nixos-config/config/domain-config/fudo.org.nix

{ config, lib, pkgs, ... }@toplevel:

with lib;
let
  hostname = config.instance.hostname;
  localDomain = "fudo.org";

  domainSecrets = config.fudo.secrets.files.domain-secrets."${localDomain}";

  inherit (pkgs.lib) getDomainHosts getHostIpv4 getHostIpv6 getHostFqdn;

  domain = config.fudo.domains."${localDomain}";

  authentikHost = "legatus";

  primaryNameserver = "germany";

  defaultHost = "germany";

  mastodonHostname = "fudo.live";

  lemmyHost = "germany";
  lemmyHostname = "fudo.social";

  servedDomains = [
    "fudo.org"
    "test.fudo.org"
    "selby.ca"
    "fudo.ca"
    "fudo.im"
    "fudo.live"
    "fudo.social"
    "stewartsoundservices.ca"
  ];

in {
  imports = [
    (import ./fudo.org/authentik.nix {
      inherit authentikHost;
      authentikImage = "ghcr.io/goauthentik/server:2023.10.6";
    })
    (import ./fudo.org/mastodon.nix {
      mastodonHost = "germany";
      mastodonHostname = mastodonHostname;
      mastodonWebDomain = mastodonHostname;
      mastodonOidcClientId = domainSecrets."mastodon-oidc.clientid";
      mastodonOidcClientSecret = domainSecrets."mastodon-oidc.secret";
    })
    (import ./fudo.org/nextcloud.nix {
      nextcloudHost = "legatus";
      nextcloudHostname = "cloud.fudo.org";
      nextcloudPackage = pkgs.nextcloud28;
    })
    (import ./fudo.org/matrix.nix {
      matrixHost = "germany";
      matrixServerName = "fudo.im";
      openIdClientId = readFile domainSecrets."matrix-oidc.clientid";
      openIdClientSecret = readFile domainSecrets."matrix-oidc.secret";
    })
    (import ./fudo.org/mail-server.nix (rec {
      primaryMailserver = "france";
      primaryDomain = "fudo.org";
      authentikServer = "authentik.fudo.org";
      ldapBase = "dc=fudo,dc=org";
      ldapBindDn = "cn=userdb,ou=users,${ldapBase}";
      ldapBindPwFile = domainSecrets."ldap-bind.passwd";
      saslDomain = "FUDO.ORG";
      authentikOutpostToken = domainSecrets."authentik-ldap.token";
      inherit servedDomains;
      dkimRecord = ''
        mail._domainkey IN TXT ( "v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwoCgHwsfuu0lhj9Ayj4ntoy0bdcGBNsV46qoKbd8E8FKsJF5rL4EoytwXEFcKJwT3E+o3/BsZGi9J5irtjlfIhnxnPlhVRS3R/834NDSQyuwGTxAfhPOklhA0cTYA+4x2oGwAuraz+On2REDeSymMccXFDsTugEHVvn6qaeqkJwIDAQAB" );'';
    }))
  ];

  config = {
    # All Fudo hosts should redirect selby.ca to the selbyhomecentre website.
    services = {
      nginx.virtualHosts = {
        # Pass requests to selby on to selbyhomecentre
        "selby.ca".locations."/".return =
          "301 https://selbyhomecentre.com$request_uri";
        "www.selby.ca".locations."/".return =
          "301 https://selbyhomecentre.com$request_uri";

        # For Mastodon
        "fudo.org".locations = {
          "/.well-known/webfinger" = {
            return = "301 http://${mastodonHostname}";
            extraConfig = "add_header Access-Control-Allow-Origin '*';";
          };
          "/.well-known/host-meta" = {
            return = "301 https://${mastodonHostname}$request_uri";
          };
        };
      };

      lemmyDocker = {
        enable = config.instance.hostname == lemmyHost;
        hostname = lemmyHostname;
        site-name = "Fudo Lemmy";
        version = "0.19.2";
        smtp-server = "mail.fudo.org:587";
        docker-images = {
          pictrs = "asonix/pictrs:0.5.1";
          postgres = "postgres:15-alpine";
        };
      };
    };

    fudo = {
      services = {
        # TEMPORARY
        mail-server.enable = false;

        jabber = {
          domain = "jabber.fudo.org";
          ldap.servers =
            map (host: "${host}.${localDomain}") domain.ldap-servers;
        };

        metrics.grafana = {
          oauth = {
            hostname = "authentik.fudo.org";
            client-id = domainSecrets."grafana-oid-client-id";
            client-secret = domainSecrets."grafana-oid-client-secret";
            slug = "grafana-metrics";
          };
        };

        authoritative-dns = {
          enable = hostname == primaryNameserver;

          enable-notifications = true;

