]> Git — Sourcephile - sourcephile-nix.git/blob - install/logical/friot/nsd/commonsoft.coop.nix
sourcephile / git / sourcephile-nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
nsf: try to limit hardcoding.
[sourcephile-nix.git] / install / logical / friot / nsd / commonsoft.coop.nix
1 {pkgs, lib, config, ...}:
2 let inherit (builtins) toString toPath readFile;
3 inherit (config.services) nsd;
4 serial = zone: toString (builtins.extraBuiltins.git ./. [ "log" "-1" "--format=%ct" "--" (zone + ".nix") ]);
5 /*
6 serial = file: lib.removeSuffix "\n" (readFile
7 (pkgs.runCommand "zone-serial"
8 { buildInputs = [ pkgs.git ];
9 buildDepends = [ (toPath ./. + file) ];
10 preferLocalBuild = true;
11 allowSubstitutes = false;
12 } ''
13 cd ${toPath ./.}
14 ${pkgs.git}/bin/git log -1 --format="%ct" -- ${file} >$out
15 ''));
16 */
17 ipv4 = config.networking.zones.net.ipv4;
18 domain = config.networking.domain;
19 in
20 {
21 config = {
22 services.nsd = {
23 zones = {
24 # NOTE: cannot use domain as attr key: infinite recursion
25 "commonsoft.coop" = {
26 data = ''
27 $ORIGIN ${domain}.
28 $TTL 86400
29
30 ; SOA (Start Of Authority)
31 @ SOA ns admin (
32 ${serial domain} ; Serial number
33 1d ; Refresh
34 15m ; Retry
35 2592000 ; Expire
36 1d ; TTL (Time To Live) minimum
37 )
38
39 ; A (DNS -> IPv4)
40 @ A ${ipv4}
41 autoconfig A ${ipv4}
42 git A ${ipv4}
43 imap A ${ipv4}
44 mail A ${ipv4}
45 ns A ${ipv4}
46 pop A ${ipv4}
47 smtp A ${ipv4}
48 submission A ${ipv4}
49 www A ${ipv4}
50
51 ; SPF (Sender Policy Framework)
52 @ 3600 IN SPF "v=spf1 mx ip4:${ipv4} -all"
53 @ 3600 IN TXT "v=spf1 mx ip4:${ipv4} -all"
54
55 ; NS (Name Server)
56 @ NS ns
57 ;@ NS ns6.gandi.net.
58
59 ; MX (Mail eXchange)
60 @ 180 MX 5 ${ipv4}
61
62 ; SRV (SeRVice)
63 _git._tcp.git 18000 IN SRV 0 0 9418 git
64 '';
65 };
66 };
67 };
68 };
69 }
NixOS configurations for Sourcephile's infrastructure