mastus: dns server

2016-06-19 11:29:25 +02:00 · 2016-06-19 11:29:25 +02:00 · e9cd321661
commit e9cd321661
parent f9ff346c08
2 changed files with 98 additions and 0 deletions
--- a/mastus/configuration.nix
+++ b/mastus/configuration.nix
@ -14,6 +14,7 @@
      ./blog.nix
      ./radicale.nix
      ./ttrss.nix
+      ./dns.nix
    ];

  boot.loader.grub.enable = true;
--- a/mastus/dns.nix
+++ b/mastus/dns.nix
@ -0,0 +1,97 @@
+{ config, pkgs, ... }:
+let
+  mastus = ''
+    IN A 37.252.120.145
+      IN AAAA 2a02:2770:5:0:21a:4aff:fe99:a937
+  '';
+  misuji = ''
+    IN A 91.213.195.194
+      IN AAAA 2a02:2770:3:0:21a:4aff:feac:bc0e
+  '';
+
+  timestamp = "1466327298";
+
+  heNsServers = ''
+    @ IN NS ns1.he.net.
+    @ IN NS ns2.he.net.
+    @ IN NS ns3.he.net.
+    @ IN NS ns4.he.net.
+    @ IN NS ns5.he.net.
+  '';
+
+  mailSetup = ''
+    @ IN MX 10 imap.gebner.org.
+    @ IN TXT v=spf1 mx -all
+  '';
+
+  commonStuff = domain: ''
+    $ORIGIN ${domain}.
+    @ 10800 IN SOA mastus.gebner.org. gebner.gebner.org. ${timestamp} 10800 3600 604800 10800
+    ${heNsServers}
+    ${mailSetup}
+  '';
+in
+{
+  services.nsd = {
+    enable = true;
+    interfaces = [ "0.0.0.0" "::" ];
+
+    zones = {
+      "gebner.org." = {
+        provideXFR = [ "0.0.0.0/0 NOKEY" "::0/0 NOKEY" ];
+        data = ''
+          ${commonStuff "gebner.org"}
+
+          misuji ${misuji}
+          mastus ${mastus}
+
+          home-gw IN A 80.109.2.154
+          htdf-gw IN A 80.109.2.154
+          mtlaa-gw IN A 84.112.114.160
+
+          @ ${mastus}
+          www IN CNAME mastus
+
+          reader IN CNAME mastus
+          owncloud IN CNAME misuji
+          webmail IN CNAME misuji
+          git IN CNAME mastus
+          kochbuch IN CNAME misuji
+          howfatami IN CNAME misuji
+          mail ${mastus}
+          imap ${mastus}
+          xmpp ${misuji}
+          wllbg in CNAME misuji
+          cookbook in CNAME misuji
+          radicale in CNAME mastus
+        '';
+      };
+      "gabrielebner.at." = {
+        provideXFR = [ "0.0.0.0/0 NOKEY" "::0/0 NOKEY" ];
+        data = ''
+          ${commonStuff "gabrielebner.at"}
+
+          @ ${mastus}
+          www IN CNAME mastus.gebner.org.
+
+          openid IN CNAME mastus.gebner.org.
+        '';
+      };
+      "2b7e.org." = {
+        provideXFR = [ "0.0.0.0/0 NOKEY" "::0/0 NOKEY" ];
+        data = ''
+          ${commonStuff "2b7e.org"}
+
+          @ ${mastus}
+          www IN CNAME mastus.gebner.org.
+        '';
+      };
+    };
+  };
+
+  environment.systemPackages = [ pkgs.nsd ];
+  networking.firewall = {
+    allowedUDPPorts = [ 53 ];
+    allowedTCPPorts = [ 53 ];
+  };
+}