          container = {
            hostname = "nameserver";
            interface = "enp5s0f0";
          };

          nameservers = {
            primary = "nameserver";
            external = map (hostname: {
              inherit (config.fudo.zones."fudo.org".hosts."${hostname}")
                ipv4-address ipv6-address description;
            }) [ "ns2-fudo" "ns3-fudo" "ns4-fudo" ];
          };

          ip-host-map = let
            networkHosts = getDomainHosts "fudo.org";
            ipHostPairs =
              map (host: nameValuePair (getHostIpv4 host) (getHostFqdn host))
              networkHosts;
          in listToAttrs ipHostPairs;

          zones = let
            defaultDeets = {
              inherit (config.fudo.zones."fudo.org".hosts."${defaultHost}")
                ipv4-address ipv6-address sshfp-records;
              description = "fudo.org";
            };

            # TODO: Fix email FFS!
            fudoMailservers = {
              smtp-servers = [ "mail.fudo.org." ];
              imap-servers = [ "mail.fudo.org." ];
            };

            mkDomain = domain: extraConfig:
              {
                default-host = defaultDeets;
                ksk =
                  config.fudo.secrets.files.dns.key-signing-keys."${domain}";
              } // extraConfig;
          in {
            "fudo.org" = mkDomain "fudo.org" {
              reverse-zones = [ "208.81.1.128/28" "208.81.3.112/28" ];
              mail = fudoMailservers;
            };
            "test.fudo.org" = mkDomain "test.fudo.org" { };
            "selby.ca" = mkDomain "selby.ca" { mail = fudoMailservers; };
            "fudo.ca" = mkDomain "fudo.ca" { mail = fudoMailservers; };
            "fudo.im" = mkDomain "fudo.im" { mail = fudoMailservers; };
            "stewartsoundservices.ca" =
              mkDomain "stewartsoundservices.ca" { mail = fudoMailservers; };
            "fudo.live" = mkDomain "fudo.live" { mail = fudoMailservers; };
            "fudo.social" = mkDomain "fudo.social" { mail = fudoMailservers; };
          };
        };
      };
    };
  };
}
Tons of changes 2023-11-13 10:59:41 -08:00			`{ config, lib, pkgs, ... }@toplevel:`
Working refactored (on a test server) 2021-02-25 20:45:50 +00:00
Huge commit...like usual I guess 2023-10-14 16:15:26 -07:00			`with lib;`
			`let`
			`hostname = config.instance.hostname;`
			`localDomain = "fudo.org";`
Tons of stuff, including 23.05 -> 23.11 2024-01-16 19:08:38 -08:00
			`domainSecrets = config.fudo.secrets.files.domain-secrets."${localDomain}";`
Huge commit...like usual I guess 2023-10-14 16:15:26 -07:00
Big commit 2023-12-04 17:10:57 -08:00			`inherit (pkgs.lib) getDomainHosts getHostIpv4 getHostIpv6 getHostFqdn;`
Tons of changes 2023-11-13 10:59:41 -08:00
Huge commit...like usual I guess 2023-10-14 16:15:26 -07:00			`domain = config.fudo.domains."${localDomain}";`

			`authentikHost = "legatus";`

			`primaryNameserver = "germany";`

Tons of changes 2023-11-13 10:59:41 -08:00			`defaultHost = "germany";`

Tons of stuff, including 23.05 -> 23.11 2024-01-16 19:08:38 -08:00			`mastodonHostname = "fudo.live";`

			`lemmyHost = "germany";`
			`lemmyHostname = "fudo.social";`
Tons of changes 2023-11-13 10:59:41 -08:00
Big commit 2023-12-04 17:10:57 -08:00			`servedDomains = [`
			`"fudo.org"`
			`"test.fudo.org"`
			`"selby.ca"`
			`"fudo.ca"`
			`"fudo.im"`
Tons of stuff, including 23.05 -> 23.11 2024-01-16 19:08:38 -08:00			`"fudo.live"`
			`"fudo.social"`
Big commit 2023-12-04 17:10:57 -08:00			`"stewartsoundservices.ca"`
			`];`

