nixos-config/config/domain-config/fudo.org.nix

{ config, lib, pkgs, ... }@toplevel:

with lib;
let
  hostname = config.instance.hostname;
  localDomain = "fudo.org";
  serviceSecrets = config.fudo.secrets.files.service-secrets."${hostname}";

  inherit (pkgs.lib) getDomainHosts getHostIpv4 getHostIpv6 getHostFqdn;

  domain = config.fudo.domains."${localDomain}";

  authentikHost = "legatus";

  primaryNameserver = "germany";

  defaultHost = "germany";

  mastodonHostname = "mastodon.fudo.org";

  servedDomains = [
    "fudo.org"
    "test.fudo.org"
    "selby.ca"
    "fudo.ca"
    "fudo.im"
    "stewartsoundservices.ca"
  ];

in {
  imports = [
    (import ./fudo.org/authentik.nix { inherit authentikHost; })
    (import ./fudo.org/mastodon.nix {
      mastodonHost = "legatus";
      mastodonHostname = mastodonHostname;
      mastodonWebDomain = "fudo.org";
      mastodonOidcClientId = serviceSecrets."mastodon-oidc.clientid";
      mastodonOidcClientSecret = serviceSecrets."mastodon-oidc.secret";
    })
    (import ./fudo.org/nextcloud.nix {
      nextcloudHost = "legatus";
      nextcloudHostname = "cloud.fudo.org";
      nextcloudPackage = pkgs.nextcloud27;
    })
    (import ./fudo.org/matrix.nix {
      matrixHost = "legatus";
      matrixServerName = "fudo.org";
      openIdClientId = readFile serviceSecrets."matrix-oidc.clientid";
      openIdClientSecret = readFile serviceSecrets."matrix-oidc.secret";
    })
    (import ./fudo.org/mail-server.nix (rec {
      primaryMailserver = "germany";
      primaryDomain = "test.fudo.org";
      authentikServer = "authentik.fudo.org";
      ldapBase = "dc=fudo,dc=org";
      ldapBindDn = "cn=userdb,ou=users,${ldapBase}";
      ldapBindPwFile =
        config.fudo.secrets.files.domain-secrets."${primaryDomain}"."ldap-bind.passwd";
      saslDomain = "FUDO.ORG";
      authentikOutpostToken =
        config.fudo.secrets.files.domain-secrets."${primaryDomain}"."authentik-ldap.token";
      inherit servedDomains;
      # TODO: FIXME!
      dkimRecord = "";
    }))
  ];

  config = {
    # All Fudo hosts should redirect selby.ca to the selbyhomecentre website.
    services.nginx.virtualHosts = {
      # Pass requests to selby on to selbyhomecentre
      "selby.ca".locations."/".return =
        "301 https://selbyhomecentre.com$request_uri";
      "www.selby.ca".locations."/".return =
        "301 https://selbyhomecentre.com$request_uri";

      # For Mastodon
      "fudo.org".locations = {
        "/.well-known/webfinger" = {
          return = "301 http://${mastodonHostname}";
          extraConfig = "add_header Access-Control-Allow-Origin '*';";
        };
        "/.well-known/host-meta" = {
          return = "301 https://${mastodonHostname}$request_uri";
        };
      };
    };

    fudo = {
      services = {
        jabber = {
          domain = "jabber.fudo.org";
          ldap.servers =
            map (host: "${host}.${localDomain}") domain.ldap-servers;
        };

        authoritative-dns = {
          enable = hostname == primaryNameserver;

          container = {
            hostname = "nameserver";
            interface = "enp5s0f0";
          };

          nameservers = {
            primary = primaryNameserver;
            external = map (hostname: {
              inherit (config.fudo.zones."fudo.org".hosts."${hostname}")
                ipv4-address ipv6-address description;
            }) [ "ns2-fudo" "ns3-fudo" "ns4-fudo" ];
          };

          ip-host-map = let
            networkHosts = getDomainHosts "fudo.org";
            ipHostPairs =
              map (host: nameValuePair (getHostIpv4 host) (getHostFqdn host))
              networkHosts;
          in listToAttrs ipHostPairs;

          zones = let
            defaultDeets = {
              inherit (config.fudo.zones."fudo.org".hosts."${defaultHost}")
                ipv4-address ipv6-address sshfp-records;
              description = "fudo.org";
            };

            fudoMailservers = {
              smtp-servers = [ "smtp.fudo.org." ];
              imap-servers = [ "imap.fudo.org." ];
            };

