nixos-config/zones/int.chir.rs.nix
Charlotte 🦝 Delenk 0d6207ab72
All checks were successful
Hydra devShell.x86_64-linux Hydra build #17608 of nixos-config:pr594:devShell.x86_64-linux
Hydra thinkrac.x86_64-linux Hydra build #17724 of nixos-config:pr594:thinkrac.x86_64-linux
Hydra packages.aarch64-linux.miifox-net Hydra build #17642 of nixos-config:pr594:packages.aarch64-linux.miifox-net
Hydra packages.x86_64-linux.plover-plugin-python-dictionary Hydra build #17710 of nixos-config:pr594:packages.x86_64-linux.plover-plugin-python-dictionary
Hydra packages.aarch64-linux.emoji-volpeon-vlpn Hydra build #17632 of nixos-config:pr594:packages.aarch64-linux.emoji-volpeon-vlpn
Hydra packages.aarch64-linux.plover-plugin-modal-dictionary Hydra build #17654 of nixos-config:pr594:packages.aarch64-linux.plover-plugin-modal-dictionary
Hydra packages.aarch64-linux.papermc Hydra build #17645 of nixos-config:pr594:packages.aarch64-linux.papermc
Hydra packages.aarch64-linux.fairfax Hydra build #17633 of nixos-config:pr594:packages.aarch64-linux.fairfax
Hydra packages.x86_64-linux.plover-plugin-modal-dictionary Hydra build #17709 of nixos-config:pr594:packages.x86_64-linux.plover-plugin-modal-dictionary
Hydra packages.x86_64-linux.emoji-volpeon-vlpn Hydra build #17687 of nixos-config:pr594:packages.x86_64-linux.emoji-volpeon-vlpn
Hydra packages.aarch64-linux.asar-asm Hydra build #17614 of nixos-config:pr594:packages.aarch64-linux.asar-asm
Hydra packages.aarch64-linux.emoji-volpeon-bunhd Hydra build #17623 of nixos-config:pr594:packages.aarch64-linux.emoji-volpeon-bunhd
Hydra packages.x86_64-linux.kreative-square Hydra build #17690 of nixos-config:pr594:packages.x86_64-linux.kreative-square
Hydra packages.aarch64-linux.plover-plugin-dotool-output Hydra build #17649 of nixos-config:pr594:packages.aarch64-linux.plover-plugin-dotool-output
Hydra packages.aarch64-linux.emoji-raccoon Hydra build #17619 of nixos-config:pr594:packages.aarch64-linux.emoji-raccoon
Hydra packages.x86_64-linux.emoji-volpeon-bunhd Hydra build #17678 of nixos-config:pr594:packages.x86_64-linux.emoji-volpeon-bunhd
Hydra packages.aarch64-linux.emoji-volpeon-neocat Hydra build #17629 of nixos-config:pr594:packages.aarch64-linux.emoji-volpeon-neocat
Hydra packages.aarch64-linux.emoji-volpeon-bunhd-flip Hydra build #17624 of nixos-config:pr594:packages.aarch64-linux.emoji-volpeon-bunhd-flip
Hydra packages.x86_64-linux.emoji-volpeon-floof Hydra build #17681 of nixos-config:pr594:packages.x86_64-linux.emoji-volpeon-floof
Hydra packages.x86_64-linux.plover-plugin-emoji Hydra build #17705 of nixos-config:pr594:packages.x86_64-linux.plover-plugin-emoji
Hydra packages.aarch64-linux.python-plover-stroke Hydra build #17663 of nixos-config:pr594:packages.aarch64-linux.python-plover-stroke
Hydra packages.x86_64-linux.emoji-lotte Hydra build #17673 of nixos-config:pr594:packages.x86_64-linux.emoji-lotte
Hydra packages.aarch64-linux.plover-plugin-yaml-dictionary Hydra build #17660 of nixos-config:pr594:packages.aarch64-linux.plover-plugin-yaml-dictionary
Hydra packages.x86_64-linux.plover-plugin-rkb1-hid Hydra build #17711 of nixos-config:pr594:packages.x86_64-linux.plover-plugin-rkb1-hid
Hydra packages.x86_64-linux.plover-plugin-machine-hid Hydra build #17708 of nixos-config:pr594:packages.x86_64-linux.plover-plugin-machine-hid
Hydra packages.aarch64-linux.python-simplefuzzyset Hydra build #17665 of nixos-config:pr594:packages.aarch64-linux.python-simplefuzzyset
