gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

project-wide: DNS records for services and athame

Browse source
This commit is contained in:
kat witch 2021-03-30 02:59:22 +01:00
parent 2eb84e4654
commit bcfdc68b30
No known key found for this signature in database
GPG key ID: 1B477797DCA5EC72
9 changed files with 67 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

32
hosts/athame/meta.nix
View file

@ -1,4 +1,4 @@
{ config, hosts, ... }: { { config, hosts, lib, ... }: {
config = { config = {
resources.athame = { resources.athame = {
provider = "null"; provider = "null";
@ -9,17 +9,16 @@
}; };
}; };
resources.athame_test_domain = { dns.records.kittywitch_athame = {
provider = "dns"; tld = "kittywit.ch.";
type = "a_record_set"; domain = "athame";
inputs = { a.address = "168.119.126.111";
zone = "kittywit.ch."; };
name = "testy";
addresses = [ dns.records.kittywitch_root = {
"168.119.126.111" tld = "kittywit.ch.";
]; domain = "@";
ttl = 300; a.address = "168.119.126.111";
};
}; };
deploy.systems.athame = with config.resources; { deploy.systems.athame = with config.resources; {
@ -27,7 +26,12 @@
connection = athame.connection.set; connection = athame.connection.set;
triggers.copy.athame = athame.refAttr "id"; triggers.copy.athame = athame.refAttr "id";
triggers.secrets.athame = athame.refAttr "id"; triggers.secrets.athame = athame.refAttr "id";
triggers.switch.athame = config.lib.tf.terraformExpr ''join(",", ${athame_test_domain.namedRef}.addresses)''; #triggers.switch = lib.mapAttrs (name: record: {
}; #A = config.lib.tf.terraformExpr ''join(",", ${record.out.resource.namedRef}.addresses)'';
#AAAA = config.lib.tf.terraformExpr ''join(",", ${record.out.resource.namedRef}.addresses)'';
#CNAME = record.out.resource.refAttr "cname";
#SRV = record.out.resource.refAttr "id";
#}.${record.out.type}) config.dns.records;
};
}; };
} }

6
hosts/athame/nixos/default.nix
View file

@ -33,6 +33,12 @@
interfaces.enp1s0.useDHCP = true; interfaces.enp1s0.useDHCP = true;
}; };
deploy.tf.dns.records.kittywitch_www = {
tld = "kittywit.ch.";
domain = "www";
cname.target = "athame.kittywit.ch.";
};
networking.firewall.allowedTCPPorts = networking.firewall.allowedTCPPorts =
[ 22 80 443 5160 5060 8999 64738 1935 53589 5001 ]; [ 22 80 443 5160 5060 8999 64738 1935 53589 5001 ];
networking.firewall.allowedUDPPorts = [ 5160 5060 64738 ]; networking.firewall.allowedUDPPorts = [ 5160 5060 64738 ];

6
hosts/athame/nixos/virtualhosts.nix
View file

@ -11,4 +11,10 @@ in {
"athame.kittywit.ch" = { root = "/var/www/athame"; } // common; "athame.kittywit.ch" = { root = "/var/www/athame"; } // common;
"files.kittywit.ch" = { root = "/var/www/files"; } // common; "files.kittywit.ch" = { root = "/var/www/files"; } // common;
} // witch.secrets.virtualHosts.athame; } // witch.secrets.virtualHosts.athame;
deploy.tf.dns.records.kittywitch_files = {
tld = "kittywit.ch.";
domain = "files";
cname.target = "athame.kittywit.ch.";
};
} }

6
services/bitwarden.nix
View file

@ -32,5 +32,11 @@
"/notifications/hub".proxyPass = "http://127.0.0.1:3012"; "/notifications/hub".proxyPass = "http://127.0.0.1:3012";
"/notifications/hub/negotiate".proxyPass = "http://127.0.0.1:80"; "/notifications/hub/negotiate".proxyPass = "http://127.0.0.1:80";
}; };
};
deploy.tf.dns.records.kittywitch_vault = {
tld = "kittywit.ch.";
domain = "vault";
cname.target = "athame.kittywit.ch.";
}; };
} }

6
services/gitea/default.nix
View file

@ -50,4 +50,10 @@
forceSSL = true; forceSSL = true;
locations = { "/".proxyPass = "http://127.0.0.1:3000"; }; locations = { "/".proxyPass = "http://127.0.0.1:3000"; };
}; };
deploy.tf.dns.records.kittywitch_git = {
tld = "kittywit.ch.";
domain = "git";
cname.target = "athame.kittywit.ch.";
};
} }

8
services/murmur.nix
View file

@ -8,11 +8,17 @@
services.murmur = { services.murmur = {
enable = true; enable = true;
hostName = "mumble.kittywit.ch"; hostName = "voice.kittywit.ch";
extraConfig = '' extraConfig = ''
sslCert=/var/lib/acme/kittywit.ch/fullchain.pem sslCert=/var/lib/acme/kittywit.ch/fullchain.pem
sslKey=/var/lib/acme/kittywit.ch/key.pem sslKey=/var/lib/acme/kittywit.ch/key.pem
''; '';
};
deploy.tf.dns.records.kittywitch_voice = {
tld = "kittywit.ch.";
domain = "voice";
cname.target = "athame.kittywit.ch.";
}; };
} }

6
services/syncserver.nix
View file

@ -12,5 +12,11 @@
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations = { "/".proxyPass = "http://127.0.0.1:5001"; }; locations = { "/".proxyPass = "http://127.0.0.1:5001"; };
};
deploy.tf.dns.records.kittywitch_sync = {
tld = "kittywit.ch.";
domain = "sync";
cname.target = "athame.kittywit.ch.";
}; };
} }

6
services/weechat.nix
View file

@ -35,5 +35,11 @@ in {
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };
};
deploy.tf.dns.records.kittywitch_irc = {
tld = "kittywit.ch.";
domain = "irc";
cname.target = "athame.kittywit.ch.";
}; };
} }

6
services/znc.nix
View file

@ -27,4 +27,10 @@
forceSSL = true; forceSSL = true;
locations = { "/".proxyPass = "http://127.0.0.1:5000"; }; locations = { "/".proxyPass = "http://127.0.0.1:5000"; };
}; };
deploy.tf.dns.records.kittywitch_znc = {
tld = "kittywit.ch.";
domain = "znc";
cname.target = "athame.kittywit.ch.";
};
} }