install/logical/friot/nsd/commonsoft.nix

   1 {pkgs, lib, config, ...}:
   2 let inherit (builtins) toString toPath readFile;
   3     inherit (config) networking;
   4     inherit (config.services) nsd;
   5     serial = zone: toString (builtins.extraBuiltins.git ./. [ "log" "-1" "--format=%ct" "--" (zone + ".nix") ]);
   6     /*
   7     serial = file: lib.removeSuffix "\n" (readFile
   8       (pkgs.runCommand "zone-serial"
   9         { buildInputs      = [ pkgs.git ];
  10           buildDepends     = [ (toPath ./. + file) ];
  11           preferLocalBuild = true;
  12           allowSubstitutes = false;
  13         } ''
  14         cd ${toPath ./.}
  15         ${pkgs.git}/bin/git log -1 --format="%ct" -- ${file} >$out
  16       ''));
  17     */
  18     ipv4 = networking.zones.net.ipv4;
  19     commonZone = ''
  20       ; A (DNS -> IPv4)
  21       @                   A ${ipv4}
  22       autoconfig          A ${ipv4}
  23       git                 A ${ipv4}
  24       imap                A ${ipv4}
  25       mail                A ${ipv4}
  26       ns                  A ${ipv4}
  27       pop                 A ${ipv4}
  28       redmine             A ${ipv4}
  29       smtp                A ${ipv4}
  30       submission          A ${ipv4}
  31       www                 A ${ipv4}
  32
  33       ; SPF (Sender Policy Framework)
  34       @ 3600 IN SPF "v=spf1 mx ip4:${ipv4} -all"
  35       @ 3600 IN TXT "v=spf1 mx ip4:${ipv4} -all"
  36
  37       ; MX (Mail eXchange)
  38       @ 180 MX 5 ${ipv4}
  39
  40       ; SRV (SeRVice)
  41       _git._tcp.git 18000 IN SRV 0 0 9418 git
  42     '';
  43 in
  44 {
  45   config = {
  46     services.nsd = {
  47       zones = {
  48         # NOTE: cannot use networking.domain as attr key: infinite recursion
  49         "commonsoft.org" = {
  50           data = ''
  51             $ORIGIN ${networking.domainBase}.org.
  52             $TTL    86400
  53
  54             ; SOA (Start Of Authority)
  55             @ SOA ns admin (
  56               ${serial networking.domainBase} ; Serial number
  57               1d      ; Refresh
  58               15m     ; Retry
  59               2592000 ; Expire
  60               1d      ; TTL (Time To Live) minimum
  61             )
  62
  63             ; NS (Name Server)
  64             @ NS ns
  65             ;@ NS ns6.gandi.net.
  66           '' + commonZone;
  67           };
  68         "commonsoft.coop" = {
  69           data = ''
  70             $ORIGIN ${networking.domainBase}.coop.
  71             $TTL    86400
  72
  73             ; SOA (Start Of Authority)
  74             @ SOA ns admin (
  75               ${serial networking.domainBase} ; Serial number
  76               1d      ; Refresh
  77               15m     ; Retry
  78               2592000 ; Expire
  79               1d      ; TTL (Time To Live) minimum
  80             )
  81
  82             ; NS (Name Server)
  83             @ NS ns
  84             ;@ NS ns6.gandi.net.
  85           '' + commonZone;
  86           };
  87         "commonsoft.net" = {
  88           data = ''
  89             $ORIGIN ${networking.domainBase}.net.
  90             $TTL    86400
  91
  92             ; SOA (Start Of Authority)
  93             @ SOA ns admin (
  94               ${serial networking.domainBase} ; Serial number
  95               1d      ; Refresh
  96               15m     ; Retry
  97               2592000 ; Expire
  98               1d      ; TTL (Time To Live) minimum
  99             )
 100
 101             ; NS (Name Server)
 102             @ NS ns
 103             ;@ NS ns6.gandi.net.
 104           '' + commonZone;
 105           };
 106       };
 107     };
 108   };
 109 }