diff options
| -rw-r--r-- | mugam.scm | 258 |
1 files changed, 205 insertions, 53 deletions
diff --git a/mugam.scm b/mugam.scm index 7a4ed7f..85f1538 100644 --- a/mugam.scm +++ b/mugam.scm @@ -1,10 +1,10 @@ -(use-modules (arunisaac powerdns) - (gnu) +(use-modules (gnu) ((gnu packages admin) #:select (htop nmap)) ((gnu packages curl) #:select (curl)) ((gnu packages dns) #:select (knot)) ((gnu packages linux) #:select (nftables)) ((gnu packages ssh) #:select (openssh-sans-x)) + (gnu services dns) (gnu services networking) (gnu services ssh) (gnu services sysctl) @@ -36,50 +36,200 @@ ;;; DNS Server ;;; -(define-record-type* <zone> - zone make-zone - zone? - (name zone-name) - (file zone-file)) - -;; TODO: Backup zone files. -(define %zones - (list (zone - (name "arohonline.in") - (file "/etc/powerdns/zones/arohonline.in")) - (zone - (name "arohonline.org") - (file "/etc/powerdns/zones/arohonline.org")) - (zone - (name "cosmobird.me") - (file "/etc/powerdns/zones/cosmobird.me")) - (zone - (name "issuesofconcern.in") - (file "/etc/powerdns/zones/issuesofconcern.in")) - (zone - (name "ragulkanth.dev") - (file "/etc/powerdns/zones/ragulkanth.dev")) - (zone - (name "solariiknight.org") - (file "/etc/powerdns/zones/solariiknight.org")) - (zone - (name "systemreboot.net") - (file "/etc/powerdns/zones/systemreboot.net")))) - -(define (named.conf-gexp zones) - "Return a G-expression that computes a named.conf with ZONES, a list -of <zone> records." - #~(begin - (call-with-output-file #$output - (lambda (port) - (for-each (lambda (name file) - (format port "zone ~s { - file ~s; -}; -" - name file)) - '#$(map zone-name zones) - '#$(map zone-file zones)))))) +(define %mugam-ip + "188.166.169.68") + +(define (mugam-a-zone-entry name) + (zone-entry + (name name) + (ttl "60") + (data %mugam-ip))) + +(define (hrrol-cname-zone-entry name) + (zone-entry + (name name) + (ttl "60") + (type "CNAME") + (data "hrrol.systemreboot.net."))) + +(define (caa-zone-entry name) + (zone-entry + (name name) + (ttl "3600") + (type "CAA") + (data "128 issue \"letsencrypt.org\""))) + +;; TODO: Export from (gnu services dns). +(define knot-zone-configuration-zone + (@@ (gnu services dns) knot-zone-configuration-zone)) + +;; TODO: Export from (gnu services dns). +(define zone-file-entries + (@@ (gnu services dns) zone-file-entries)) + +(define (add-ns-zone-entries config) + (knot-zone-configuration + (inherit config) + (zone (zone-file + (inherit (knot-zone-configuration-zone config)) + (entries (append (map (lambda (ns) + (zone-entry + (name "@") + (ttl "3600") + (type "NS") + (data ns))) + (list "ns1.systemreboot.net." + "ns2.systemreboot.net.")) + (zone-file-entries (knot-zone-configuration-zone config)))))))) + +(define arohonline.in-zone + (knot-zone-configuration + (domain "arohonline.in") + (zone (zone-file + (origin domain) + (entries (list (mugam-a-zone-entry "@") + (caa-zone-entry "@") + (hrrol-cname-zone-entry "www"))))))) + +(define arohonline.org-zone + (knot-zone-configuration + (domain "arohonline.org") + (zone (zone-file + (origin domain) + (entries (cons* (mugam-a-zone-entry "@") + (caa-zone-entry "@") + (hrrol-cname-zone-entry "www") + (zone-entry + (name "@") + (ttl "3600") + (type "TXT") + (data "\"v=spf1 include:_spf.google.com ~all\"")) + (zone-entry + (name "_dmarc") + (ttl "3600") + (type "TXT") + (data "\"v=DMARC1; p=none\"")) + (zone-entry + (name "google._domainkey") + (ttl "3600") + (type "TXT") + (data "\"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiJTz4BskFyqQYUHn/3xXqasYtPZtlcY9e8t0LiFDT28YoYinUB4YWA4Q7iHwH8L5Dd5EG401vDJBXz7/TK6zO1ZJMs6pStCmzs9AbRpA2hX4WRACB6aNk6DKSYNT/I7G839RxX1xx9SYrXFGM71c6C7iR1vuKJdROlAd+ZfKj6nBA69fiWbFr68krLnEHlq14k8NimT6XuCxjVLNO3yp36diKmej32BU9bi9ThIcv3QwufpQtt7ejPBhBDRzBKdcrS09FYC4HzSLbOiZDB4upEfnrWwAGOI/+L3qTlCzNe/7jZyNTYSB5g74E6t1O3TOdjzdN26AqEZN35k4KokRYQIDAQAB\"")) + (map (lambda (data) + (zone-entry + (name "@") + (ttl "3600") + (type "MX") + (data