Noratrieb/vps
1
0
Fork 0
mirror of https://github.com/Noratrieb/vps.git synced 2026-01-14 16:55:00 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Various DNS updates

Browse source 
- add email stuff for noratrieb.dev
- change default TTL
This commit is contained in:
nora 2024-09-19 19:38:58 +02:00
parent 5e68b5fe55
commit c2d37edad8
3 changed files with 30 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

4
newinfra/nix/deploy/smoke-tests.sh
View file

@ -12,8 +12,8 @@ dig @dns1.infra.noratrieb.dev nilstrieb.dev +noall +answer | grep 161.97.165.1
dig @dns2.infra.noratrieb.dev nilstrieb.dev +noall +answer | grep 161.97.165.1 dig @dns2.infra.noratrieb.dev nilstrieb.dev +noall +answer | grep 161.97.165.1
# Check the NS records. The trailing dot matters! # Check the NS records. The trailing dot matters!
dig @dns1.infra.noratrieb.dev NS noratrieb.dev | grep "noratrieb.dev..*86400.*IN.*NS.*ns1.noratrieb.dev." dig @dns1.infra.noratrieb.dev NS noratrieb.dev | grep "noratrieb.dev..*3600.*IN.*NS.*ns1.noratrieb.dev."
dig @dns2.infra.noratrieb.dev NS noratrieb.dev | grep "noratrieb.dev..*86400.*IN.*NS.*ns1.noratrieb.dev." dig @dns2.infra.noratrieb.dev NS noratrieb.dev | grep "noratrieb.dev..*3600.*IN.*NS.*ns1.noratrieb.dev."
# Check HTTP responses # Check HTTP responses
curl --fail -s https://vps1.infra.noratrieb.dev -o /dev/null curl --fail -s https://vps1.infra.noratrieb.dev -o /dev/null

15
newinfra/nix/modules/dns/nilstrieb.dev.nix
View file

@ -6,8 +6,8 @@ let
hour1 = 3600; hour1 = 3600;
hostsToDns = builtins.mapAttrs hostsToDns = builtins.mapAttrs
(name: { publicIPv4, publicIPv6, ... }: (name: { publicIPv4, publicIPv6, ... }:
lib.optionalAttrs (publicIPv4 != null) { A = [ (ttl hour1 (a publicIPv4)) ]; } // lib.optionalAttrs (publicIPv4 != null) { A = [ (a publicIPv4) ]; } //
lib.optionalAttrs (publicIPv6 != null) { AAAA = [ (ttl hour1 (aaaa publicIPv6)) ]; }) lib.optionalAttrs (publicIPv6 != null) { AAAA = [ (aaaa publicIPv6) ]; })
networkingConfig; networkingConfig;
vps2 = { vps2 = {
A = [ "184.174.32.252" ]; A = [ "184.174.32.252" ];
@ -16,17 +16,13 @@ let
with hostsToDns; with hostsToDns;
# point nilstrieb.dev to vps1 (retired) # point nilstrieb.dev to vps1 (retired)
vps1 // { vps1 // {
TTL = hour1;
SOA = { SOA = {
nameServer = "ns1.nilstrieb.dev."; nameServer = "ns1.nilstrieb.dev.";
adminEmail = "void@nilstrieb.dev"; adminEmail = "void@nilstrieb.dev";
serial = 2024072601; serial = 2024072601;
}; };
TXT = [
"protonmail-verification=86964dcc4994261eab23dbc53dad613b10bab6de"
"v=spf1 include:_spf.protonmail.ch ~all"
];
CAA = [ CAA = [
{ issuerCritical = false; tag = "issue"; value = "letsencrypt.org"; } { issuerCritical = false; tag = "issue"; value = "letsencrypt.org"; }
{ issuerCritical = false; tag = "issue"; value = "sectigo.com"; } { issuerCritical = false; tag = "issue"; value = "sectigo.com"; }
@ -37,11 +33,6 @@ let
"ns2.nilstrieb.dev." "ns2.nilstrieb.dev."
]; ];
MX = with mx; [
(mx 10 "mail.protonmail.ch.")
(mx 20 "mailsec.protonmail.ch.")
];
subdomains = { subdomains = {
ns1 = dns1; ns1 = dns1;
ns2 = dns2; ns2 = dns2;