            mkDomain = domain: extraConfig:
              {
                default-host = defaultDeets;
                ksk =
                  config.fudo.secrets.files.dns.key-signing-keys."${domain}";
              } // extraConfig;
          in {
            "fudo.org" = mkDomain "fudo.org" {
              reverse-zones = [ "208.81.1.128/28" "208.81.3.112/28" ];
              mail = fudoMailservers;
            };
            "test.fudo.org" = mkDomain "test.fudo.org" { };
            "selby.ca" = mkDomain "selby.ca" { mail = fudoMailservers; };
            "fudo.ca" = mkDomain "fudo.ca" { mail = fudoMailservers; };
            "fudo.im" = mkDomain "fudo.im" { mail = fudoMailservers; };
            "stewartsoundservices.ca" =
              mkDomain "stewartsoundservices.ca" { mail = fudoMailservers; };
            "fudo.live" = mkDomain "fudo.live" { mail = fudoMailservers; };
          };
        };
      };
    };
  };
}
Tons of changes 2023-11-13 10:59:41 -08:00			`{ config, lib, pkgs, ... }@toplevel:`
Working refactored (on a test server) 2021-02-25 20:45:50 +00:00
Huge commit...like usual I guess 2023-10-14 16:15:26 -07:00			`with lib;`
			`let`
			`hostname = config.instance.hostname;`
			`localDomain = "fudo.org";`
			`serviceSecrets = config.fudo.secrets.files.service-secrets."${hostname}";`

Big commit 2023-12-04 17:10:57 -08:00			`inherit (pkgs.lib) getDomainHosts getHostIpv4 getHostIpv6 getHostFqdn;`
Tons of changes 2023-11-13 10:59:41 -08:00
Huge commit...like usual I guess 2023-10-14 16:15:26 -07:00			`domain = config.fudo.domains."${localDomain}";`

			`authentikHost = "legatus";`

			`primaryNameserver = "germany";`

Tons of changes 2023-11-13 10:59:41 -08:00			`defaultHost = "germany";`

			`mastodonHostname = "mastodon.fudo.org";`

Big commit 2023-12-04 17:10:57 -08:00			`servedDomains = [`
			`"fudo.org"`
			`"test.fudo.org"`
			`"selby.ca"`
			`"fudo.ca"`
			`"fudo.im"`
			`"stewartsoundservices.ca"`
			`];`

Huge commit...like usual I guess 2023-10-14 16:15:26 -07:00			`in {`
			`imports = [`
			`(import ./fudo.org/authentik.nix { inherit authentikHost; })`
			`(import ./fudo.org/mastodon.nix {`
			`mastodonHost = "legatus";`
Tons of changes 2023-11-13 10:59:41 -08:00			`mastodonHostname = mastodonHostname;`
			`mastodonWebDomain = "fudo.org";`
Huge commit...like usual I guess 2023-10-14 16:15:26 -07:00			`mastodonOidcClientId = serviceSecrets."mastodon-oidc.clientid";`
			`mastodonOidcClientSecret = serviceSecrets."mastodon-oidc.secret";`
			`})`
			`(import ./fudo.org/nextcloud.nix {`
			`nextcloudHost = "legatus";`
			`nextcloudHostname = "cloud.fudo.org";`
			`nextcloudPackage = pkgs.nextcloud27;`
			`})`
			`(import ./fudo.org/matrix.nix {`
			`matrixHost = "legatus";`
			`matrixServerName = "fudo.org";`
			`openIdClientId = readFile serviceSecrets."matrix-oidc.clientid";`
			`openIdClientSecret = readFile serviceSecrets."matrix-oidc.secret";`
			`})`
			`(import ./fudo.org/mail-server.nix (rec {`
			`primaryMailserver = "germany";`
			`primaryDomain = "test.fudo.org";`
			`authentikServer = "authentik.fudo.org";`
			`ldapBase = "dc=fudo,dc=org";`
			`ldapBindDn = "cn=userdb,ou=users,${ldapBase}";`
			`ldapBindPwFile =`
			`config.fudo.secrets.files.domain-secrets."${primaryDomain}"."ldap-bind.passwd";`
			`saslDomain = "FUDO.ORG";`
			`authentikOutpostToken =`
			`config.fudo.secrets.files.domain-secrets."${primaryDomain}"."authentik-ldap.token";`
Big commit 2023-12-04 17:10:57 -08:00			`inherit servedDomains;`
Huge commit...like usual I guess 2023-10-14 16:15:26 -07:00			`# TODO: FIXME!`
			`dkimRecord = "";`
			`}))`
			`];`
Big commit 2023-12-04 17:10:57 -08:00
Huge commit...like usual I guess 2023-10-14 16:15:26 -07:00			`config = {`
			`# All Fudo hosts should redirect selby.ca to the selbyhomecentre website.`
			`services.nginx.virtualHosts = {`
Tons of changes 2023-11-13 10:59:41 -08:00			`# Pass requests to selby on to selbyhomecentre`
Ensure database exists before starting kdc init 2023-10-15 20:34:16 -07:00			`"selby.ca".locations."/".return =`
			`"301 https://selbyhomecentre.com$request_uri";`
			`"www.selby.ca".locations."/".return =`
			`"301 https://selbyhomecentre.com$request_uri";`
Tons of changes 2023-11-13 10:59:41 -08:00
			`# For Mastodon`
			`"fudo.org".locations = {`
			`"/.well-known/webfinger" = {`
			`return = "301 http://${mastodonHostname}";`
			`extraConfig = "add_header Access-Control-Allow-Origin '*';";`
			`};`
			`"/.well-known/host-meta" = {`
			`return = "301 https://${mastodonHostname}$request_uri";`
			`};`
			`};`
Huge commit...like usual I guess 2023-10-14 16:15:26 -07:00			`};`