Huge commit...like usual I guess 2023-10-14 16:15:26 -07:00			`in {`
			`imports = [`
Tons of stuff, including 23.05 -> 23.11 2024-01-16 19:08:38 -08:00			`(import ./fudo.org/authentik.nix {`
			`inherit authentikHost;`
			`authentikImage = "ghcr.io/goauthentik/server:2023.10.6";`
			`})`
Huge commit...like usual I guess 2023-10-14 16:15:26 -07:00			`(import ./fudo.org/mastodon.nix {`
Tons of stuff, including 23.05 -> 23.11 2024-01-16 19:08:38 -08:00			`mastodonHost = "germany";`
Tons of changes 2023-11-13 10:59:41 -08:00			`mastodonHostname = mastodonHostname;`
Tons of stuff, including 23.05 -> 23.11 2024-01-16 19:08:38 -08:00			`mastodonWebDomain = mastodonHostname;`
			`mastodonOidcClientId = domainSecrets."mastodon-oidc.clientid";`
			`mastodonOidcClientSecret = domainSecrets."mastodon-oidc.secret";`
Huge commit...like usual I guess 2023-10-14 16:15:26 -07:00			`})`
			`(import ./fudo.org/nextcloud.nix {`
			`nextcloudHost = "legatus";`
			`nextcloudHostname = "cloud.fudo.org";`
Tons of stuff, including 23.05 -> 23.11 2024-01-16 19:08:38 -08:00			`nextcloudPackage = pkgs.nextcloud28;`
Huge commit...like usual I guess 2023-10-14 16:15:26 -07:00			`})`
			`(import ./fudo.org/matrix.nix {`
Tons of stuff, including 23.05 -> 23.11 2024-01-16 19:08:38 -08:00			`matrixHost = "germany";`
			`matrixServerName = "fudo.im";`
			`openIdClientId = readFile domainSecrets."matrix-oidc.clientid";`
			`openIdClientSecret = readFile domainSecrets."matrix-oidc.secret";`
Huge commit...like usual I guess 2023-10-14 16:15:26 -07:00			`})`
			`(import ./fudo.org/mail-server.nix (rec {`
Tons of stuff, including 23.05 -> 23.11 2024-01-16 19:08:38 -08:00			`primaryMailserver = "france";`
			`primaryDomain = "fudo.org";`
Huge commit...like usual I guess 2023-10-14 16:15:26 -07:00			`authentikServer = "authentik.fudo.org";`
			`ldapBase = "dc=fudo,dc=org";`
			`ldapBindDn = "cn=userdb,ou=users,${ldapBase}";`
Tons of stuff, including 23.05 -> 23.11 2024-01-16 19:08:38 -08:00			`ldapBindPwFile = domainSecrets."ldap-bind.passwd";`
Huge commit...like usual I guess 2023-10-14 16:15:26 -07:00			`saslDomain = "FUDO.ORG";`
Tons of stuff, including 23.05 -> 23.11 2024-01-16 19:08:38 -08:00			`authentikOutpostToken = domainSecrets."authentik-ldap.token";`
Big commit 2023-12-04 17:10:57 -08:00			`inherit servedDomains;`
Tons of stuff, including 23.05 -> 23.11 2024-01-16 19:08:38 -08:00			`dkimRecord = ''`
			`mail._domainkey IN TXT ( "v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwoCgHwsfuu0lhj9Ayj4ntoy0bdcGBNsV46qoKbd8E8FKsJF5rL4EoytwXEFcKJwT3E+o3/BsZGi9J5irtjlfIhnxnPlhVRS3R/834NDSQyuwGTxAfhPOklhA0cTYA+4x2oGwAuraz+On2REDeSymMccXFDsTugEHVvn6qaeqkJwIDAQAB" );'';`
Huge commit...like usual I guess 2023-10-14 16:15:26 -07:00			`}))`
			`];`
Big commit 2023-12-04 17:10:57 -08:00
Huge commit...like usual I guess 2023-10-14 16:15:26 -07:00			`config = {`
			`# All Fudo hosts should redirect selby.ca to the selbyhomecentre website.`
Tons of stuff, including 23.05 -> 23.11 2024-01-16 19:08:38 -08:00			`services = {`
			`nginx.virtualHosts = {`
			`# Pass requests to selby on to selbyhomecentre`
			`"selby.ca".locations."/".return =`
			`"301 https://selbyhomecentre.com$request_uri";`
			`"www.selby.ca".locations."/".return =`
			`"301 https://selbyhomecentre.com$request_uri";`

			`# For Mastodon`
			`"fudo.org".locations = {`
			`"/.well-known/webfinger" = {`
			`return = "301 http://${mastodonHostname}";`
			`extraConfig = "add_header Access-Control-Allow-Origin '*';";`
			`};`
			`"/.well-known/host-meta" = {`
			`return = "301 https://${mastodonHostname}$request_uri";`
			`};`
Tons of changes 2023-11-13 10:59:41 -08:00			`};`
Tons of stuff, including 23.05 -> 23.11 2024-01-16 19:08:38 -08:00			`};`

			`lemmyDocker = {`
			`enable = config.instance.hostname == lemmyHost;`
			`hostname = lemmyHostname;`
			`site-name = "Fudo Lemmy";`
			`version = "0.19.2";`
			`smtp-server = "mail.fudo.org:587";`
			`docker-images = {`
			`pictrs = "asonix/pictrs:0.5.1";`
			`postgres = "postgres:15-alpine";`
Tons of changes 2023-11-13 10:59:41 -08:00			`};`
			`};`
Huge commit...like usual I guess 2023-10-14 16:15:26 -07:00			`};`

