wip: migrate client modules

2026-04-15 05:39:11 +02:00 · 2026-04-02 19:25:58 +02:00 · 2026-04-02 19:25:58 +02:00 · 7ce27d5d2f
commit 7ce27d5d2f
parent f6d2ff1544
245 changed files with 20254 additions and 188 deletions
--- a/modules-clone/nixos/server/nsd/site1.nix
+++ b/modules-clone/nixos/server/nsd/site1.nix
@ -0,0 +1,117 @@
+{ config, globals, dns, proxyAddress4, proxyAddress6, ... }:
+with dns.lib.combinators; {
+  SOA = {
+    nameServer = "soa";
+    adminEmail = "admin@${globals.domains.main}"; # this option is not parsed as domain (we cannot just write "admin")
+    serial = 2026010201; # update this on changes for secondary dns
+  };
+
+  useOrigin = false;
+
+  NS = [
+    "soa"
+    "srv"
+  ] ++ globals.domains.externalDns;
+
+  CAA = [
+    {
+      issuerCritical = false;
+      tag = "issue";
+      value = "letsencrypt.org";
+    }
+    {
+      issuerCritical = false;
+      tag = "issuewild";
+      value = "letsencrypt.org";
+    }
+    {
+      issuerCritical = false;
+      tag = "iodef";
+      value = "mailto:${config.repo.secrets.common.dnsMail}";
+    }
+  ];
+
+  A = [ config.repo.secrets.local.dns.homepage-ip ];
+
+  SRV = [
+    {
+      service = "_matrix";
+      proto = "_tcp";
+      port = 443;
+      target = "${globals.services.matrix.subDomain}";
+      priority = 10;
+      weight = 5;
+    }
+    {
+      service = "_submissions";
+      proto = "_tcp";
+      port = 465;
+      target = "${globals.services.mailserver.subDomain}";
+      priority = 5;
+      weight = 0;
+      ttl = 3600;
+    }
+    {
+      service = "_submission";
+      proto = "_tcp";
+      port = 587;
+      target = "${globals.services.mailserver.subDomain}";
+      priority = 5;
+      weight = 0;
+      ttl = 3600;
+    }
+    {
+      service = "_imap";
+      proto = "_tcp";
+      port = 143;
+      target = "${globals.services.mailserver.subDomain}";
+      priority = 5;
+      weight = 0;
+      ttl = 3600;
+    }
+    {
+      service = "_imaps";
+      proto = "_tcp";
+      port = 993;
+      target = "${globals.services.mailserver.subDomain}";
+      priority = 5;
+      weight = 0;
+      ttl = 3600;
+    }
+  ];
+
+  MX = [
+    {
+      preference = 10;
+      exchange = "${globals.services.mailserver.subDomain}";
+    }
+  ];
+
+  DKIM = [
+    {
+      selector = "mail";
+      k = "rsa";
+      p = config.repo.secrets.local.dns.mailserver.dkim-public;
+      ttl = 10800;
+    }
+  ];
+
+  TXT = [
+    (with spf; strict [ "a:${globals.services.mailserver.subDomain}.${globals.domains.main}" ])
+    "google-site-verification=${config.repo.secrets.local.dns.google-site-verification}"
+  ];
+
+  DMARC = [
+    {
+      p = "none";
+      ttl = 10800;
+    }
+  ];
+
+  subdomains = config.swarselsystems.server.dns.${globals.domains.main}.subdomainRecords // {
+    "www".CNAME = [ "${globals.domains.main}." ];
+    "_acme-challenge".CNAME = [ "${config.repo.secrets.local.dns.acme-challenge-domain}." ];
+    "soa" = host proxyAddress4 proxyAddress6;
+    "srv" = host proxyAddress4 proxyAddress6;
+  };
+}