hector.file = ../../secrets/restic-server/hector.age; + dns.zones."ctu.cx".subdomains.desastro.CNAME = [ "desastro.wolfsburg.petabyte.dev." ]; + networking = { useDHCP = false; resolvconf.useLocalResolver = lib.mkForce false;
diff --git a/machines/desastro/syncthing.nix b/machines/desastro/syncthing.nix @@ -1,4 +1,4 @@ -{config, lib, pkgs, ...}: +{ config, lib, pkgs, ...}: let backups = { @@ -23,6 +23,7 @@ in { ../../configurations/services/syncthing.nix ]; + dns.zones."${config.networking.domain}".subdomains."syncthing.${config.networking.hostName}".CNAME = [ "${config.networking.fqdn}." ]; age.secrets = lib.mapAttrs' ( name: path: lib.nameValuePair "restic-syncthing-${name}" {
diff --git a/machines/hector/configuration.nix b/machines/hector/configuration.nix @@ -19,6 +19,8 @@ device = "/dev/sda"; }; + dns.zones."ctu.cx".subdomains.hector.AAAA = [ "2a01:4f9:6b:2d99:2829:acab::1" ]; + networking = { useDHCP = false;
diff --git a/machines/lollo/configuration.nix b/machines/lollo/configuration.nix @@ -34,6 +34,8 @@ efi.canTouchEfiVariables = true; }; + dns.zones."ctu.cx".subdomains.lollo = (pkgs.dns.lib.combinators.host "195.39.246.41" "2a0f:4ac0:acab::1"); + services.email-notify.enable = true; networking.useDHCP = false;
diff --git a/machines/lollo/router/dnsmasq.nix b/machines/lollo/router/dnsmasq.nix @@ -9,6 +9,12 @@ let in { + dns.zones."ctu.cx".subdomains = with pkgs.dns.lib.combinators; { + home.NS = [ "home.ctu.cx." ]; + home.A = [ (a "195.39.246.41") ]; + home.AAAA = [ "2a0f:4ac0:acab::1" ]; + }; + systemd.services.dnsmasq.onFailure = [ "notify-failure@%i.service" ]; services = {
diff --git a/machines/lollo/syncthing.nix b/machines/lollo/syncthing.nix @@ -6,6 +6,8 @@ ../../configurations/services/syncthing.nix ]; + dns.zones."${config.networking.domain}".subdomains."syncthing.${config.networking.hostName}".CNAME = [ "${config.networking.fqdn}." ]; + systemd.services.sycnthing.onFailure = [ "notify-failure@%i.service" ]; services = { @@ -15,7 +17,7 @@ nginx = { enable = true; - virtualHosts."syncthing.lollo.ctu.cx" = { + virtualHosts."syncthing.${config.networking.fqdn}" = { enableACME = true; forceSSL = true; locations."/".proxyPass = "http://127.0.0.1:8384/";
diff --git a/machines/osterei/configuration.nix b/machines/osterei/configuration.nix @@ -3,14 +3,14 @@ { deployment = { - tags = [ "servers" "dns" ]; + tags = [ "servers" ]; }; imports = [ ./hardware-configuration.nix # dns server - ../../configurations/services/bind + ../../configurations/services/dns # monitoring ../../configurations/services/prometheus-node-exporter.nix @@ -74,6 +74,8 @@ services.email-notify.enable = true; + dns.zones."ctu.cx".subdomains.osterei = (pkgs.dns.lib.combinators.host "185.232.70.80" "2a03:4000:4e:af1::1"); + networking = { useDHCP = false;
diff --git a/machines/osterei/git/cgit.nix b/machines/osterei/git/cgit.nix @@ -49,6 +49,8 @@ let in { + dns.zones."ctu.cx".subdomains.cgit.CNAME = [ "${config.networking.fqdn}." ]; + services = { fcgiwrap = {
