1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
{ nodes, config, lib, pkgs, ...}:
let
cfg = config.ctucxConfig.services.dnsServer;
in {
options = {
ctucxConfig.services.dnsServer = {
enable = lib.mkEnableOption "dns";
};
};
config = lib.mkIf cfg.enable {
dns = {
enable = true;
allZones = with pkgs.dns.lib.combinators; let
CAA = [ { issuerCritical = false; tag = "issue"; value = "letsencrypt.org"; } ];
NS = [ "ns1.ctu.cx." "ns2.ctu.cx." ];
SOA = {
nameServer = "ns1.ctu.cx.";
adminEmail = "dns@ctu.cx"; # Email address with a real `@`!
serial = lib.toInt ("2023" + "03" + "04" + "1");
};
in {
"ctu.cx" = {
inherit SOA NS CAA;
subdomains = {
ns1 = (host nodes.trabbi.config.networking.primaryIP4 nodes.trabbi.config.networking.primaryIP);
ns2 = (host nodes.wanderduene.config.networking.primaryIP4 nodes.wanderduene.config.networking.primaryIP);
_atproto.TXT = [ "did=did:plc:zaeuok3fmh2pcp4cjiicku4i" ];
blechkasten.CNAME = [ "blechkasten.home" ];
briefkasten.CNAME = [ "briefkasten.home" ];
"48-247-39-195.wireguard".A = [ (a "195.39.247.48") ];
"49-247-39-195.wireguard".A = [ (a "195.39.247.49") ];
"50-247-39-195.wireguard".A = [ (a "195.39.247.50") ];
"51-247-39-195.wireguard".A = [ (a "195.39.247.51") ];
"52-247-39-195.wireguard".A = [ (a "195.39.247.52") ];
"53-247-39-195.wireguard".A = [ (a "195.39.247.53") ];
"54-247-39-195.wireguard".A = [ (a "195.39.247.54") ];
"55-247-39-195.wireguard".A = [ (a "195.39.247.55") ];
"32-246-39-195.dynamic".A = [ (a "195.39.246.32") ];
"33-246-39-195.dynamic".A = [ (a "195.39.246.33") ];
"34-246-39-195.dynamic".A = [ (a "195.39.246.34") ];
"35-246-39-195.dynamic".A = [ (a "195.39.246.35") ];
"36-246-39-195.dynamic".A = [ (a "195.39.246.36") ];
"37-246-39-195.dynamic".A = [ (a "195.39.246.37") ];
"38-246-39-195.dynamic".A = [ (a "195.39.246.38") ];
"39-246-39-195.dynamic".A = [ (a "195.39.246.39") ];
"40-246-39-195.dynamic".A = [ (a "195.39.246.40") ];
"41-246-39-195.dynamic".A = [ (a "195.39.246.41") ];
"42-246-39-195.dynamic".A = [ (a "195.39.246.42") ];
"43-246-39-195.dynamic".A = [ (a "195.39.246.43") ];
"44-246-39-195.dynamic".A = [ (a "195.39.246.44") ];
"45-246-39-195.dynamic".A = [ (a "195.39.246.45") ];
"46-246-39-195.dynamic".A = [ (a "195.39.246.46") ];
"47-246-39-195.dynamic".A = [ (a "195.39.246.47") ];
};
};
"wifionic.de" = {
inherit SOA NS CAA;
};
"trans-agenda.de" = {
inherit SOA NS CAA;
};
"ctucx.de" = {
inherit SOA NS CAA;
};
"thein.ovh" = {
inherit SOA NS CAA;
};
"flauschehorn.sexy" = {
inherit SOA NS CAA;
MX = with mx; [ (mx 10 "rx300.kunbox.net.") ];
TXT = [ "v=spf1 mx ~all" ];
subdomains = {
_dmarc.TXT = [ "v=DMARC1; p=quarantine; rua=mailto:hostmaster@kunbox.net; ruf=mailto:postmaster@kunsmann.eu; fo=0:d:s; adkim=r; aspf=r" ];
"mail._domainkey".TXT = [ "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnh5Ym9PO7r+wdOIKfopvHzn3KU3qT6IlCG/gvvbmIqoeFQfRbAe3gQmcG6RcLue55cJQGhI6y2r0lm59ZeoHR40aM+VabAOlplekM7xWmoXb/9vG2OZLIqAyF4I+7GQmTN6B9keBHp9SWtDUkI0B0G9neZ5MkXJP705M0duxritqQlb4YvCZwteHiyckKcg9aE9j+GF2EEawBoVDpoveoB3+wgde3lWEUjjwKFtXNXxuN354o6jgXgPNWtIEdPMLfK/o0CaCjZNlzaLTsTegY/+67hdHFqDmm8zXO9s+Xiyfq7CVq21t7wDhQ2W1agj+up6lH82FMh5rZNxJ6XB0yQIDAQAB" ];
};
};
};
};
};
}