]> Git — Sourcephile - sourcephile-nix.git/blob - servers/mermet/nsd/autogeree.net.nix
direnv: use flock
[sourcephile-nix.git] / servers / mermet / nsd / autogeree.net.nix
1 { pkgs, lib, config, ... }:
2 with builtins;
3 let
4 inherit (builtins.extraBuiltins) pass git;
5 inherit (lib) toInt;
6 inherit (pkgs.lib) unlinesAttrs types;
7 inherit (config) networking;
8 inherit (config.services) nsd rspamd;
9 # Use the Git commit time of the ${domain}.nix file to set the serial number.
10 # WARNING: the ${domain}.nix must be committed into Git for this to work.
11 serial = domain: toString (git ./. [ "log" "-1" "--format=%ct" "--" (domain + ".nix") ]);
12 # FIXME: make dedicated config options
13 mermetIPv4 = "80.67.180.129";
14 chomskyIPv4 = "91.216.110.36";
15 domain = "autogeree.net";
16 in
17 {
18 services.nsd.zones."${domain}" = {
19 # DOC: https://docs.gandi.net/en/domain_names/advanced_users/secondary_nameserver.html
20 # DOC: https://www.sidn.nl/en/dnssec/dnssec-signatures-in-bind-named
21 provideXFR = [ "217.70.177.40 NOKEY" ];
22 # Not allowed by 217.70.177.40
23 #notify = [ "217.70.177.40 NOKEY" ];
24 dnssec = false;
25 # TODO: increase the TTL once things have settled down
26 data = ''
27 $ORIGIN ${domain}.
28 $TTL 500
29
30 ; SOA (Start Of Authority)
31 @ SOA ns admin (
32 ${toString (toInt (serial domain) - 1581021859 + 2016043001)} ; Serial number
33 24h ; Refresh
34 15m ; Retry
35 1000h ; Expire (1000h)
36 1d ; Negative caching
37 )
38
39 ; NS (Name Server)
40 @ NS ns
41 @ NS ns6.gandi.net.
42
43 ; A (DNS -> IPv4)
44 @ A ${mermetIPv4}
45 chomsky A ${chomskyIPv4}
46 mermet A ${mermetIPv4}
47
48 ; CNAME
49 autoconfig CNAME mermet
50 code CNAME mermet
51 git CNAME mermet
52 imap CNAME mermet
53 mail CNAME mermet
54 ns CNAME mermet
55 pop CNAME mermet
56 smtp CNAME mermet
57 submission CNAME mermet
58 www CNAME mermet
59
60 ; SPF (Sender Policy Framework)
61 @ 3600 IN SPF "v=spf1 mx ip4:${mermetIPv4} -all"
62 @ 3600 IN TXT "v=spf1 mx ip4:${mermetIPv4} -all"
63
64 ; MX (Mail eXchange)
65 @ 180 MX 5 mail
66
67 ; SRV (SeRVice)
68 _git._tcp.git 18000 IN SRV 0 0 9418 git
69 '';
70 };
71 }