Hydra packages.aarch64-linux.plover-plugin-lapwing-aio Hydra build #17651 of nixos-config:pr594:packages.aarch64-linux.plover-plugin-lapwing-aio
Hydra packages.aarch64-linux.mautrix-telegram Hydra build #17640 of nixos-config:pr594:packages.aarch64-linux.mautrix-telegram
Hydra packages.x86_64-linux.matrix-media-repo Hydra build #17692 of nixos-config:pr594:packages.x86_64-linux.matrix-media-repo
Hydra packages.x86_64-linux.plover-dict-didoesdigital Hydra build #17702 of nixos-config:pr594:packages.x86_64-linux.plover-dict-didoesdigital
Hydra packages.x86_64-linux.mautrix-whatsapp Hydra build #17696 of nixos-config:pr594:packages.x86_64-linux.mautrix-whatsapp
Hydra packages.aarch64-linux.plover-plugin-emoji Hydra build #17650 of nixos-config:pr594:packages.aarch64-linux.plover-plugin-emoji
Hydra packages.x86_64-linux.python-rtf-tokenize Hydra build #17719 of nixos-config:pr594:packages.x86_64-linux.python-rtf-tokenize
Hydra packages.x86_64-linux.plover-plugin-dict-commands Hydra build #17703 of nixos-config:pr594:packages.x86_64-linux.plover-plugin-dict-commands
Hydra packages.aarch64-linux.emoji-volpeon-raccoon Hydra build #17631 of nixos-config:pr594:packages.aarch64-linux.emoji-volpeon-raccoon
Hydra packages.aarch64-linux.emoji-rosaflags Hydra build #17620 of nixos-config:pr594:packages.aarch64-linux.emoji-rosaflags
Hydra packages.x86_64-linux.emoji-volpeon-blobfox Hydra build #17676 of nixos-config:pr594:packages.x86_64-linux.emoji-volpeon-blobfox
Hydra packages.aarch64-linux.fairfax-hd Hydra build #17634 of nixos-config:pr594:packages.aarch64-linux.fairfax-hd
Hydra rainbow-resort.x86_64-linux Hydra build #17723 of nixos-config:pr594:rainbow-resort.x86_64-linux
Hydra packages.x86_64-linux.plover-plugin-stitching Hydra build #17713 of nixos-config:pr594:packages.x86_64-linux.plover-plugin-stitching
Hydra packages.aarch64-linux.emoji-caro Hydra build #17617 of nixos-config:pr594:packages.aarch64-linux.emoji-caro
Hydra packages.x86_64-linux.nasin-nanpa Hydra build #17698 of nixos-config:pr594:packages.x86_64-linux.nasin-nanpa
Hydra installer.x86_64-linux Hydra build #17609 of nixos-config:pr594:installer.x86_64-linux
Hydra nas.x86_64-linux Hydra build #17611 of nixos-config:pr594:nas.x86_64-linux
Hydra packages.aarch64-linux.plover-plugin-tapey-tape Hydra build #17659 of nixos-config:pr594:packages.aarch64-linux.plover-plugin-tapey-tape
Hydra packages.x86_64-linux.mautrix-slack Hydra build #17694 of nixos-config:pr594:packages.x86_64-linux.mautrix-slack
Hydra packages.x86_64-linux.mautrix-telegram Hydra build #17695 of nixos-config:pr594:packages.x86_64-linux.mautrix-telegram
Hydra packages.x86_64-linux.miifox-net Hydra build #17697 of nixos-config:pr594:packages.x86_64-linux.miifox-net
Hydra packages.aarch64-linux.emoji-volpeon-blobfox-flip Hydra build #17622 of nixos-config:pr594:packages.aarch64-linux.emoji-volpeon-blobfox-flip
Hydra packages.aarch64-linux.emoji-volpeon-floof Hydra build #17626 of nixos-config:pr594:packages.aarch64-linux.emoji-volpeon-floof
Hydra packages.x86_64-linux.emoji-raccoon Hydra build #17674 of nixos-config:pr594:packages.x86_64-linux.emoji-raccoon
Hydra packages.x86_64-linux.emoji-volpeon-gphn Hydra build #17683 of nixos-config:pr594:packages.x86_64-linux.emoji-volpeon-gphn
Hydra packages.x86_64-linux.python-plover-stroke Hydra build #17718 of nixos-config:pr594:packages.x86_64-linux.python-plover-stroke
Hydra packages.x86_64-linux.python-mautrix Hydra build #17717 of nixos-config:pr594:packages.x86_64-linux.python-mautrix
