From bcfdc68b3024f02a5c4f37c9abc2a34916e5a263 Mon Sep 17 00:00:00 2001 From: kat witch Date: Tue, 30 Mar 2021 02:59:22 +0100 Subject: [PATCH] project-wide: DNS records for services and athame --- hosts/athame/meta.nix | 32 ++++++++++++++++------------- hosts/athame/nixos/default.nix | 6 ++++++ hosts/athame/nixos/virtualhosts.nix | 6 ++++++ services/bitwarden.nix | 6 ++++++ services/gitea/default.nix | 6 ++++++ services/murmur.nix | 8 +++++++- services/syncserver.nix | 6 ++++++ services/weechat.nix | 6 ++++++ services/znc.nix | 6 ++++++ 9 files changed, 67 insertions(+), 15 deletions(-) diff --git a/hosts/athame/meta.nix b/hosts/athame/meta.nix index 46991054..41060149 100644 --- a/hosts/athame/meta.nix +++ b/hosts/athame/meta.nix @@ -1,4 +1,4 @@ -{ config, hosts, ... }: { +{ config, hosts, lib, ... }: { config = { resources.athame = { provider = "null"; @@ -9,17 +9,16 @@ }; }; - resources.athame_test_domain = { - provider = "dns"; - type = "a_record_set"; - inputs = { - zone = "kittywit.ch."; - name = "testy"; - addresses = [ - "168.119.126.111" - ]; - ttl = 300; - }; + dns.records.kittywitch_athame = { + tld = "kittywit.ch."; + domain = "athame"; + a.address = "168.119.126.111"; + }; + + dns.records.kittywitch_root = { + tld = "kittywit.ch."; + domain = "@"; + a.address = "168.119.126.111"; }; deploy.systems.athame = with config.resources; { @@ -27,7 +26,12 @@ connection = athame.connection.set; triggers.copy.athame = athame.refAttr "id"; triggers.secrets.athame = athame.refAttr "id"; - triggers.switch.athame = config.lib.tf.terraformExpr ''join(",", ${athame_test_domain.namedRef}.addresses)''; - }; + #triggers.switch = lib.mapAttrs (name: record: { + #A = config.lib.tf.terraformExpr ''join(",", ${record.out.resource.namedRef}.addresses)''; + #AAAA = config.lib.tf.terraformExpr ''join(",", ${record.out.resource.namedRef}.addresses)''; + #CNAME = record.out.resource.refAttr "cname"; + #SRV = record.out.resource.refAttr "id"; + #}.${record.out.type}) config.dns.records; + }; }; } diff --git a/hosts/athame/nixos/default.nix b/hosts/athame/nixos/default.nix index 9bd8dcd5..fc01886b 100644 --- a/hosts/athame/nixos/default.nix +++ b/hosts/athame/nixos/default.nix @@ -33,6 +33,12 @@ interfaces.enp1s0.useDHCP = true; }; + deploy.tf.dns.records.kittywitch_www = { + tld = "kittywit.ch."; + domain = "www"; + cname.target = "athame.kittywit.ch."; + }; + networking.firewall.allowedTCPPorts = [ 22 80 443 5160 5060 8999 64738 1935 53589 5001 ]; networking.firewall.allowedUDPPorts = [ 5160 5060 64738 ]; diff --git a/hosts/athame/nixos/virtualhosts.nix b/hosts/athame/nixos/virtualhosts.nix index ea44108c..6dfc6ddf 100644 --- a/hosts/athame/nixos/virtualhosts.nix +++ b/hosts/athame/nixos/virtualhosts.nix @@ -11,4 +11,10 @@ in { "athame.kittywit.ch" = { root = "/var/www/athame"; } // common; "files.kittywit.ch" = { root = "/var/www/files"; } // common; } // witch.secrets.virtualHosts.athame; + + deploy.tf.dns.records.kittywitch_files = { + tld = "kittywit.ch."; + domain = "files"; + cname.target = "athame.kittywit.ch."; + }; } diff --git a/services/bitwarden.nix b/services/bitwarden.nix index 3a8ec47e..c7359b82 100644 --- a/services/bitwarden.nix +++ b/services/bitwarden.nix @@ -32,5 +32,11 @@ "/notifications/hub".proxyPass = "http://127.0.0.1:3012"; "/notifications/hub/negotiate".proxyPass = "http://127.0.0.1:80"; }; + }; + + deploy.tf.dns.records.kittywitch_vault = { + tld = "kittywit.ch."; + domain = "vault"; + cname.target = "athame.kittywit.ch."; }; } diff --git a/services/gitea/default.nix b/services/gitea/default.nix index 8c4ac386..98d7e553 100644 --- a/services/gitea/default.nix +++ b/services/gitea/default.nix @@ -50,4 +50,10 @@ forceSSL = true; locations = { "/".proxyPass = "http://127.0.0.1:3000"; }; }; + + deploy.tf.dns.records.kittywitch_git = { + tld = "kittywit.ch."; + domain = "git"; + cname.target = "athame.kittywit.ch."; + }; } diff --git a/services/murmur.nix b/services/murmur.nix index 010ec079..70ce7e1d 100644 --- a/services/murmur.nix +++ b/services/murmur.nix @@ -8,11 +8,17 @@ services.murmur = { enable = true; - hostName = "mumble.kittywit.ch"; + hostName = "voice.kittywit.ch"; extraConfig = '' sslCert=/var/lib/acme/kittywit.ch/fullchain.pem sslKey=/var/lib/acme/kittywit.ch/key.pem ''; + }; + + deploy.tf.dns.records.kittywitch_voice = { + tld = "kittywit.ch."; + domain = "voice"; + cname.target = "athame.kittywit.ch."; }; } diff --git a/services/syncserver.nix b/services/syncserver.nix index d4647110..38eb9bf7 100644 --- a/services/syncserver.nix +++ b/services/syncserver.nix @@ -12,5 +12,11 @@ enableACME = true; forceSSL = true; locations = { "/".proxyPass = "http://127.0.0.1:5001"; }; + }; + + deploy.tf.dns.records.kittywitch_sync = { + tld = "kittywit.ch."; + domain = "sync"; + cname.target = "athame.kittywit.ch."; }; } diff --git a/services/weechat.nix b/services/weechat.nix index b37f7861..9503639f 100644 --- a/services/weechat.nix +++ b/services/weechat.nix @@ -35,5 +35,11 @@ in { proxyWebsockets = true; }; }; + }; + + deploy.tf.dns.records.kittywitch_irc = { + tld = "kittywit.ch."; + domain = "irc"; + cname.target = "athame.kittywit.ch."; }; } diff --git a/services/znc.nix b/services/znc.nix index a07ef528..080e6d25 100644 --- a/services/znc.nix +++ b/services/znc.nix @@ -27,4 +27,10 @@ forceSSL = true; locations = { "/".proxyPass = "http://127.0.0.1:5000"; }; }; + + deploy.tf.dns.records.kittywitch_znc = { + tld = "kittywit.ch."; + domain = "znc"; + cname.target = "athame.kittywit.ch."; + }; }