From 2b9ebd8877b5ef3b32b49776bd4735f1165f2010 Mon Sep 17 00:00:00 2001 From: kat witch Date: Wed, 1 Sep 2021 22:35:07 +0100 Subject: [PATCH] DNS records cleanup --- config/modules/nixos/monitoring.nix | 4 +- config/profiles/base/network.nix | 2 +- config/services/filehost/default.nix | 4 +- config/services/fusionpbx/default.nix | 4 +- config/services/gitea/default.nix | 4 +- config/services/murmur/default.nix | 56 +++---- config/services/radicale/default.nix | 4 +- config/services/syncplay/default.nix | 4 +- config/services/vaultwarden/default.nix | 4 +- config/services/weechat/default.nix | 4 +- config/services/xmpp/default.nix | 147 ++++++++++--------- config/services/znc/default.nix | 4 +- config/targets/common/default.nix | 6 +- config/targets/home/default.nix | 4 +- config/targets/rinnosuke-domains/default.nix | 4 +- 15 files changed, 135 insertions(+), 120 deletions(-) diff --git a/config/modules/nixos/monitoring.nix b/config/modules/nixos/monitoring.nix index f38e65d2..dc7d2a66 100644 --- a/config/modules/nixos/monitoring.nix +++ b/config/modules/nixos/monitoring.nix @@ -135,9 +135,9 @@ in }; deploy.tf.dns.records.services_grafana = { - tld = config.network.dns.tld; + inherit (config.network.dns) zone; domain = "graph"; - cname.target = "${config.networking.hostName}.${config.network.dns.tld}"; + cname = { inherit (config.network.addresses.public) target; }; }; services.prometheus = { diff --git a/config/profiles/base/network.nix b/config/profiles/base/network.nix index 47c5839b..b603abc4 100644 --- a/config/profiles/base/network.nix +++ b/config/profiles/base/network.nix @@ -7,7 +7,7 @@ dns = { enable = mkDefault true; email = "acme@kittywit.ch"; - tld = "kittywit.ch."; + zone = "kittywit.ch."; }; }; } diff --git a/config/services/filehost/default.nix b/config/services/filehost/default.nix index b26d7719..48272777 100644 --- a/config/services/filehost/default.nix +++ b/config/services/filehost/default.nix @@ -10,8 +10,8 @@ }; deploy.tf.dns.records.services_filehost = { - tld = config.network.dns.tld; + inherit (config.network.dns) zone; domain = "files"; - cname.target = "${config.networking.hostName}.${config.network.dns.tld}"; + cname = { inherit (config.network.addresses.public) target; }; }; } diff --git a/config/services/fusionpbx/default.nix b/config/services/fusionpbx/default.nix index 47b946b3..bd751d16 100644 --- a/config/services/fusionpbx/default.nix +++ b/config/services/fusionpbx/default.nix @@ -2,9 +2,9 @@ { deploy.tf.dns.records.services_fusionpbx = { - tld = config.network.dns.tld; + inherit (config.network.dns) zone; domain = "pbx"; - cname.target = "${config.network.addresses.private.domain}."; + cname = { inherit (config.network.addresses.private) target; }; }; kw.secrets.variables = mapListToAttrs (field: diff --git a/config/services/gitea/default.nix b/config/services/gitea/default.nix index c903370d..27ccd6ca 100644 --- a/config/services/gitea/default.nix +++ b/config/services/gitea/default.nix @@ -104,8 +104,8 @@ }; deploy.tf.dns.records.services_gitea = { - tld = config.network.dns.tld; + inherit (config.network.dns) zone; domain = "git"; - cname.target = "${config.networking.hostName}.${config.network.dns.tld}"; + cname = { inherit (config.network.addresses.public) target; }; }; } diff --git a/config/services/murmur/default.nix b/config/services/murmur/default.nix index eae88df4..f78dddb4 100644 --- a/config/services/murmur/default.nix +++ b/config/services/murmur/default.nix @@ -107,35 +107,37 @@ in # DNS - deploy.tf.dns.records.services_murmur = { - tld = config.network.dns.tld; - domain = "voice"; - cname.target = "${config.networking.hostName}.${config.network.dns.tld}"; - }; - - deploy.tf.dns.records.services_murmur_tcp_srv = { - tld = config.network.dns.tld; - domain = "@"; - srv = { - service = "mumble"; - proto = "tcp"; - priority = 0; - weight = 5; - port = 64738; - target = "voice.${config.network.dns.tld}"; + deploy.tf.dns.records = { + services_murmur = { + inherit (config.network.dns) zone; + domain = "voice"; + cname = { inherit (config.network.addresses.public) target; }; }; - }; - deploy.tf.dns.records.services_murmur_udp_srv = { - tld = config.network.dns.tld; - domain = "@"; - srv = { - service = "mumble"; - proto = "udp"; - priority = 0; - weight = 5; - port = 64738; - target = "voice.