data))) + (list "1 aspmx.l.google.com." + "5 alt1.aspmx.l.google.com." + "5 alt2.aspmx.l.google.com." + "10 alt3.aspmx.l.google.com." + "10 alt4.aspmx.l.google.com." + "15 demr5wwt4lgi2mqctgimwbw4vmal3vdkhdbhp5577xgivbvl3xxa.mx-verification.google.com.")))))))) + +(define issuesofconcern.in-zone + (knot-zone-configuration + (domain "issuesofconcern.in") + (zone (zone-file + (origin domain) + (entries (list (mugam-a-zone-entry "@") + (caa-zone-entry "@") + (hrrol-cname-zone-entry "www"))))))) + +(define ragulkanth.dev-zone + (knot-zone-configuration + (domain "ragulkanth.dev") + (zone (zone-file + (origin domain) + (entries (cons* (mugam-a-zone-entry "@") + (mugam-a-zone-entry "server") + (append (map (lambda (name) + (zone-entry + (name name) + (ttl "60") + (type "CNAME") + (data "server"))) + (list "collabora" + "files")) + (map (lambda (name) + (zone-entry + (name name) + (ttl "60") + (data "103.109.44.157"))) + (list "bazarr" "jellyfin" "lidarr" + "portainer" "prowlarr" + "qbittorrent" "radarr" "readarr" + "sabnzbd" "sonarr"))))))))) + +(define solariiknight.org-zone + (knot-zone-configuration + (domain "solariiknight.org") + (zone (zone-file + (origin domain) + (entries (list (mugam-a-zone-entry "@") + (caa-zone-entry "@") + (hrrol-cname-zone-entry "www"))))))) + +(define systemreboot.net-zone + (knot-zone-configuration + (domain "systemreboot.net") + (zone (zone-file + (origin domain) + (entries (cons* (caa-zone-entry "@") + (mugam-a-zone-entry "@") + (zone-entry + (name "_avatars-sec") + (ttl "3600") + (type "SRV") + (data (string-append "0 0 443 avatars." origin "."))) + (zone-entry + (name "_dmarc") + (ttl "3600") + (type "TXT") + (data "\"v=DMARC1; p=none\"")) + (zone-entry + (name "_xmpp-client._tcp") + (ttl "3600") + (type "SRV") + (data (string-append "0 5 5222 xmpp." origin "."))) + (zone-entry + (name "_xmpp-server._tcp.conference") + (ttl "3600") + (type "SRV") + (data (string-append "0 5 5269 xmpp." origin "."))) + (zone-entry + (name "_xmpp-server._tcp") + (ttl "3600") + (type "SRV") + (data (string-append "0 5 5269 xmpp." origin "."))) + (zone-entry + (name "default._domainkey") + (ttl "3600") + (type "TXT") + (data "\"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAquVdlx+0jHyN/lle1Mte41uOJ8fkmsCnPhxhBKq9axS2e45ZLJxCqZFWTIZddo+xbA4A95VW9utvX0ssbvfFFT34p0oZsF060Z/OvB/bnwPTalChVkntbuTx5i2HfH6c3uVMjUswPZU6EP2Rf32iNzd0S2DJKd1YFlXOewQniaC/CZeRekVkvDXLCEHDqM8QDvFsOGjoBlAn9d4isC8nEvvUaK3OTQo6tdGLTpcJWhsHm6q28fVmzc6Ba6cXbZ1vDGAntDbRT/xFeHeOTRRNBdjoQEeTYybyBCrhZidRJFuywz/i3Ht5E2Nq5M6fk9GxrzPgGud8HcvCyuKXDdY4SQIDAQAB\"")) + (zone-entry + (name "@") + (ttl "3600") + (type "MX") + (data (string-append "10 mail." origin "."))) + (zone-entry + (name "@") + (ttl "3600") + (type "TXT") + (data (string-append "\"v=spf1 mx a:mugam." origin " -all\""))) + (append (map (lambda (name) + (mugam-a-zone-entry name)) + (list "hrrol" "ns1" "ns2")) + (map (lambda (name) + (hrrol-cname-zone-entry name)) + (list "aruni" "avatars" "bridge" "ccwl" "ci" + "ci.demo" "files" "forge" "git" + "git.demo" "guile-email" "guile-xapian" + "guix-forge" "klaus" "kolam" "lists" + "mail" "mathjax" "meetfree" "mugam" + "nardhini" "run64" "sale" "selfhost" + "skribilo" "ta" "tamil" "tissue" "www" + "xmpp"))))))))) ;;; @@ -140,13 +290,15 @@ of <zone> records." ("arunisaac" ,(local-file "ssh-keys/arunisaac.pub")) ("cosmovpndns" ,(local-file "ssh-keys/cosmovpndns.pub")) ("ragulkanth" ,(local-file "ssh-keys/ragulkanth.pub")))))) - (service powerdns-service-type - (powerdns-configuration - (backends (list "bind")) - (bind-config - (computed-file "named.conf" - (named.conf-gexp %zones))) - (bind-check-interval 60))) + (service knot-service-type + (knot-configuration + (zones (map add-ns-zone-entries + (list arohonline.in-zone + arohonline.org-zone + issuesofconcern.in-zone + ragulkanth.dev-zone + solariiknight.org-zone + systemreboot.net-zone))))) (service nginx-service-type (nginx-configuration (server-blocks |