{ config, lib, pkgs, ... }@toplevel: with lib; let hostname = config.instance.hostname; localDomain = "fudo.org"; domainSecrets = config.fudo.secrets.files.domain-secrets."${localDomain}"; inherit (pkgs.lib) getDomainHosts getHostIpv4 getHostIpv6 getHostFqdn; domain = config.fudo.domains."${localDomain}"; authentikHost = "legatus"; primaryNameserver = "germany"; defaultHost = "germany"; mastodonHostname = "fudo.live"; lemmyHost = "germany"; lemmyHostname = "fudo.social"; servedDomains = [ "fudo.org" "test.fudo.org" "selby.ca" "fudo.ca" "fudo.im" "fudo.live" "fudo.social" "stewartsoundservices.ca" ]; in { imports = [ (import ./fudo.org/authentik.nix { inherit authentikHost; authentikImage = "ghcr.io/goauthentik/server:2023.10.6"; }) (import ./fudo.org/mastodon.nix { mastodonHost = "germany"; mastodonHostname = mastodonHostname; mastodonWebDomain = mastodonHostname; mastodonOidcClientId = domainSecrets."mastodon-oidc.clientid"; mastodonOidcClientSecret = domainSecrets."mastodon-oidc.secret"; }) (import ./fudo.org/nextcloud.nix { nextcloudHost = "legatus"; nextcloudHostname = "cloud.fudo.org"; nextcloudPackage = pkgs.nextcloud28; }) (import ./fudo.org/matrix.nix { matrixHost = "germany"; matrixServerName = "fudo.im"; openIdClientId = readFile domainSecrets."matrix-oidc.clientid"; openIdClientSecret = readFile domainSecrets."matrix-oidc.secret"; }) (import ./fudo.org/mail-server.nix (rec { primaryMailserver = "france"; primaryDomain = "fudo.org"; authentikServer = "authentik.fudo.org"; ldapBase = "dc=fudo,dc=org"; ldapBindDn = "cn=userdb,ou=users,${ldapBase}"; ldapBindPwFile = domainSecrets."ldap-bind.passwd"; saslDomain = "FUDO.ORG"; authentikOutpostToken = domainSecrets."authentik-ldap.token"; inherit servedDomains; dkimRecord = '' mail._domainkey IN TXT ( "v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwoCgHwsfuu0lhj9Ayj4ntoy0bdcGBNsV46qoKbd8E8FKsJF5rL4EoytwXEFcKJwT3E+o3/BsZGi9J5irtjlfIhnxnPlhVRS3R/834NDSQyuwGTxAfhPOklhA0cTYA+4x2oGwAuraz+On2REDeSymMccXFDsTugEHVvn6qaeqkJwIDAQAB" );''; })) ]; config = { # All Fudo hosts should redirect selby.ca to the selbyhomecentre website. services = { nginx.virtualHosts = { # Pass requests to selby on to selbyhomecentre "selby.ca".locations."/".return = "301 https://selbyhomecentre.com$request_uri"; "www.selby.ca".locations."/".return = "301 https://selbyhomecentre.com$request_uri"; # For Mastodon "fudo.org".locations = { "/.well-known/webfinger" = { return = "301 http://${mastodonHostname}"; extraConfig = "add_header Access-Control-Allow-Origin '*';"; }; "/.well-known/host-meta" = { return = "301 https://${mastodonHostname}$request_uri"; }; }; }; lemmyDocker = { enable = config.instance.hostname == lemmyHost; hostname = lemmyHostname; site-name = "Fudo Lemmy"; version = "0.19.2"; smtp-server = "mail.fudo.org:587"; docker-images = { pictrs = "asonix/pictrs:0.5.1"; postgres = "postgres:15-alpine"; }; }; }; fudo = { services = { # TEMPORARY mail-server.enable = false; jabber = { domain = "jabber.fudo.org"; ldap.servers = map (host: "${host}.${localDomain}") domain.ldap-servers; }; metrics.grafana = { oauth = { hostname = "authentik.fudo.org"; client-id = domainSecrets."grafana-oid-client-id"; client-secret = domainSecrets."grafana-oid-client-secret"; slug = "grafana-metrics"; }; }; authoritative-dns = { enable = hostname == primaryNameserver; enable-notifications = true; container = { hostname = "nameserver"; interface = "enp5s0f0"; }; nameservers = { primary = "nameserver"; external = map (hostname: { inherit (config.fudo.zones."fudo.org".hosts."${hostname}") ipv4-address ipv6-address description; }) [ "ns2-fudo" "ns3-fudo" "ns4-fudo" ]; }; ip-host-map = let networkHosts = getDomainHosts "fudo.org"; ipHostPairs = map (host: nameValuePair (getHostIpv4 host) (getHostFqdn host)) networkHosts; in listToAttrs ipHostPairs; zones = let defaultDeets = { inherit (config.fudo.zones."fudo.org".hosts."${defaultHost}") ipv4-address ipv6-address sshfp-records; description = "fudo.org"; }; # TODO: Fix email FFS! fudoMailservers = { smtp-servers = [ "mail.fudo.org." ]; imap-servers = [ "mail.fudo.org." ]; }; mkDomain = domain: extraConfig: { default-host = defaultDeets; ksk = config.fudo.secrets.files.dns.key-signing-keys."${domain}"; } // extraConfig; in { "fudo.org" = mkDomain "fudo.org" { reverse-zones = [ "208.81.1.128/28" "208.81.3.112/28" ]; mail = fudoMailservers; }; "test.fudo.org" = mkDomain "test.fudo.org" { }; "selby.ca" = mkDomain "selby.ca" { mail = fudoMailservers; }; "fudo.ca" = mkDomain "fudo.ca" { mail = fudoMailservers; }; "fudo.im" = mkDomain "fudo.im" { mail = fudoMailservers; }; "stewartsoundservices.ca" = mkDomain "stewartsoundservices.ca" { mail = fudoMailservers; }; "fudo.live" = mkDomain "fudo.live" { mail = fudoMailservers; }; "fudo.social" = mkDomain "fudo.social" { mail = fudoMailservers; }; }; }; }; }; }; }