${config.network.dns.tld}"; + services_murmur_tcp_srv = { + inherit (config.network.dns) zone; + domain = "@"; + srv = { + service = "mumble"; + proto = "tcp"; + priority = 0; + weight = 5; + port = 64738; + target = "voice.${config.network.dns.zone}"; + }; + }; + + services_murmur_udp_srv = { + inherit (config.network.dns) zone; + domain = "@"; + srv = { + service = "mumble"; + proto = "udp"; + priority = 0; + weight = 5; + port = 64738; + target = "voice.${config.network.dns.zone}"; + }; }; }; } diff --git a/config/services/radicale/default.nix b/config/services/radicale/default.nix index a7088d36..7d6ee836 100644 --- a/config/services/radicale/default.nix +++ b/config/services/radicale/default.nix @@ -36,8 +36,8 @@ with lib; }; deploy.tf.dns.records.services_radicale = { - tld = config.network.dns.tld; + inherit (config.network.dns) zone; domain = "cal"; - cname.target = "${config.networking.hostName}.${config.network.dns.tld}"; + cname = { inherit (config.network.addresses.public) target; }; }; } diff --git a/config/services/syncplay/default.nix b/config/services/syncplay/default.nix index a0088fec..f89e0e46 100644 --- a/config/services/syncplay/default.nix +++ b/config/services/syncplay/default.nix @@ -33,9 +33,9 @@ with lib; }; deploy.tf.dns.records.services_syncplay = { - tld = config.network.dns.tld; + inherit (config.network.dns) zone; domain = "sync"; - cname.target = "${config.networking.hostName}.${config.network.dns.tld}"; + cname = { inherit (config.network.addresses.public) target; }; }; secrets.files.syncplay-env = { diff --git a/config/services/vaultwarden/default.nix b/config/services/vaultwarden/default.nix index 1cbcb81d..2568afe0 100644 --- a/config/services/vaultwarden/default.nix +++ b/config/services/vaultwarden/default.nix @@ -53,8 +53,8 @@ }; deploy.tf.dns.records.services_vaultwarden = { - tld = config.network.dns.tld; + inherit (config.network.dns) zone; domain = "vault"; - cname.target = "${config.networking.hostName}.${config.network.dns.tld}"; + cname = { inherit (config.network.addresses.public) target; }; }; } diff --git a/config/services/weechat/default.nix b/config/services/weechat/default.nix index 767d75cd..e75fa0aa 100644 --- a/config/services/weechat/default.nix +++ b/config/services/weechat/default.nix @@ -14,8 +14,8 @@ }; deploy.tf.dns.records.services_weechat = { - tld = config.network.dns.tld; + inherit (config.network.dns) zone; domain = "irc"; - cname.target = "${config.networking.hostName}.${config.network.dns.tld}"; + cname = { inherit (config.network.addresses.public) target; }; }; } diff --git a/config/services/xmpp/default.nix b/config/services/xmpp/default.nix index 5ff2cb78..8069bd53 100644 --- a/config/services/xmpp/default.nix +++ b/config/services/xmpp/default.nix @@ -3,7 +3,16 @@ with lib; { - network.firewall.public.tcp.ports = [ 5000 5222 5223 5269 580 5281 5347 5582 ]; + network.firewall.public.tcp.ports = [ + 5000 + 5222 + 5223 + 5269 + 5280 + 5281 + 5347 + 5582 + ]; services.postgresql = { ensureDatabases = [ "prosody" ]; @@ -56,79 +65,81 @@ with lib; [ config.network.dns.domain "upload.${config.network.dns.domain}" "conference.${config.network.dns.domain}" ]; }; - deploy.tf.dns.records.services_prosody_xmpp = { - tld = config.network.dns.tld; - domain = "xmpp"; - a.address = config.network.addresses.public.nixos.ipv4.address; - }; - - deploy.tf.dns.records.services_prosody_xmpp_v6 = { - tld = config.network.dns.tld; - domain = "xmpp"; - aaaa.address = config.network.addresses.public.nixos.ipv6.address; - }; - - deploy.tf.dns.records.services_prosody_upload = { - tld = config.network.dns.tld; - domain = "upload"; - cname.target = "xmpp.${config.network.dns.tld}"; - }; - - deploy.tf.dns.records.services_prosody_conference = { - tld = config.network.dns.tld; - domain = "conference"; - cname.target = "xmpp.${config.network.dns.tld}"; - }; - - deploy.tf.dns.records.services_prosody_muc = { - tld = config.network.dns.tld; - domain = "conference"; - srv = { - service = "xmpp-server"; - proto = "tcp"; - priority = 0; - weight = 5; - port = 5269; - target = "xmpp.${config.network.dns.tld}"; + deploy.tf.dns.records = { + services_prosody_xmpp = { + inherit (config.network.dns) zone; + domain = "xmpp"; + a.address = config.network.addresses.public.nixos.ipv4.address; }; - }; - deploy.tf.dns.records.services_prosody_client_srv = { - tld = config.network.dns.tld; - domain = "@"; - srv = { - service = "xmpp-client"; - proto = "tcp"; - priority = 0; - weight = 5; - port = 5222; - target = "xmpp.