move

nix/modules/dns/nilstrieb.dev.nix

@@ -0,0 +1,66 @@
+# https://github.com/nix-community/dns.nix
+{ pkgs, lib, networkingConfig, ... }:
+let
+  data = with pkgs.nix-dns.lib.combinators;
+    let
+      hour1 = 3600;
+      hostsToDns = builtins.mapAttrs
+        (name: { publicIPv4, publicIPv6, ... }:
+          lib.optionalAttrs (publicIPv4 != null) { A = [ (a publicIPv4) ]; } //
+          lib.optionalAttrs (publicIPv6 != null) { AAAA = [ (aaaa publicIPv6) ]; })
+        networkingConfig;
+      vps2 = {
+        A = [ "184.174.32.252" ];
+      };
+    in
+    with hostsToDns;
+    # point nilstrieb.dev to vps1 (retired)
+    vps1 // {
+      TTL = hour1;
+      SOA = {
+        nameServer = "ns1.nilstrieb.dev.";
+        adminEmail = "void@nilstrieb.dev";
+        serial = 2024072601;
+      };
+
+      CAA = [
+        { issuerCritical = false; tag = "issue"; value = "letsencrypt.org"; }
+        { issuerCritical = false; tag = "issue"; value = "sectigo.com"; }
+      ];
+
+      NS = [
+        "ns1.nilstrieb.dev."
+        "ns2.nilstrieb.dev."
+      ];
+
+      subdomains = {
+        ns1 = dns1;
+        ns2 = dns2;
+
+        localhost.A = [ (a "127.0.0.1") ];
+
+        # --- retired:
+        bisect-rustc = vps1;
+        blog = vps1;
+        docker = vps1;
+        www = vps1;
+        uptime = vps1;
+        hugo-chat = vps1 // {
+          subdomains.api = vps1;
+        };
+        olat = vps1;
+        # ---
+
+        # infra (legacy)
+        inherit vps2;
+
+        pronouns.TXT = [
+          "she/her"
+        ];
+      };
+    };
+in
+pkgs.writeTextFile {
+  name = "nilstrieb.dev.zone";
+  text = pkgs.nix-dns.lib.toString "nilstrieb.dev" data;
+}