nixos-config/config/domain-config/fudo.org.nix

{ config, lib, pkgs, ... }@toplevel:

with lib;
let
  hostname = config.instance.hostname;
  localDomain = "fudo.org";
  serviceSecrets = config.fudo.secrets.files.service-secrets."${hostname}";

  inherit (pkgs.lib) getDomainHosts getHostIpv4 getHostFqdn;

  domain = config.fudo.domains."${localDomain}";

  authentikHost = "legatus";

  primaryNameserver = "germany";

  defaultHost = "germany";

  mastodonHostname = "mastodon.fudo.org";

in {
  imports = [
    (import ./fudo.org/authentik.nix { inherit authentikHost; })
    (import ./fudo.org/mastodon.nix {
      mastodonHost = "legatus";
      mastodonHostname = mastodonHostname;
      mastodonWebDomain = "fudo.org";
      mastodonOidcClientId = serviceSecrets."mastodon-oidc.clientid";
      mastodonOidcClientSecret = serviceSecrets."mastodon-oidc.secret";
    })
    (import ./fudo.org/nextcloud.nix {
      nextcloudHost = "legatus";
      nextcloudHostname = "cloud.fudo.org";
      nextcloudPackage = pkgs.nextcloud27;
    })
    (import ./fudo.org/matrix.nix {
      matrixHost = "legatus";
      matrixServerName = "fudo.org";
      openIdClientId = readFile serviceSecrets."matrix-oidc.clientid";
      openIdClientSecret = readFile serviceSecrets."matrix-oidc.secret";
    })
    (import ./fudo.org/mail-server.nix (rec {
      primaryMailserver = "germany";
      primaryDomain = "test.fudo.org";
      authentikServer = "authentik.fudo.org";
      ldapBase = "dc=fudo,dc=org";
      ldapBindDn = "cn=userdb,ou=users,${ldapBase}";
      ldapBindPwFile =
        config.fudo.secrets.files.domain-secrets."${primaryDomain}"."ldap-bind.passwd";
      saslDomain = "FUDO.ORG";
      authentikOutpostToken =
        config.fudo.secrets.files.domain-secrets."${primaryDomain}"."authentik-ldap.token";
      servedDomains =
        [ "fudo.org" "fudo.ca" "fudo.im" "selby.ca" "selbyhomecentre.com" ];
      # TODO: FIXME!
      dkimRecord = "";
    }))
  ];
  config = {
    # All Fudo hosts should redirect selby.ca to the selbyhomecentre website.
    services.nginx.virtualHosts = {
      # Pass requests to selby on to selbyhomecentre
      "selby.ca".locations."/".return =
        "301 https://selbyhomecentre.com$request_uri";
      "www.selby.ca".locations."/".return =
        "301 https://selbyhomecentre.com$request_uri";

      # For Mastodon
      "fudo.org".locations = {
        "/.well-known/webfinger" = {
          return = "301 http://${mastodonHostname}";
          extraConfig = "add_header Access-Control-Allow-Origin '*';";
        };
        "/.well-known/host-meta" = {
          return = "301 https://${mastodonHostname}$request_uri";
        };
      };
    };

    fudo.services = {
      jabber = {
        domain = "jabber.fudo.org";
        ldap.servers = map (host: "${host}.${localDomain}") domain.ldap-servers;
      };

      authoritative-dns = {
        enable = hostname == primaryNameserver;

        nameservers = {
          primary = primaryNameserver;
          external = map (hostname: {
            inherit (config.fudo.zones."fudo.org".hosts."${hostname}")
              ipv4-address ipv6-address description;
          }) [ "ns2-fudo" "ns3-fudo" "ns4-fudo" ];
        };

        ip-host-map = let
          networkHosts = getDomainHosts "fudo.org";
          ipHostPairs =
            map (host: nameValuePair (getHostIpv4 host) (getHostFqdn host))
            networkHosts;
        in listToAttrs ipHostPairs;