Big commit 2023-12-04 17:10:57 -08:00			`fudo = {`
			`services = {`
			`jabber = {`
			`domain = "jabber.fudo.org";`
			`ldap.servers =`
			`map (host: "${host}.${localDomain}") domain.ldap-servers;`
Tons of changes 2023-11-13 10:59:41 -08:00			`};`

Big commit 2023-12-04 17:10:57 -08:00			`authoritative-dns = {`
			`enable = hostname == primaryNameserver;`

			`container = {`
			`hostname = "nameserver";`
			`interface = "enp5s0f0";`
Tons of changes 2023-11-13 10:59:41 -08:00			`};`
Big commit 2023-12-04 17:10:57 -08:00
			`nameservers = {`
			`primary = primaryNameserver;`
			`external = map (hostname: {`
			`inherit (config.fudo.zones."fudo.org".hosts."${hostname}")`
			`ipv4-address ipv6-address description;`
			`}) [ "ns2-fudo" "ns3-fudo" "ns4-fudo" ];`
Huge commit...like usual I guess 2023-10-14 16:15:26 -07:00			`};`
Big commit 2023-12-04 17:10:57 -08:00
			`ip-host-map = let`
			`networkHosts = getDomainHosts "fudo.org";`
			`ipHostPairs =`
			`map (host: nameValuePair (getHostIpv4 host) (getHostFqdn host))`
			`networkHosts;`
			`in listToAttrs ipHostPairs;`

			`zones = let`
			`defaultDeets = {`
			`inherit (config.fudo.zones."fudo.org".hosts."${defaultHost}")`
			`ipv4-address ipv6-address sshfp-records;`
			`description = "fudo.org";`
			`};`

			`fudoMailservers = {`
			`smtp-servers = [ "smtp.fudo.org." ];`
			`imap-servers = [ "imap.fudo.org." ];`
			`};`

			`mkDomain = domain: extraConfig:`
			`{`
			`default-host = defaultDeets;`
			`ksk =`
			`config.fudo.secrets.files.dns.key-signing-keys."${domain}";`
			`} // extraConfig;`
			`in {`
			`"fudo.org" = mkDomain "fudo.org" {`
			`reverse-zones = [ "208.81.1.128/28" "208.81.3.112/28" ];`
			`mail = fudoMailservers;`
			`};`
			`"test.fudo.org" = mkDomain "test.fudo.org" { };`
			`"selby.ca" = mkDomain "selby.ca" { mail = fudoMailservers; };`
			`"fudo.ca" = mkDomain "fudo.ca" { mail = fudoMailservers; };`
			`"fudo.im" = mkDomain "fudo.im" { mail = fudoMailservers; };`
			`"stewartsoundservices.ca" =`
			`mkDomain "stewartsoundservices.ca" { mail = fudoMailservers; };`
			`"fudo.live" = mkDomain "fudo.live" { mail = fudoMailservers; };`
Huge commit...like usual I guess 2023-10-14 16:15:26 -07:00			`};`
			`};`
			`};`
			`};`
			`};`
Added live disk flake 2022-03-16 09:49:35 -07:00			`}`