Hydra packages.aarch64-linux.emoji-volpeon-neofox Hydra build #17630 of nixos-config:pr594:packages.aarch64-linux.emoji-volpeon-neofox
Hydra packages.aarch64-linux.python-mautrix Hydra build #17662 of nixos-config:pr594:packages.aarch64-linux.python-mautrix
Hydra packages.x86_64-linux.fairfax Hydra build #17688 of nixos-config:pr594:packages.x86_64-linux.fairfax
Hydra packages.x86_64-linux.emoji-volpeon-bunhd-flip Hydra build #17679 of nixos-config:pr594:packages.x86_64-linux.emoji-volpeon-bunhd-flip
Hydra packages.x86_64-linux.papermc Hydra build #17700 of nixos-config:pr594:packages.x86_64-linux.papermc
Hydra packages.aarch64-linux.emoji-volpeon-fox Hydra build #17627 of nixos-config:pr594:packages.aarch64-linux.emoji-volpeon-fox
Hydra packages.x86_64-linux.emoji-volpeon-blobfox-flip Hydra build #17677 of nixos-config:pr594:packages.x86_64-linux.emoji-volpeon-blobfox-flip
Hydra packages.aarch64-linux.mautrix-whatsapp Hydra build #17641 of nixos-config:pr594:packages.aarch64-linux.mautrix-whatsapp
Hydra packages.x86_64-linux.emoji-volpeon-neofox Hydra build #17685 of nixos-config:pr594:packages.x86_64-linux.emoji-volpeon-neofox
Hydra packages.aarch64-linux.plover-plugin-stenotype-extended Hydra build #17657 of nixos-config:pr594:packages.aarch64-linux.plover-plugin-stenotype-extended
Hydra packages.aarch64-linux.alco-sans Hydra build #17613 of nixos-config:pr594:packages.aarch64-linux.alco-sans
Hydra packages.x86_64-linux.plover-plugin-last-translation Hydra build #17707 of nixos-config:pr594:packages.x86_64-linux.plover-plugin-last-translation
Hydra packages.x86_64-linux.plover Hydra build #17701 of nixos-config:pr594:packages.x86_64-linux.plover
Hydra packages.aarch64-linux.plover-plugin-stitching Hydra build #17658 of nixos-config:pr594:packages.aarch64-linux.plover-plugin-stitching
Hydra packages.x86_64-linux.fairfax-hd Hydra build #17689 of nixos-config:pr594:packages.x86_64-linux.fairfax-hd
Hydra packages.x86_64-linux.mautrix-discord Hydra build #17693 of nixos-config:pr594:packages.x86_64-linux.mautrix-discord
Hydra packages.aarch64-linux.plover-plugin-rkb1-hid Hydra build #17656 of nixos-config:pr594:packages.aarch64-linux.plover-plugin-rkb1-hid
Hydra packages.x86_64-linux.python-simplefuzzyset Hydra build #17720 of nixos-config:pr594:packages.x86_64-linux.python-simplefuzzyset
Hydra packages.aarch64-linux.python-rtf-tokenize Hydra build #17664 of nixos-config:pr594:packages.aarch64-linux.python-rtf-tokenize
Hydra packages.x86_64-linux.asar-asm Hydra build #17669 of nixos-config:pr594:packages.x86_64-linux.asar-asm
Hydra packages.x86_64-linux.emoji-volpeon-raccoon Hydra build #17686 of nixos-config:pr594:packages.x86_64-linux.emoji-volpeon-raccoon
Hydra packages.aarch64-linux.plover-dict-didoesdigital Hydra build #17647 of nixos-config:pr594:packages.aarch64-linux.plover-dict-didoesdigital
Hydra packages.aarch64-linux.matrix-media-repo Hydra build #17637 of nixos-config:pr594:packages.aarch64-linux.matrix-media-repo
Hydra packages.x86_64-linux.constructium Hydra build #17671 of nixos-config:pr594:packages.x86_64-linux.constructium
Hydra packages.x86_64-linux.emoji-caro Hydra build #17672 of nixos-config:pr594:packages.x86_64-linux.emoji-caro
Hydra packages.aarch64-linux.nasin-nanpa Hydra build #17643 of nixos-config:pr594:packages.aarch64-linux.nasin-nanpa
Hydra packages.aarch64-linux.plover-plugin-last-translation Hydra build #17652 of nixos-config:pr594:packages.aarch64-linux.plover-plugin-last-translation