diff --git a/machines/osterei/git/stagit.nix b/machines/osterei/git/stagit.nix @@ -48,6 +48,11 @@ let in { + dns.zones."ctu.cx".subdomains = { + cgit.CNAME = [ "${config.networking.fqdn}." ]; + git.CNAME = [ "${config.networking.fqdn}." ]; + }; + security.sudo.extraRules = [{ users = [ "git" ]; commands = [
diff --git a/machines/osterei/grafana/default.nix b/machines/osterei/grafana/default.nix @@ -2,6 +2,8 @@ { + dns.zones."ctu.cx".subdomains.grafana.CNAME = [ "${config.networking.fqdn}." ]; + systemd.services.grafana.onFailure = [ "notify-failure@%i.service" ]; services = {
diff --git a/machines/osterei/maddy.nix b/machines/osterei/maddy.nix @@ -84,6 +84,45 @@ in { networking.firewall.allowedTCPPorts = [ 25 143 465 587 993 ]; + dns.zones = with pkgs.dns.lib.combinators; let + TXT = [ "v=spf1 a mx ip4:185.232.70.80 +ip6:2a03:4000:4e:af1::1 ~all" ]; + DMARC = "v=DMARC1; p=none"; + MX = with mx; [ (mx 10 "osterei.ctu.cx.") ]; + in { + "ctu.cx" = { + inherit MX TXT; + + SRV = [ + { proto = "tcp"; service = "imaps"; priority = 0; weight = 1; port = 993; target = "osterei.ctu.cx."; } + { proto = "tcp"; service = "imap"; priority = 0; weight = 1; port = 143; target = "osterei.ctu.cx."; } + { proto = "tcp"; service = "submission"; priority = 0; weight = 1; port = 587; target = "osterei.ctu.cx."; } + ]; + + subdomains = { + _dmarc.TXT = [ DMARC ]; + "default._domainkey".TXT = [ "v=DKIM1; k=ed25519; p=nWRKCHE19fL1RHJ2cVkC8Xvfzm9OtgeF5VC2lD+EaEo=" ]; + }; + }; + + "ctucx.de" = { + inherit MX TXT; + + subdomains = { + _dmarc.TXT = [ DMARC ]; + "default._domainkey".TXT = [ "v=DKIM1; k=ed25519; p=U9JMZlv7BpLXGIpO7WdJ/7ephxwJtJ02jaVUUadyP9s" ]; + }; + }; + + "thein.ovh" = { + inherit MX TXT; + + subdomains = { + _dmarc.TXT = [ DMARC ]; + "default._domainkey".TXT = [ "v=DKIM1; k=ed25519; p=KYkebiXYSc/+7Rtdz/ZZFRAXAsQnyLPYA6r2uboh5oc=" ]; + }; + }; + }; + users.groups.maddy = {}; users.users.maddy = { isSystemUser = true;
diff --git a/machines/osterei/matrix-synapse.nix b/machines/osterei/matrix-synapse.nix @@ -13,6 +13,8 @@ systemd.services.matrix-synapse.onFailure = [ "notify-failure@%i.service" ]; + dns.zones."ctu.cx".subdomains.matrix.CNAME = [ "${config.networking.fqdn}." ]; + services = { postgresql = { enable = true;
diff --git a/machines/osterei/oeffi-web.nix b/machines/osterei/oeffi-web.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ config, pkgs, ... }: let nimhafas = pkgs.fetchgit { @@ -29,6 +29,8 @@ let in { + dns.zones."ctu.cx".subdomains.oeffi.CNAME = [ "${config.networking.fqdn}." ]; + users.groups.oeffisearch = {}; users.users.oeffisearch = { isSystemUser = true;
diff --git a/machines/osterei/oeffisearch.nix b/machines/osterei/oeffisearch.nix @@ -102,4 +102,6 @@ in { }; }; + dns.zones."oeffisear.ch" = (pkgs.dns.lib.combinators.host "185.232.70.80" "2a03:4000:4e:af1::1"); + }
diff --git a/machines/osterei/pleroma/default.nix b/machines/osterei/pleroma/default.nix @@ -11,6 +11,8 @@ postgresDatabases = [ "pleroma" ]; }; + dns.zones."ctu.cx".subdomains.pleroma.CNAME = [ "${config.networking.fqdn}." ]; + systemd.services.pleroma.path = [ pkgs.exiftool ]; systemd.services.pleroma.onFailure = [ "notify-failure@%i.service" ];
