nixos-config/zones/chir.rs.nix

278 lines
7.6 KiB
Nix
Raw Normal View History

2022-06-12 16:39:15 +01:00
{
dns ? (import (builtins.fetchTarball "https://github.com/DarkKirb/dns.nix/archive/master.zip")).outputs,
zoneTTL ? 3600,
}:
with dns.lib.combinators; let
2022-01-30 18:36:12 +01:00
inherit (builtins) hasAttr;
2022-06-12 16:39:15 +01:00
merge = a: b:
(a // b)
// (
if ((hasAttr "subdomains" a) && (hasAttr "subdomains" b))
then {subdomains = a.subdomains // b.subdomains;}
else {}
);
2022-12-14 18:02:17 +01:00
oracleBase = {
A = [
(ttl zoneTTL (a "130.162.60.127"))
];
AAAA = [
2022-12-14 18:13:01 +01:00
(ttl zoneTTL (aaaa "2603:c020:8009:f100:f09a:894d:ef57:a278"))
2022-12-14 18:02:17 +01:00
];
SSHFP = [
{
algorithm = "rsa";
mode = "sha1";
fingerprint = "b44a837703b22d8cbc2ca4e7019af4bcb0185348";
ttl = zoneTTL;
}
{
algorithm = "rsa";
mode = "sha256";
fingerprint = "8f276ce01188fdd2bbf2aaa03d477c58c911a6c1f9bee3f8ab35ca4b42aa19a9";
ttl = zoneTTL;
}
{
algorithm = "ed25519";
mode = "sha1";
fingerprint = "8dfd784c5f239822b086dc4fa7c058f260331e5d";
ttl = zoneTTL;
}
{
algorithm = "ed25519";
mode = "sha256";
fingerprint = "82d51bd3ab43af3b94801c6b68812c4f1db013ac5b53a466fbcdbb955de6d3e5";
ttl = zoneTTL;
}
];
HTTPS = [
{
svcPriority = 1;
targetName = ".";
alpn = ["http/1.1" "h2" "h3"];
ipv4hint = ["130.162.60.127"];
ipv6hint = ["2603:c020:8009:f100:f09a:894d:ef57:a278"];
ttl = zoneTTL;
}
];
};
2022-01-30 18:36:12 +01:00
zoneBase = {
A = [
(ttl zoneTTL (a "138.201.155.128"))
];
AAAA = [
(ttl zoneTTL (aaaa "2a01:4f8:1c17:d953:b4e1:8ff:e658:6f49"))
];
SSHFP = [
{
algorithm = "rsa";
mode = "sha1";
fingerprint = "97b910c37194cd98e7edca2d68104f4531721c22";
ttl = zoneTTL;
}
{
algorithm = "rsa";
mode = "sha256";
fingerprint = "7915470f9275116889d5ca1fdbea20416d8372636c3d63653b272308608cf70f";
ttl = zoneTTL;
}
{
algorithm = "ed25519";
mode = "sha1";
fingerprint = "1aff467e745a8d68ba032dd3d54597e10d31ccf8";
ttl = zoneTTL;
}
{
algorithm = "ed25519";
mode = "sha256";
fingerprint = "e6dcdb73dc381ee2b354528cdaf8552364e75c34316d7e0c9819801daea5c951";
ttl = zoneTTL;
}
];
HTTPS = [
{
svcPriority = 1;
targetName = ".";
2022-06-12 16:39:15 +01:00
alpn = ["http/1.1" "h2" "h3"];
ipv4hint = ["138.201.155.128"];
ipv6hint = ["2a01:4f8:1c17:d953:b4e1:8ff:e658:6f49"];
2022-01-30 18:36:12 +01:00
ttl = zoneTTL;
}
];
CAA = [
{
issuerCritical = false;
tag = "issue";
value = "letsencrypt.org";
ttl = zoneTTL;
}
{
issuerCritical = false;
tag = "issuewild";
value = "letsencrypt.org";
ttl = zoneTTL;
}
{
issuerCritical = false;
tag = "iodef";
value = "mailto:lotte@chir.rs";