        zones = let
          defaultDeets = {
            inherit (config.fudo.zones."fudo.org".hosts."${defaultHost}")
              ipv4-address ipv6-address sshfp-records;
            description = "fudo.org";
          };
        in {
          "fudo.org" = {
            default-host = defaultDeets;
            ksk = config.fudo.secrets.files.dns.key-signing-keys."fudo.org";
            reverse-zones = [ "208.81.1.128/28" "208.81.3.112/28" ];
          };
          "test.fudo.org" = {
            default-host = defaultDeets;
            ksk =
              config.fudo.secrets.files.dns.key-signing-keys."test.fudo.org";
          };
          "selby.ca" = {
            default-host = defaultDeets;
            ksk = config.fudo.secrets.files.dns.key-signing-keys."selby.ca";
          };
          "fudo.ca" = {
            default-host = defaultDeets;
            ksk = config.fudo.secrets.files.dns.key-signing-keys."fudo.ca";
          };
          "fudo.im" = {
            default-host = defaultDeets;
            ksk = config.fudo.secrets.files.dns.key-signing-keys."fudo.im";
          };
          "stewartsoundservices.ca" = {
            default-host = defaultDeets;
            ksk =
              config.fudo.secrets.files.dns.key-signing-keys."stewartsoundservices.ca";
          };
        };
      };
    };
  };
}
Tons of changes 2023-11-13 10:59:41 -08:00			`{ config, lib, pkgs, ... }@toplevel:`
Working refactored (on a test server) 2021-02-25 20:45:50 +00:00
Huge commit...like usual I guess 2023-10-14 16:15:26 -07:00			`with lib;`
			`let`
			`hostname = config.instance.hostname;`
			`localDomain = "fudo.org";`
			`serviceSecrets = config.fudo.secrets.files.service-secrets."${hostname}";`

Tons of changes 2023-11-13 10:59:41 -08:00			`inherit (pkgs.lib) getDomainHosts getHostIpv4 getHostFqdn;`

Huge commit...like usual I guess 2023-10-14 16:15:26 -07:00			`domain = config.fudo.domains."${localDomain}";`

			`authentikHost = "legatus";`

			`primaryNameserver = "germany";`

Tons of changes 2023-11-13 10:59:41 -08:00			`defaultHost = "germany";`

			`mastodonHostname = "mastodon.fudo.org";`

Huge commit...like usual I guess 2023-10-14 16:15:26 -07:00			`in {`
			`imports = [`
			`(import ./fudo.org/authentik.nix { inherit authentikHost; })`
			`(import ./fudo.org/mastodon.nix {`
			`mastodonHost = "legatus";`
Tons of changes 2023-11-13 10:59:41 -08:00			`mastodonHostname = mastodonHostname;`
			`mastodonWebDomain = "fudo.org";`
Huge commit...like usual I guess 2023-10-14 16:15:26 -07:00			`mastodonOidcClientId = serviceSecrets."mastodon-oidc.clientid";`
			`mastodonOidcClientSecret = serviceSecrets."mastodon-oidc.secret";`
			`})`
			`(import ./fudo.org/nextcloud.nix {`
			`nextcloudHost = "legatus";`
			`nextcloudHostname = "cloud.fudo.org";`
			`nextcloudPackage = pkgs.nextcloud27;`
			`})`
			`(import ./fudo.org/matrix.nix {`
			`matrixHost = "legatus";`
			`matrixServerName = "fudo.org";`
			`openIdClientId = readFile serviceSecrets."matrix-oidc.clientid";`
			`openIdClientSecret = readFile serviceSecrets."matrix-oidc.secret";`
			`})`
			`(import ./fudo.org/mail-server.nix (rec {`
			`primaryMailserver = "germany";`
			`primaryDomain = "test.fudo.org";`
			`authentikServer = "authentik.fudo.org";`
			`ldapBase = "dc=fudo,dc=org";`
			`ldapBindDn = "cn=userdb,ou=users,${ldapBase}";`
			`ldapBindPwFile =`
			`config.fudo.secrets.files.domain-secrets."${primaryDomain}"."ldap-bind.passwd";`
			`saslDomain = "FUDO.ORG";`
			`authentikOutpostToken =`
			`config.fudo.secrets.files.domain-secrets."${primaryDomain}"."authentik-ldap.token";`
			`servedDomains =`
			`[ "fudo.org" "fudo.ca" "fudo.im" "selby.ca" "selbyhomecentre.com" ];`
			`# TODO: FIXME!`
			`dkimRecord = "";`
			`}))`
			`];`
			`config = {`
			`# All Fudo hosts should redirect selby.ca to the selbyhomecentre website.`
			`services.nginx.virtualHosts = {`
Tons of changes 2023-11-13 10:59:41 -08:00			`# Pass requests to selby on to selbyhomecentre`
Ensure database exists before starting kdc init 2023-10-15 20:34:16 -07:00			`"selby.ca".locations."/".return =`
			`"301 https://selbyhomecentre.com$request_uri";`
			`"www.selby.ca".locations."/".return =`
			`"301 https://selbyhomecentre.com$request_uri";`
Tons of changes 2023-11-13 10:59:41 -08:00
			`# For Mastodon`
			`"fudo.org".locations = {`
			`"/.well-known/webfinger" = {`
			`return = "301 http://${mastodonHostname}";`
			`extraConfig = "add_header Access-Control-Allow-Origin '*';";`
			`};`
			`"/.well-known/host-meta" = {`
			`return = "301 https://${mastodonHostname}$request_uri";`
			`};`
			`};`
Huge commit...like usual I guess 2023-10-14 16:15:26 -07:00			`};`