28
newinfra/nix/modules/dns/noratrieb.dev.nix
View file

@ -6,8 +6,8 @@ let
hour1 = 3600; hour1 = 3600;
hostsToDns = builtins.mapAttrs hostsToDns = builtins.mapAttrs
(name: { publicIPv4, publicIPv6, ... }: (name: { publicIPv4, publicIPv6, ... }:
lib.optionalAttrs (publicIPv4 != null) { A = [ (ttl hour1 (a publicIPv4)) ]; } // lib.optionalAttrs (publicIPv4 != null) { A = [ (a publicIPv4) ]; } //
lib.optionalAttrs (publicIPv6 != null) { AAAA = [ (ttl hour1 (aaaa publicIPv6)) ]; }) lib.optionalAttrs (publicIPv6 != null) { AAAA = [ (aaaa publicIPv6) ]; })
networkingConfig; networkingConfig;
vps2 = { vps2 = {
A = [ "184.174.32.252" ]; A = [ "184.174.32.252" ];
@ -21,6 +21,7 @@ let
with hostsToDns; with hostsToDns;
# vps{1,3,4} contains root noratrieb.dev # vps{1,3,4} contains root noratrieb.dev
combine [ vps1 vps3 vps4 ] // { combine [ vps1 vps3 vps4 ] // {
TTL = hour1;
SOA = { SOA = {
nameServer = "ns1.noratrieb.dev."; nameServer = "ns1.noratrieb.dev.";
adminEmail = "void@noratrieb.dev"; adminEmail = "void@noratrieb.dev";
@ -37,13 +38,24 @@ let
{ issuerCritical = false; tag = "issue"; value = "sectigo.com"; } { issuerCritical = false; tag = "issue"; value = "sectigo.com"; }
]; ];
TXT = [
"protonmail-verification=09106d260e40df267109be219d9c7b2759e808b5"
"v=spf1 include:_spf.protonmail.ch ~all"
];
MX = [
(mx.mx 10 "mail.protonmail.ch.")
(mx.mx 20 "mailsec.protonmail.ch.")
];
subdomains = { subdomains = {
# --- NS records # --- NS records
ns1 = dns1; ns1 = dns1;
ns2 = dns2; ns2 = dns2;
# --- website stuff # --- website stuff
blog.CNAME = map (ttl hour1) [ (cname "noratrieb.github.io") ]; blog.CNAME = [ (cname "noratrieb.github.io") ];
www = vps1; www = vps1;
# --- legacy crap # --- legacy crap
@ -69,6 +81,16 @@ let
# --- infra # --- infra
grafana = vps3; grafana = vps3;
infra.subdomains = hostsToDns; infra.subdomains = hostsToDns;
# --- email
_domainkey.subdomains = {
protonmail.CNAME = [ (cname "protonmail.domainkey.deenxxi4ieo32na6brazky2h7bt5ezko6vexdbvbzzbtj6oj43kca.domains.proton.ch.") ];
protonmail2.CNAME = [ (cname "protonmail2.domainkey.deenxxi4ieo32na6brazky2h7bt5ezko6vexdbvbzzbtj6oj43kca.domains.proton.ch.") ];
protonmail3.CNAME = [ (cname "protonmail3.domainkey.deenxxi4ieo32na6brazky2h7bt5ezko6vexdbvbzzbtj6oj43kca.domains.proton.ch.") ];
};
_dmarc.TXT = [
{ data = "v=DMARC1; p=quarantine"; }
];
}; };
}; };
in in