Big commit 2023-12-04 17:10:57 -08:00			`fudo = {`
			`services = {`
Tons of stuff, including 23.05 -> 23.11 2024-01-16 19:08:38 -08:00			`# TEMPORARY`
			`mail-server.enable = false;`

Big commit 2023-12-04 17:10:57 -08:00			`jabber = {`
			`domain = "jabber.fudo.org";`
			`ldap.servers =`
			`map (host: "${host}.${localDomain}") domain.ldap-servers;`
Tons of changes 2023-11-13 10:59:41 -08:00			`};`

Tons of stuff, including 23.05 -> 23.11 2024-01-16 19:08:38 -08:00			`metrics.grafana = {`
			`oauth = {`
			`hostname = "authentik.fudo.org";`
			`client-id = domainSecrets."grafana-oid-client-id";`
			`client-secret = domainSecrets."grafana-oid-client-secret";`
			`slug = "grafana-metrics";`
			`};`
			`};`

Big commit 2023-12-04 17:10:57 -08:00			`authoritative-dns = {`
			`enable = hostname == primaryNameserver;`

Tons of stuff, including 23.05 -> 23.11 2024-01-16 19:08:38 -08:00			`enable-notifications = true;`

Big commit 2023-12-04 17:10:57 -08:00			`container = {`
			`hostname = "nameserver";`
			`interface = "enp5s0f0";`
Tons of changes 2023-11-13 10:59:41 -08:00			`};`
Big commit 2023-12-04 17:10:57 -08:00
			`nameservers = {`
Tons of stuff, including 23.05 -> 23.11 2024-01-16 19:08:38 -08:00			`primary = "nameserver";`
Big commit 2023-12-04 17:10:57 -08:00			`external = map (hostname: {`
			`inherit (config.fudo.zones."fudo.org".hosts."${hostname}")`
			`ipv4-address ipv6-address description;`
			`}) [ "ns2-fudo" "ns3-fudo" "ns4-fudo" ];`
Huge commit...like usual I guess 2023-10-14 16:15:26 -07:00			`};`
Big commit 2023-12-04 17:10:57 -08:00
			`ip-host-map = let`
			`networkHosts = getDomainHosts "fudo.org";`
			`ipHostPairs =`
			`map (host: nameValuePair (getHostIpv4 host) (getHostFqdn host))`
			`networkHosts;`
			`in listToAttrs ipHostPairs;`

			`zones = let`
			`defaultDeets = {`
			`inherit (config.fudo.zones."fudo.org".hosts."${defaultHost}")`
			`ipv4-address ipv6-address sshfp-records;`
			`description = "fudo.org";`
			`};`

Tons of stuff, including 23.05 -> 23.11 2024-01-16 19:08:38 -08:00			`# TODO: Fix email FFS!`
Big commit 2023-12-04 17:10:57 -08:00			`fudoMailservers = {`
Tons of stuff, including 23.05 -> 23.11 2024-01-16 19:08:38 -08:00			`smtp-servers = [ "mail.fudo.org." ];`
			`imap-servers = [ "mail.fudo.org." ];`
Big commit 2023-12-04 17:10:57 -08:00			`};`

			`mkDomain = domain: extraConfig:`
			`{`
			`default-host = defaultDeets;`
			`ksk =`
			`config.fudo.secrets.files.dns.key-signing-keys."${domain}";`
			`} // extraConfig;`
			`in {`
			`"fudo.org" = mkDomain "fudo.org" {`
			`reverse-zones = [ "208.81.1.128/28" "208.81.3.112/28" ];`
			`mail = fudoMailservers;`
			`};`
			`"test.fudo.org" = mkDomain "test.fudo.org" { };`
			`"selby.ca" = mkDomain "selby.ca" { mail = fudoMailservers; };`
			`"fudo.ca" = mkDomain "fudo.ca" { mail = fudoMailservers; };`
			`"fudo.im" = mkDomain "fudo.im" { mail = fudoMailservers; };`
			`"stewartsoundservices.ca" =`
			`mkDomain "stewartsoundservices.ca" { mail = fudoMailservers; };`
			`"fudo.live" = mkDomain "fudo.live" { mail = fudoMailservers; };`
Tons of stuff, including 23.05 -> 23.11 2024-01-16 19:08:38 -08:00			`"fudo.social" = mkDomain "fudo.social" { mail = fudoMailservers; };`
Huge commit...like usual I guess 2023-10-14 16:15:26 -07:00			`};`
			`};`
			`};`
			`};`
			`};`
Added live disk flake 2022-03-16 09:49:35 -07:00			`}`