			`fudo.services = {`
			`jabber = {`
			`domain = "jabber.fudo.org";`
			`ldap.servers = map (host: "${host}.${localDomain}") domain.ldap-servers;`
			`};`

			`authoritative-dns = {`
			`enable = hostname == primaryNameserver;`

Tons of changes 2023-11-13 10:59:41 -08:00			`nameservers = {`
			`primary = primaryNameserver;`
			`external = map (hostname: {`
			`inherit (config.fudo.zones."fudo.org".hosts."${hostname}")`
			`ipv4-address ipv6-address description;`
			`}) [ "ns2-fudo" "ns3-fudo" "ns4-fudo" ];`
			`};`

			`ip-host-map = let`
			`networkHosts = getDomainHosts "fudo.org";`
			`ipHostPairs =`
			`map (host: nameValuePair (getHostIpv4 host) (getHostFqdn host))`
			`networkHosts;`
			`in listToAttrs ipHostPairs;`
Huge commit...like usual I guess 2023-10-14 16:15:26 -07:00
Tons of changes 2023-11-13 10:59:41 -08:00			`zones = let`
			`defaultDeets = {`
			`inherit (config.fudo.zones."fudo.org".hosts."${defaultHost}")`
			`ipv4-address ipv6-address sshfp-records;`
			`description = "fudo.org";`
			`};`
			`in {`
Huge commit...like usual I guess 2023-10-14 16:15:26 -07:00			`"fudo.org" = {`
Tons of changes 2023-11-13 10:59:41 -08:00			`default-host = defaultDeets;`
Huge commit...like usual I guess 2023-10-14 16:15:26 -07:00			`ksk = config.fudo.secrets.files.dns.key-signing-keys."fudo.org";`
Tons of changes 2023-11-13 10:59:41 -08:00			`reverse-zones = [ "208.81.1.128/28" "208.81.3.112/28" ];`
			`};`
			`"test.fudo.org" = {`
			`default-host = defaultDeets;`
			`ksk =`
			`config.fudo.secrets.files.dns.key-signing-keys."test.fudo.org";`
Huge commit...like usual I guess 2023-10-14 16:15:26 -07:00			`};`
			`"selby.ca" = {`
Tons of changes 2023-11-13 10:59:41 -08:00			`default-host = defaultDeets;`
			`ksk = config.fudo.secrets.files.dns.key-signing-keys."selby.ca";`
			`};`
			`"fudo.ca" = {`
			`default-host = defaultDeets;`
			`ksk = config.fudo.secrets.files.dns.key-signing-keys."fudo.ca";`
			`};`
			`"fudo.im" = {`
			`default-host = defaultDeets;`
			`ksk = config.fudo.secrets.files.dns.key-signing-keys."fudo.im";`
Huge commit...like usual I guess 2023-10-14 16:15:26 -07:00			`};`
Tons of changes 2023-11-13 10:59:41 -08:00			`"stewartsoundservices.ca" = {`
			`default-host = defaultDeets;`
			`ksk =`
			`config.fudo.secrets.files.dns.key-signing-keys."stewartsoundservices.ca";`
Huge commit...like usual I guess 2023-10-14 16:15:26 -07:00			`};`
			`};`
			`};`
			`};`
			`};`
Added live disk flake 2022-03-16 09:49:35 -07:00			`}`