Hydra packages.x86_64-linux.lotte-art Hydra build #17691 of nixos-config:pr594:packages.x86_64-linux.lotte-art
Hydra packages.x86_64-linux.plover-plugin-tapey-tape Hydra build #17714 of nixos-config:pr594:packages.x86_64-linux.plover-plugin-tapey-tape
Hydra packages.x86_64-linux.python-tulir-telethon Hydra build #17721 of nixos-config:pr594:packages.x86_64-linux.python-tulir-telethon
Hydra packages.aarch64-linux.bsnes-plus Hydra build #17615 of nixos-config:pr594:packages.aarch64-linux.bsnes-plus
Hydra packages.x86_64-linux.emoji-rosaflags Hydra build #17675 of nixos-config:pr594:packages.x86_64-linux.emoji-rosaflags
Hydra packages.x86_64-linux.old-homepage Hydra build #17699 of nixos-config:pr594:packages.x86_64-linux.old-homepage
Hydra packages.aarch64-linux.emoji-volpeon-drgn Hydra build #17625 of nixos-config:pr594:packages.aarch64-linux.emoji-volpeon-drgn
Hydra packages.x86_64-linux.plover-plugin-stenotype-extended Hydra build #17712 of nixos-config:pr594:packages.x86_64-linux.plover-plugin-stenotype-extended
Hydra packages.aarch64-linux.emoji-volpeon-blobfox Hydra build #17621 of nixos-config:pr594:packages.aarch64-linux.emoji-volpeon-blobfox
Hydra packages.aarch64-linux.emoji-lotte Hydra build #17618 of nixos-config:pr594:packages.aarch64-linux.emoji-lotte
Hydra packages.x86_64-linux.yiffstash Hydra build #17722 of nixos-config:pr594:packages.x86_64-linux.yiffstash
Hydra packages.x86_64-linux.alco-sans Hydra build #17668 of nixos-config:pr594:packages.x86_64-linux.alco-sans
Hydra packages.aarch64-linux.plover Hydra build #17646 of nixos-config:pr594:packages.aarch64-linux.plover
Hydra packages.aarch64-linux.mautrix-discord Hydra build #17638 of nixos-config:pr594:packages.aarch64-linux.mautrix-discord
Hydra packages.aarch64-linux.lotte-art Hydra build #17636 of nixos-config:pr594:packages.aarch64-linux.lotte-art
Hydra packages.x86_64-linux.emoji-volpeon-drgn Hydra build #17680 of nixos-config:pr594:packages.x86_64-linux.emoji-volpeon-drgn
Hydra packages.aarch64-linux.mautrix-slack Hydra build #17639 of nixos-config:pr594:packages.aarch64-linux.mautrix-slack
Hydra packages.x86_64-linux.plover-plugin-yaml-dictionary Hydra build #17715 of nixos-config:pr594:packages.x86_64-linux.plover-plugin-yaml-dictionary
Hydra packages.aarch64-linux.constructium Hydra build #17616 of nixos-config:pr594:packages.aarch64-linux.constructium
Hydra packages.aarch64-linux.old-homepage Hydra build #17644 of nixos-config:pr594:packages.aarch64-linux.old-homepage
Hydra packages.x86_64-linux.bsnes-plus Hydra build #17670 of nixos-config:pr594:packages.x86_64-linux.bsnes-plus
Hydra packages.aarch64-linux.plover-plugin-dict-commands Hydra build #17648 of nixos-config:pr594:packages.aarch64-linux.plover-plugin-dict-commands
Hydra nixos-8gb-fsn1-1.x86_64-linux Hydra build #17727 of nixos-config:pr594:nixos-8gb-fsn1-1.x86_64-linux
Hydra instance-20221213-1915.aarch64-linux Hydra build #17726 of nixos-config:pr594:instance-20221213-1915.aarch64-linux
remove darkkirb.de delegations
2024-10-19 08:14:05 +02:00

245 lines
6.5 KiB
Nix

{
dns,
zoneTTL ? 3600,
}:
with dns.lib.combinators; let
inherit (builtins) hasAttr;
merge = a: b:
(a // b)
// (
if ((hasAttr "subdomains" a) && (hasAttr "subdomains" b))
then {subdomains = a.subdomains // b.subdomains;}
else {}
);
in {
SOA = {
nameServer = "ns1.chir.rs.";
adminEmail = "lotte@chir.rs";
serial = 39;
};
NS = [
"ns1.chir.rs."