${config.network.dns.tld}"; + services_prosody_xmpp_v6 = { + inherit (config.network.dns) zone; + domain = "xmpp"; + aaaa.address = config.network.addresses.public.nixos.ipv6.address; }; - }; - deploy.tf.dns.records.services_prosody_secure_client_srv = { - tld = config.network.dns.tld; - domain = "@"; - srv = { - service = "xmpps-client"; - proto = "tcp"; - priority = 0; - weight = 5; - port = 5223; - target = "xmpp.${config.network.dns.tld}"; + services_prosody_upload = { + inherit (config.network.dns) zone; + domain = "upload"; + cname.target = "xmpp.${config.network.dns.zone}"; }; - }; - deploy.tf.dns.records.services_prosody_server_srv = { - tld = config.network.dns.tld; - domain = "@"; - srv = { - service = "xmpp-server"; - proto = "tcp"; - priority = 0; - weight = 5; - port = 5269; - target = "xmpp.${config.network.dns.tld}"; + services_prosody_conference = { + inherit (config.network.dns) zone; + domain = "conference"; + cname.target = "xmpp.${config.network.dns.zone}"; + }; + + services_prosody_muc = { + inherit (config.network.dns) zone; + domain = "conference"; + srv = { + service = "xmpp-server"; + proto = "tcp"; + priority = 0; + weight = 5; + port = 5269; + target = "xmpp.${config.network.dns.zone}"; + }; + }; + + services_prosody_client_srv = { + inherit (config.network.dns) zone; + domain = "@"; + srv = { + service = "xmpp-client"; + proto = "tcp"; + priority = 0; + weight = 5; + port = 5222; + target = "xmpp.${config.network.dns.zone}"; + }; + }; + + services_prosody_secure_client_srv = { + inherit (config.network.dns) zone; + domain = "@"; + srv = { + service = "xmpps-client"; + proto = "tcp"; + priority = 0; + weight = 5; + port = 5223; + target = "xmpp.${config.network.dns.zone}"; + }; + }; + + services_prosody_server_srv = { + inherit (config.network.dns) zone; + domain = "@"; + srv = { + service = "xmpp-server"; + proto = "tcp"; + priority = 0; + weight = 5; + port = 5269; + target = "xmpp.${config.network.dns.zone}"; + }; }; }; diff --git a/config/services/znc/default.nix b/config/services/znc/default.nix index 28e29a69..60b91826 100644 --- a/config/services/znc/default.nix +++ b/config/services/znc/default.nix @@ -122,9 +122,9 @@ in }; deploy.tf.dns.records.services_znc = { - tld = config.network.dns.tld; + inherit (config.network.dns) zone; domain = "znc"; - cname.target = "${config.networking.hostName}.${config.network.dns.tld}"; + cname = { inherit (config.network.addresses.public) target; }; }; services.znc = { diff --git a/config/targets/common/default.nix b/config/targets/common/default.nix index 0a2da2dc..e5441801 100644 --- a/config/targets/common/default.nix +++ b/config/targets/common/default.nix @@ -1,4 +1,4 @@ -{ config, ... }: +{ config, lib, ... }: with lib; { variables.katdns-address = { @@ -27,5 +27,7 @@ }; }; - dns.zones."kittywit.ch." = { provider = "dns.katdns"; }; + dns.zones = genAttrs ["kittywit.ch." "dork.dev."] (_: { + provider = "dns.katdns"; + }); } diff --git a/config/targets/home/default.nix b/config/targets/home/default.nix index 1b93ee12..7ca731ea 100644 --- a/config/targets/home/default.nix +++ b/config/targets/home/default.nix @@ -4,13 +4,13 @@ deploy.targets.home = { tf = { config, ... }: { dns.records.ygg_grimoire = { - tld = "kittywit.ch."; + zone = "kittywit.ch."; domain = "grimoire.ygg"; aaaa.address = "200:c87d:7960:916:bf0e:a0e1:3da7:4fc6"; }; dns.records.ygg_boline = { - tld = "kittywit.ch."; + zone = "kittywit.ch."; domain = "boline.ygg"; aaaa.address = "200:474d:14f7:1d21:f171:4e85:a3fa:9393"; }; diff --git a/config/targets/rinnosuke-domains/default.nix b/config/targets/rinnosuke-domains/default.nix index e1c96ce3..76b24c3c 100644 --- a/config/targets/rinnosuke-domains/default.nix +++ b/config/targets/rinnosuke-domains/default.nix @@ -4,12 +4,12 @@ let rinnosuke = config.network.nodes.rinnosuke; in { deploy.targets.rinnosuke-domains.tf = { dns.records = { node_public_rinnosuke_v4 = { - tld = rinnosuke.network.dns.tld; + inherit (rinnosuke.network.dns) zone; domain = rinnosuke.networking.hostName; a.address = rinnosuke.network.addresses.public.nixos.ipv4.address; }; node_public_rinnosuke_v6 = { - tld = rinnosuke.network.dns.tld; + inherit (rinnosuke.network.dns) zone; domain = rinnosuke.networking.hostName; aaaa.address = rinnosuke.network.addresses.public.nixos.ipv6.address; };