zones: add rebmit.moe and rebmit.link

2024-12-15 22:33:35 +08:00 · 2024-12-15 22:33:35 +08:00 · 8867350ace
parent 13f4ae9ccd
commit 8867350ace
5 changed files with 106 additions and 0 deletions
--- a/flake.lock
+++ b/flake.lock
@ -63,6 +63,29 @@
        "type": "github"
      }
    },
+    "dns": {
+      "inputs": {
+        "flake-utils": [
+          "flake-utils"
+        ],
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1716554081,
+        "narHash": "sha256-N70c7NLGdp4zmKTEJa0zViJ8SRIN2OFi22cxN7NR1bk=",
+        "owner": "NickCao",
+        "repo": "dns.nix",
+        "rev": "cd98f05212793e9e8102fcb101748aa135a719b3",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NickCao",
+        "repo": "dns.nix",
+        "type": "github"
+      }
+    },
    "flake-compat": {
      "flake": false,
      "locked": {
@ -395,6 +418,7 @@
          "devshell"
        ],
        "disko": "disko",
+        "dns": "dns",
        "flake-compat": [
          "rebmit",
          "flake-compat"
--- a/flake.nix
+++ b/flake.nix
@ -69,6 +69,11 @@

    rebmit.url = "github:rebmit/nix-exprs";
    flake-utils.url = "github:numtide/flake-utils";
+    dns = {
+      url = "github:NickCao/dns.nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+      inputs.flake-utils.follows = "flake-utils";
+    };

    # misc

--- a/zones/common.nix
+++ b/zones/common.nix
@ -0,0 +1,24 @@
+let
+  data = builtins.fromJSON (builtins.readFile ./data.json);
+in
+rec {
+  TTL = 60;
+  SOA = {
+    nameServer = "${primary}.rebmit.link.";
+    adminEmail = "noc@rebmit.moe";
+    serial = 0;
+    refresh = 14400;
+    retry = 3600;
+    expire = 604800;
+    minimum = 300;
+  };
+  NS = map (name: "${name}.rebmit.link.") nameservers;
+
+  primary = "reisen-fra0";
+  secondary = [
+    "reisen-sea0"
+    "reisen-nrt0"
+  ];
+  nameservers = [ primary ] ++ secondary;
+  hosts = data.hosts;
+}
--- a/zones/rebmit.link.nix
+++ b/zones/rebmit.link.nix
@ -0,0 +1,25 @@
+{ dns, lib, ... }:
+with dns.lib.combinators;
+let
+  common = import ./common.nix;
+  hosts = lib.filterAttrs (_name: value: value.endpoints != [ ]) common.hosts;
+in
+dns.lib.toString "rebmit.link" {
+  inherit (common)
+    TTL
+    SOA
+    NS
+    ;
+  subdomains = builtins.mapAttrs (_name: value: {
+    A = value.endpoints_v4;
+    AAAA = value.endpoints_v6;
+    HTTPS = [
+      {
+        alpn = [
+          "h3"
+          "h2"
+        ];
+      }
+    ];
+  }) hosts;
+}
--- a/zones/rebmit.moe.nix
+++ b/zones/rebmit.moe.nix
@ -0,0 +1,28 @@
+{ dns, lib, ... }:
+with dns.lib.combinators;
+let
+  common = import ./common.nix;
+  inherit (common.hosts) suwako-vie0;
+in
+dns.lib.toString "rebmit.moe" {
+  inherit (common)
+    TTL
+    SOA
+    NS
+    ;
+  A = suwako-vie0.endpoints_v4;
+  AAAA = suwako-vie0.endpoints_v6;
+  HTTPS = [
+    {
+      alpn = [
+        "h3"
+        "h2"
+      ];
+    }
+  ];
+  subdomains = {
+    keycloak.CNAME = [ "suwako-vie0.rebmit.link." ];
+    matrix.CNAME = [ "suwako-vie0.rebmit.link." ];
+    ntfy.CNAME = [ "suwako-vie0.rebmit.link." ];
+  };
+}