"ns2.chir.rs."
"ns3.chir.rs."
"ns4.chir.rs."
];
DNSKEY = [
{
flags.zoneSigningKey = true;
flags.secureEntryPoint = true;
algorithm = "ecdsap256sha256";
publicKey = "wB3TYl1UNG1f2p04/ExhCOib2iJD3mNo3F9vrwIBIP0kA94Z5xUVFQUMbSYrUIjA7/oNs/Degpo2RWFwnzFf2A==";
ttl = zoneTTL;
}
{
flags.zoneSigningKey = true;
algorithm = "ecdsap256sha256";
publicKey = "KdE0BQY5RqcHSYo9pgpjVAR1FAtaaF9elTzRhSE1dNKtVaMMhF5JA5s/tYVk1eY7JtiYVAOQkJsUduGTBOosDg==";
ttl = zoneTTL;
}
];
subdomains = {
gateway = {
A = [
(ttl zoneTTL (a "10.0.0.1"))
];
AAAA = [
(ttl zoneTTL (aaaa "fd00:e621:e621::1"))
];
};
nixos-8gb-fsn1-1 = {
A = [
(ttl zoneTTL (a "100.119.226.33"))
];
AAAA = [
(ttl zoneTTL (aaaa "fd7a:115c:a1e0:ab12:4843:cd96:6277:e221"))
];
SSHFP = [
{
algorithm = "rsa";
mode = "sha1";
fingerprint = "97b910c37194cd98e7edca2d68104f4531721c22";
ttl = zoneTTL;
}
{
algorithm = "rsa";
mode = "sha256";
fingerprint = "7915470f9275116889d5ca1fdbea20416d8372636c3d63653b272308608cf70f";
ttl = zoneTTL;
}
{
algorithm = "ed25519";
mode = "sha1";
fingerprint = "1aff467e745a8d68ba032dd3d54597e10d31ccf8";
ttl = zoneTTL;
}
{
algorithm = "ed25519";
mode = "sha256";
fingerprint = "e6dcdb73dc381ee2b354528cdaf8552364e75c34316d7e0c9819801daea5c951";
ttl = zoneTTL;
}
];
/*
subdomains = {
_tcp.subdomains."*".TLSA = [
{
certUsage = "dane-ee";
selector = "spki";
match = "sha256";
certificate = "0b85bd8fd152ed8b29a25e7fd69c083138a7bd35d79aea62c111efcf17ede23f";
ttl = zoneTTL;
}
];
_udp.subdomains."*".TLSA = [
{
certUsage = "dane-ee";
selector = "spki";
match = "sha256";
certificate = "0b85bd8fd152ed8b29a25e7fd69c083138a7bd35d79aea62c111efcf17ede23f";
ttl = zoneTTL;
}
];
};
*/
HTTPS = [
{
svcPriority = 1;
targetName = ".";
alpn = ["http/1.1" "h2" "h3"];
ipv4hint = ["100.119.226.33"];
ipv6hint = ["fd7a:115c:a1e0:ab12:4843:cd96:6277:e221"];
ttl = zoneTTL;
}
];
CAA = [
{
issuerCritical = false;
tag = "issue";
value = "letsencrypt.org";
ttl = zoneTTL;
}
{
issuerCritical = false;
tag = "issuewild";
value = "letsencrypt.org";
ttl = zoneTTL;
}
{
issuerCritical = false;
tag = "iodef";
value = "mailto:lotte@chir.rs";
ttl = zoneTTL;
}
];
};
thinkrac = {
A = [(ttl zoneTTL (a "100.95.136.81"))];
AAAA = [
(ttl zoneTTL (aaaa "fd7a:115c:a1e0::63df:8851"))
];
};
nas = {
A = [(ttl zoneTTL (a "100.97.198.107"))];
AAAA = [
(ttl zoneTTL (aaaa "fd7a:115c:a1e0::2401:c66b"))
