{ config, lib, pkgs, ... }@toplevel: with lib; let hostname = config.instance.hostname; localDomain = "fudo.org"; serviceSecrets = config.fudo.secrets.files.service-secrets."${hostname}"; inherit (pkgs.lib) getDomainHosts getHostIpv4 getHostIpv6 getHostFqdn; domain = config.fudo.domains."${localDomain}"; authentikHost = "legatus"; primaryNameserver = "germany"; defaultHost = "germany"; mastodonHostname = "mastodon.fudo.org"; servedDomains = [ "fudo.org" "test.fudo.org" "selby.ca" "fudo.ca" "fudo.im" "stewartsoundservices.ca" ]; in { imports = [ (import ./fudo.org/authentik.nix { inherit authentikHost; }) (import ./fudo.org/mastodon.nix { mastodonHost = "legatus"; mastodonHostname = mastodonHostname; mastodonWebDomain = "fudo.org"; mastodonOidcClientId = serviceSecrets."mastodon-oidc.clientid"; mastodonOidcClientSecret = serviceSecrets."mastodon-oidc.secret"; }) (import ./fudo.org/nextcloud.nix { nextcloudHost = "legatus"; nextcloudHostname = "cloud.fudo.org"; nextcloudPackage = pkgs.nextcloud27; }) (import ./fudo.org/matrix.nix { matrixHost = "legatus"; matrixServerName = "fudo.org"; openIdClientId = readFile serviceSecrets."matrix-oidc.clientid"; openIdClientSecret = readFile serviceSecrets."matrix-oidc.secret"; }) (import ./fudo.org/mail-server.nix (rec { primaryMailserver = "germany"; primaryDomain = "test.fudo.org"; authentikServer = "authentik.fudo.org"; ldapBase = "dc=fudo,dc=org"; ldapBindDn = "cn=userdb,ou=users,${ldapBase}"; ldapBindPwFile = config.fudo.secrets.files.domain-secrets."${primaryDomain}"."ldap-bind.passwd"; saslDomain = "FUDO.ORG"; authentikOutpostToken = config.fudo.secrets.files.domain-secrets."${primaryDomain}"."authentik-ldap.token"; inherit servedDomains; # TODO: FIXME! dkimRecord = ""; })) ]; config = { # All Fudo hosts should redirect selby.ca to the selbyhomecentre website. services.nginx.virtualHosts = { # Pass requests to selby on to selbyhomecentre "selby.ca".locations."/".return = "301 https://selbyhomecentre.com$request_uri"; "www.selby.ca".locations."/".return = "301 https://selbyhomecentre.com$request_uri"; # For Mastodon "fudo.org".locations = { "/.well-known/webfinger" = { return = "301 http://${mastodonHostname}"; extraConfig = "add_header Access-Control-Allow-Origin '*';"; }; "/.well-known/host-meta" = { return = "301 https://${mastodonHostname}$request_uri"; }; }; }; fudo = { services = { jabber = { domain = "jabber.fudo.org"; ldap.servers = map (host: "${host}.${localDomain}") domain.ldap-servers; }; authoritative-dns = { enable = hostname == primaryNameserver; container = { hostname = "nameserver"; interface = "enp5s0f0"; }; nameservers = { primary = primaryNameserver; external = map (hostname: { inherit (config.fudo.zones."fudo.org".hosts."${hostname}") ipv4-address ipv6-address description; }) [ "ns2-fudo" "ns3-fudo" "ns4-fudo" ]; }; ip-host-map = let networkHosts = getDomainHosts "fudo.org"; ipHostPairs = map (host: nameValuePair (getHostIpv4 host) (getHostFqdn host)) networkHosts; in listToAttrs ipHostPairs; zones = let defaultDeets = { inherit (config.fudo.zones."fudo.org".hosts."${defaultHost}") ipv4-address ipv6-address sshfp-records; description = "fudo.org"; }; fudoMailservers = { smtp-servers = [ "smtp.fudo.org." ]; imap-servers = [ "imap.fudo.org." ]; }; mkDomain = domain: extraConfig: { default-host = defaultDeets; ksk = config.fudo.secrets.files.dns.key-signing-keys."${domain}"; } // extraConfig; in { "fudo.org" = mkDomain "fudo.org" { reverse-zones = [ "208.81.1.128/28" "208.81.3.112/28" ]; mail = fudoMailservers; }; "test.fudo.org" = mkDomain "test.fudo.org" { }; "selby.ca" = mkDomain "selby.ca" { mail = fudoMailservers; }; "fudo.ca" = mkDomain "fudo.ca" { mail = fudoMailservers; }; "fudo.im" = mkDomain "fudo.im" { mail = fudoMailservers; }; "stewartsoundservices.ca" = mkDomain "stewartsoundservices.ca" { mail = fudoMailservers; }; "fudo.live" = mkDomain "fudo.live" { mail = fudoMailservers; }; }; }; }; }; }; }