ttl = zoneTTL;
}
];
};
createZone = merge zoneBase;
2023-01-13 20:20:47 +01:00
createFullZone = merge (createZone {
A = [
(ttl zoneTTL (a "130.162.60.127"))
(ttl zoneTTL (a "138.201.155.128"))
];
AAAA = [
(ttl zoneTTL (aaaa "2603:c020:8009:f100:f09a:894d:ef57:a278"))
(ttl zoneTTL (aaaa "2a01:4f8:1c17:d953:b4e1:8ff:e658:6f49"))
];
HTTPS = [
{
svcPriority = 1;
targetName = ".";
alpn = ["http/1.1" "h2" "h3"];
ipv4hint = ["138.201.155.128" "130.162.60.127"];
ipv6hint = ["2a01:4f8:1c17:d953:b4e1:8ff:e658:6f49" "2603:c020:8009:f100:f09a:894d:ef57:a278"];
ttl = zoneTTL;
}
];
});
2022-01-30 18:36:12 +01:00
zone = createZone {
2022-01-23 19:22:44 +01:00
SOA = {
2022-03-23 09:39:08 +01:00
nameServer = "ns1.chir.rs.";
2022-01-23 19:22:44 +01:00
adminEmail = "lotte@chir.rs";
2024-01-07 10:20:15 +01:00
serial = 49;
2022-01-23 19:22:44 +01:00
};
NS = [
2022-03-23 09:39:08 +01:00
"ns1.chir.rs."
"ns2.chir.rs."
2022-12-14 18:02:17 +01:00
"ns3.chir.rs."
"ns4.chir.rs."
"ns1.darkkirb.de."
"ns2.darkkirb.de."
2022-01-23 19:22:44 +01:00
];
MX = [
2024-01-07 10:20:15 +01:00
(ttl zoneTTL (mx.mx 10 "mx.zoho.eu."))
(ttl zoneTTL (mx.mx 20 "mx2.zoho.eu."))
(ttl zoneTTL (mx.mx 50 "mx3.zoho.eu."))
2022-01-23 19:22:44 +01:00
];
2022-01-30 18:36:12 +01:00
SRV = [
{
service = "submission";
proto = "tcp";
port = 587;
target = "mail.chir.rs.";
}
{
service = "imap";
proto = "tcp";
port = 143;
target = "mail.chir.rs.";
}
{
service = "imaps";
proto = "tcp";
port = 993;
target = "mail.chir.rs.";
}
{
service = "pop3";
proto = "tcp";
port = 110;
target = "mail.chir.rs.";
}
{
service = "pop3s";
proto = "tcp";
port = 995;
target = "mail.chir.rs.";
}
];
TXT = [
2024-01-07 10:20:15 +01:00
(ttl zoneTTL (txt "v=spf1 include:zoho.eu ~all"))
2022-02-09 10:29:55 +01:00
(ttl zoneTTL (txt "google-site-verification=qXjyR8La2S_BMayWYxan-9PB16aChjgKMRI2NGSTAds"))
2024-01-07 10:20:15 +01:00
(ttl zoneTTL (txt "zoho-verification=zb25156608.zmverify.zoho.eu"))
2022-01-30 18:36:12 +01:00
];
2022-02-08 22:01:33 +01:00
DNSKEY = [
{
flags.zoneSigningKey = true;
flags.secureEntryPoint = true;
algorithm = "ecdsap256sha256";
publicKey = "5biiUR5bWhxr+PzyniLJp+FKln03EvQTWw+fg88NxwThgvSDL56zEhqkHqh8mObDkEqQ3LdM5LaOxwdDhWVJ9A==";
ttl = zoneTTL;
}
{
flags.zoneSigningKey = true;
algorithm = "ecdsap256sha256";
publicKey = "EuNM0AynEfbLZf5Hn5eMi31X0jW/NxpayoSQpnRuoko9JWQRBg3nPbqTWSPKHaCKrfs6zVRMoHtSq2Hql1Z+dw==";
}
];
2022-01-30 18:36:12 +01:00
subdomains = {
_dmarc.TXT = [
2024-01-07 10:20:15 +01:00
(ttl zoneTTL (txt "v=DMARC1; p=reject; rua=mailto:dmarc@chir.rs; ruf=mailto:dmarc@chir.rs; sp=reject; adkim=s; aspf=s"))