];
SSHFP = [
{
algorithm = "rsa";
mode = "sha1";
fingerprint = "13e1173d96b822c98a7b3cd47be2e830f7758671";
ttl = zoneTTL;
}
{
algorithm = "rsa";
mode = "sha256";
fingerprint = "2e87a3fd00918e4f1e47d3b14b59e846ee016a0d3269cb2524c8d28b121e130e";
ttl = zoneTTL;
}
{
algorithm = "ed25519";
mode = "sha1";
fingerprint = "d1df2d244980a5e4dde37eed678b59a2239ca2ac";
ttl = zoneTTL;
}
{
algorithm = "ed25519";
mode = "sha256";
fingerprint = "33d6c993ee3789fb6a2e60c243da7095eb79ce8e522b087f8a31ea400d7b034e";
ttl = zoneTTL;
}
];
# TODO: add TLSA
HTTPS = [
{
svcPriority = 1;
targetName = ".";
alpn = ["http/1.1" "h2" "h3"];
ipv4hint = ["100.99.129.7"];
ipv6hint = ["fd7a:115c:a1e0:ab12:4843:cd96:6263:8107"];
ttl = zoneTTL;
}
];
CAA = [
{
issuerCritical = false;
tag = "issue";
value = "letsencrypt.org";
ttl = zoneTTL;
}
{
issuerCritical = false;
tag = "issuewild";
value = "letsencrypt.org";
ttl = zoneTTL;
}
{
issuerCritical = false;
tag = "iodef";
value = "mailto:lotte@chir.rs";
ttl = zoneTTL;
}
];
};
instance-20221213-1915 = {
A = [(ttl zoneTTL (a "100.99.173.107"))];
AAAA = [
(ttl zoneTTL (aaaa "fd7a:115c:a1e0:ab12:4843:cd96:6263:ad6b"))
];
};
vf2 = {
A = [(ttl zoneTTL (a "100.80.150.39"))];
AAAA = [
(ttl zoneTTL (aaaa "fd7a:115c:a1e0::5a01:9627"))
];
};
rainbow-resort = {
A = [(ttl zoneTTL (a "100.115.217.35"))];
AAAA = [
(ttl zoneTTL (aaaa "fd7a:115c:a1e0::4601:d923"))
];
};
grafana.CNAME = [(ttl zoneTTL (cname "nixos-8gb-fsn1-1"))];
minio.CNAME = [(ttl zoneTTL (cname "nixos-8gb-fsn1-1"))];
minio-console.CNAME = [(ttl zoneTTL (cname "nixos-8gb-fsn1-1"))];
backup.CNAME = [(ttl zoneTTL (cname "nas"))];
hydra.CNAME = [(ttl zoneTTL (cname "nas"))];
mastodon.CNAME = [(ttl zoneTTL (cname "nas"))];
matrix.CNAME = [(ttl zoneTTL (cname "nas"))];
rspamd.CNAME = [(ttl zoneTTL (cname "nixos-8gb-fsn1-1"))];
moa.CNAME = [(ttl zoneTTL (cname "nas"))];
matrix-admin.CNAME = [(ttl zoneTTL (cname "nas"))];
mautrix-discord.CNAME = [(ttl zoneTTL (cname "nas"))];
mautrix-signal.CNAME = [(ttl zoneTTL (cname "nas"))];
mautrix-telegram.CNAME = [(ttl zoneTTL (cname "nas"))];
mautrix-whatsapp.CNAME = [(ttl zoneTTL (cname "nas"))];
weblate.CNAME = [(ttl zoneTTL (cname "nas"))];
jellyfin.CNAME = [(ttl zoneTTL (cname "nas"))];
_acme-challenge = delegateTo [
"ns1.chir.rs."
"ns2.chir.rs."
];
};
}