{hosts,zones}: Init dns zone for vhack.eu

author: Benedikt Peetz <benedikt.peetz@b-peetz.de> 2025-03-10 19:49:37 +0100
committer: Benedikt Peetz <benedikt.peetz@b-peetz.de> 2025-03-10 19:51:13 +0100
commit: 6e26789f330fe34df54b56f06ba095ece4bd7128 (patch)
tree: 8a749ddffac6bd792a104ff309073f6d880d5e2c
parent: {modules/system-info,scripts/system_info}: Init (diff)
download: nixos-server-6e26789f330fe34df54b56f06ba095ece4bd7128.zip
3 files changed, 137 insertions, 0 deletions
diff --git a/hosts/by-name/server2/configuration.nix b/hosts/by-name/server2/configuration.nix
index c373d28..b7b868f 100644
--- a/hosts/by-name/server2/configuration.nix
+++ b/hosts/by-name/server2/configuration.nix
@@ -26,6 +26,15 @@
       privatePassword = ./secrets/backup/backuppass.age;
       user = "u384702-sub3";
     };
+    dns = {
+      enable = true;
+      openFirewall = true;
+      interfaces = [
+        "185.16.61.132"
+        "2a03:4000:a:106::1"
+      ];
+      zones = import ../../../zones/vhack.eu/zone.nix {};
+    };
     etesync = {
       enable = true;
       secretFile = ./secrets/etesync/secret_file.age;
diff --git a/hosts/by-name/server3/configuration.nix b/hosts/by-name/server3/configuration.nix
index d819e81..e18d055 100644
--- a/hosts/by-name/server3/configuration.nix
+++ b/hosts/by-name/server3/configuration.nix
@@ -11,6 +11,15 @@
       privatePassword = ./secrets/backup/backuppass.age;
       user = "u384702-sub4";
     };
+    dns = {
+      enable = true;
+      openFirewall = true;
+      interfaces = [
+        "92.60.38.179"
+        "2a03:4000:33:25b::4f4e"
+      ];
+      zones = import ../../../zones/vhack.eu/zone.nix {};
+    };
     fail2ban.enable = true;
     nix-sync = {
       enable = true;
diff --git a/zones/vhack.eu/zone.nix b/zones/vhack.eu/zone.nix
new file mode 100644
index 0000000..31222f7
--- /dev/null
+++ b/zones/vhack.eu/zone.nix
@@ -0,0 +1,119 @@
+{...}: {
+  "vhack.eu" = {
+    SOA = {
+      nameServer = "name-server.foss-syndicate.org.";
+      adminEmail = "dns-admin@foss-syndicate.org";
+      serial = 2025031001;
+    };
+    useOrigin = false;
+
+    # TODO: Why are we using server3's IPs here? <2025-03-10>
+    A = [
+      "92.60.38.179"
+    ];
+    AAAA = [
+      "2a03:4000:33:25b::4f4e"
+    ];
+
+    CAA = [
+      {
+        issuerCritical = false;
+        tag = "issue";
+        value = "letsencrypt.org";
+      }
+    ];
+
+    MX = [
+      {
+        preference = 10;
+        exchange = "mail.foss-syndicate.org";
+      }
+    ];
+    DKIM = [
+      {
+        selector = "mail";
+        k = "rsa";
+        p = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8KXSkQD0ZFk3EetJ1qaoqevvdBoV93dRh5X2GCcc7hWBtLWtj31F3BefgfcrbdACVitdmJcRu7ed8qZMpxZM9pN5TrPMebAkjxMvMH554Wvi1FSwzuPSR724NHPKIgveU8pgiYffks5Mu1ejZmBvlnhXjpbDCEL1reWk+OtmB+QIDAQAB";
+        s = ["email"];
+        t = ["s"];
+      }
+    ];
+    DMARC = [
+      {
+        adkim = "strict";
+        aspf = "strict";
+        fo = ["0" "1" "d" "s"];
+        p = "quarantine";
+        rua = "admin@foss-syndicate.org";
+        ruf = ["admin@foss-syndicate.org"];
+      }
+    ];
+    SRV = [
+      {
+        service = "imaps";
+        proto = "tcp";
+        priority = 0;
+        weight = 1;
+        port = 993;
+        target = "mail.foss-syndicate.org";
+      }
+      {
+        service = "pop3s";
+        proto = "tcp";
+        priority = 0;
+        weight = 1;
+        port = 995;
+        target = "mail.foss-syndicate.org";
+      }
+      {
+        service = "smtps";
+        proto = "tcp";
+        priority = 0;
+        weight = 1;
+        port = 465;
+        target = "mail.foss-syndicate.org";
+      }
+    ];
+    TXT = [
+      "v=spf1 +mx -all"
+    ];
+
+    subdomains = {
+      dav.CNAME = ["server2.vhack.eu"];
+      etebase.CNAME = ["server2.vhack.eu"];
+      git.CNAME = ["server2.vhack.eu"];
+      invidious-router.CNAME = ["server2.vhack.eu"];
+
+      libreddit.CNAME = ["server2.vhack.eu"];
+      redlib.CNAME = ["server2.vhack.eu"];
+
+      mastodon.CNAME = ["server3.vhack.eu"];
+      matrix.CNAME = ["server3.vhack.eu"];
+
+      miniflux.CNAME = ["server3.vhack.eu"];
+      rss.CNAME = ["server3.vhack.eu"];
+
+      mumble.CNAME = ["server3.vhack.eu"];
+      openpgpkey.CNAME = ["server3.vhack.eu"];
+      peertube.CNAME = ["server3.vhack.eu"];
+      trinitrix.CNAME = ["server3.vhack.eu"];
+
+      server2 = {
+        AAAA = [
+          "2a03:4000:a:106::1"
+        ];
+        A = [
+          "185.16.61.132"
+        ];
+      };
+      server3 = {
+        AAAA = [
+          "2a03:4000:33:25b::4f4e"
+        ];
+        A = [
+          "92.60.38.179"
+        ];
+      };
+    };
+  };
+}
author	Benedikt Peetz <benedikt.peetz@b-peetz.de>	2025-03-10 19:49:37 +0100
committer	Benedikt Peetz <benedikt.peetz@b-peetz.de>	2025-03-10 19:51:13 +0100
commit	6e26789f330fe34df54b56f06ba095ece4bd7128 (patch)
tree	8a749ddffac6bd792a104ff309073f6d880d5e2c
parent	{modules/system-info,scripts/system_info}: Init (diff)
download	nixos-server-6e26789f330fe34df54b56f06ba095ece4bd7128.zip