2022-01-30 18:36:12 +01:00
];
_domainkey.subdomains.mail.TXT = [
(ttl zoneTTL (txt "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDTZvuDWFmZOOMr9pogMK5lFBjV3nRAjUpFv3o0d4KhbRW/zVrOOdfdt83F6zSLzUqrxSOG3uKVG+J0KR4kX4BbYflSLZ++y91C0Uu5d+o3A8Y/z2vUSe5YVt44IaDQoPCCpuWEYyqKIEaKGXNFPvlsO6y551biM3raNjq5kEpb3wIDAQAB"))
2022-01-30 18:36:12 +01:00
];
2024-01-07 10:20:15 +01:00
_domainkey.subdomains.zmail.TXT = [
(ttl zoneTTL (txt "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCYVA1GcJ+JSl/Qv3hHtnge+FwAMn0+4KXWH3Ut4Ma6li3jT3ibO3d7sk7D4jmqwSQH+vCh/HC7+0PI8PYM9TQIecVwdwBF/29yMpiyVDyEc8ppRfU5KeYJsPxSAS/quFHy3M24qfckXb5aor6aI0mOtq8Bvh+v+69CpJUGSkNLUQIDAQAB"))
];
2022-01-30 18:36:12 +01:00
_keybase.TXT = [
(ttl zoneTTL (txt "keybase-site-verification=r044cwg0wOTW-ws35BA5MMRLNwjdTNJ4uOu6kgdTopI"))
];
2022-12-06 14:15:15 +01:00
2022-06-12 16:39:15 +01:00
www = createZone {};
api = createZone {};
git = createZone {};
mail = createZone {};
mc = createZone oracleBase;
2022-06-12 16:39:15 +01:00
ns1 = createZone {};
ns2 = createZone {};
2022-12-14 18:02:17 +01:00
ns3 = createZone oracleBase;
ns4 = createZone oracleBase;
2022-06-12 16:39:15 +01:00
hydra = createZone {};
mastodon = createZone {};
2022-11-28 11:09:25 +01:00
mastodon-assets.CNAME = [
2022-11-28 12:31:04 +01:00
"assets-chir-rs.b-cdn.net."
2022-11-28 11:09:25 +01:00
];
2022-06-12 16:39:15 +01:00
matrix = createZone {};
2022-09-09 18:59:43 +01:00
akko = createZone {};
2022-11-27 10:43:23 +01:00
peertube = createZone {};
2022-12-06 14:15:15 +01:00
mediaproxy.CNAME = ["mediaproxy-chir-rs.b-cdn.net."];
2023-11-05 08:03:27 +01:00
cache.CNAME = ["cache-chir-rs.b-cdn.net."];
2023-12-31 18:03:29 +01:00
attic = createZone oracleBase;
2023-09-08 12:39:34 +01:00
lotte.CNAME = ["lotte-chir-rs.b-cdn.net."];
2023-08-02 18:26:18 +01:00
status = createZone oracleBase;
2023-08-12 12:09:10 +01:00
sliding-sync = createZone oracleBase;
2022-08-14 14:23:50 +01:00
2022-06-12 16:39:15 +01:00
int =
delegateTo [
"ns1.chir.rs."
"ns2.chir.rs."
2022-12-14 18:02:17 +01:00
"ns3.chir.rs."
"ns4.chir.rs."
"ns1.darkkirb.de."
"ns2.darkkirb.de."
2022-06-12 16:39:15 +01:00
]
// {
DS = [
{
keyTag = 35133;
algorithm = "ecdsap256sha256";
digestType = "sha-256";
digest = "668D4621260ADD9CE5B272A84ADE20E92FC43CBC59893A5843FA8ED8A356DB2B";
}
];
};
2022-02-08 22:01:33 +01:00
_acme-challenge = delegateTo [
2022-03-23 09:39:08 +01:00
"ns1.chir.rs."
"ns2.chir.rs."
2022-02-08 22:01:33 +01:00
];
2022-01-30 18:36:12 +01:00
};
2022-01-23 19:22:44 +01:00
};
in
2022-06-12 16:39:15 +01:00
zone