diff --git a/machines/osterei/prometheus.nix b/machines/osterei/prometheus.nix @@ -2,6 +2,8 @@ { + dns.zones."ctu.cx".subdomains.prometheus.CNAME = [ "${config.networking.fqdn}." ]; + systemd.services.prometheus.onFailure = [ "notify-failure@%i.service" ]; services = {
diff --git a/machines/osterei/radicale.nix b/machines/osterei/radicale.nix @@ -16,6 +16,8 @@ paths = [ "/var/lib/radicale" ]; }; + dns.zones."ctu.cx".subdomains.dav.CNAME = [ "${config.networking.fqdn}." ]; + systemd.services.radicale.onFailure = [ "notify-failure@%i.service" ]; services = {
diff --git a/machines/osterei/syncthing.nix b/machines/osterei/syncthing.nix @@ -6,6 +6,8 @@ ../../configurations/services/syncthing.nix ]; + dns.zones."${config.networking.domain}".subdomains."syncthing.${config.networking.hostName}".CNAME = [ "${config.networking.fqdn}." ]; + systemd.services.syncthing.onFailure = [ "notify-failure@%i.service" ]; services = {
diff --git a/machines/osterei/websites/ctu.cx.nix b/machines/osterei/websites/ctu.cx.nix @@ -2,6 +2,8 @@ { + dns.zones."ctu.cx" = (pkgs.dns.lib.combinators.host "185.232.70.80" "2a03:4000:4e:af1::1"); + services.nginx = { enable = true; virtualHosts."ctu.cx" = {
diff --git a/machines/osterei/websites/flauschehorn.sexy.nix b/machines/osterei/websites/flauschehorn.sexy.nix @@ -85,4 +85,6 @@ in { }; }; + dns.zones."flauschehorn.sexy" = (pkgs.dns.lib.combinators.host "185.232.70.80" "2a03:4000:4e:af1::1"); + }
diff --git a/machines/osterei/websites/photos.ctu.cx.nix b/machines/osterei/websites/photos.ctu.cx.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, ... }: +{ config, pkgs, lib, ... }: let galleryConfig = { @@ -47,6 +47,8 @@ in { environment.systemPackages = [ pkgs.bindfs ]; + dns.zones."ctu.cx".subdomains.photos.CNAME = [ "${config.networking.fqdn}." ]; + fileSystems."/mnt/photos.ctu.cx" = { device = "/home/leah/syncthing/Pictures/photos.ctu.cx"; fsType = "fuse.bindfs";
diff --git a/machines/osterei/websites/wifionic.de.nix b/machines/osterei/websites/wifionic.de.nix @@ -69,7 +69,6 @@ in { extraConfig = '' proxy_set_header Accept-Encoding ""; proxy_set_header Host "app.wigeogis.com"; -# proxy_set_header Cookie "PHPSESSID=foobar123"; ''; }; @@ -77,4 +76,6 @@ in { }; }; + dns.zones."wifionic.de" = (pkgs.dns.lib.combinators.host "185.232.70.80" "2a03:4000:4e:af1::1"); + }
diff --git a/machines/wanderduene/configuration.nix b/machines/wanderduene/configuration.nix @@ -3,14 +3,14 @@ { deployment = { - tags = [ "servers" "dns" ]; + tags = [ "servers" ]; }; imports = [ ./hardware-configuration.nix ../../configurations/services/prometheus-node-exporter.nix - ../../configurations/services/bind + ../../configurations/services/dns ]; boot = { @@ -41,6 +41,8 @@ }; }; + dns.zones."ctu.cx".subdomains.wanderduene = (pkgs.dns.lib.combinators.host "46.38.253.139" "2a03:4000:1:45d::1"); + networking = { useDHCP = false;