Custom octodns setup!

2024-07-08 03:06:27 +02:00 · 2024-07-08 03:06:27 +02:00 · fd36e012f9
commit fd36e012f9
parent 9e853e9684
27 changed files with 434 additions and 59 deletions
--- a/dns/common.nix
+++ b/dns/common.nix
@ -0,0 +1,74 @@
+# DNS entries which do not belong to a particular host
+{ lib, ... }:
+let
+  # {{{ Github pages helper
+  ghPage = at: [{
+    inherit at; type = "CNAME";
+    value = "prescientmoon.github.io.";
+  }];
+  # }}}
+  # {{{ Migadu mail DNS setup
+  migaduMail = at: verifyKey:
+    let atPrefix = prefix: if at == "" then prefix else "${prefix}.${at}";
+    in
+    [
+      {
+        inherit at;
+        ttl = 600;
+        type = "MX";
+        value = [
+          {
+            exchange = "aspmx1.migadu.com.";
+            preference = 10;
+          }
+          {
+            exchange = "aspmx2.migadu.com.";
+            preference = 20;
+          }
+        ];
+      }
+      {
+        inherit at;
+        ttl = 600;
+        type = "TXT";
+        value = [
+          "v=spf1 include:spf.migadu.com -all"
+          "hosted-email-verify=${verifyKey}"
+        ];
+      }
+      {
+        at = atPrefix "_dmarc";
+        type = "TXT";
+        value = ''v=DMARC1\; p=quarantine\;'';
+        ttl = 600;
+      }
+      {
+        at = atPrefix "key1._domainkey";
+        type = "CNAME";
+        value = "key1.orbit.moonythm.dev._domainkey.migadu.com.";
+        ttl = 600;
+      }
+      {
+        at = atPrefix "key2._domainkey";
+        type = "CNAME";
+        value = "key2.orbit.moonythm.dev._domainkey.migadu.com.";
+        ttl = 600;
+      }
+      {
+        at = atPrefix "key3._domainkey";
+        type = "CNAME";
+        value = "key3.orbit.moonythm.dev._domainkey.migadu.com.";
+        ttl = 600;
+      }
+    ];
+  # }}}
+in
+{
+  satellite.dns.domain = "moonythm.dev";
+  satellite.dns.records = lib.flatten [
+    (ghPage "doffycup")
+    (ghPage "erratic-gate")
+    (migaduMail "" "kfkhyexd")
+    (migaduMail "orbit" "24s7lnum")
+  ];
+}
--- a/dns/octodns.yaml
+++ b/dns/octodns.yaml
@ -0,0 +1,20 @@
+manager:
+  max_workers: 10
+
+providers:
+  zones:
+    class: octodns.provider.yaml.YamlProvider
+    default_ttl: 300
+    enforce_order: true
+    directory: this is set by nix :3
+
+  cloudflare:
+    class: octodns_cloudflare.CloudflareProvider
+    token: 'env/CLOUDFLARE_TOKEN'
+
+zones:
+  moonythm.dev.:
+    sources:
+      - zones
+    targets:
+      - cloudflare
--- a/dns/pkgs.nix
+++ b/dns/pkgs.nix
@ -0,0 +1,37 @@
+{ pkgs, self, system, ... }: rec {
+  octodns-zones =
+    let
+      nixosConfigModules = pkgs.lib.mapAttrsToList
+        (_: current: { satellite.dns = current.config.satellite.dns; })
+        self.nixosConfigurations;
+
+      evaluated = pkgs.lib.evalModules {
+        specialArgs = { inherit pkgs; };
+        modules = [
+          ../modules/nixos/dns.nix
+          ../modules/common/octodns.nix
+          ./common.nix
+        ]
+        ++ nixosConfigModules;
+      };
+    in
+    evaluated.config.satellite.dns.octodns;
+  octodns-sync =
+    pkgs.symlinkJoin {
+      name = "octodns-sync";
+      paths = [ self.packages.${system}.octodns ];
+      buildInputs = [ pkgs.makeWrapper pkgs.yq ];
+      postBuild = ''
+        cat ${./octodns.yaml} | yq '.providers.zones.directory="${octodns-zones}"' > $out/config.yaml
+        wrapProgram $out/bin/octodns-sync \
+          --run 'export CLOUDFLARE_TOKEN=$( \
+              sops \
+                --decrypt \
+                --extract "[\"cloudflare_dns_api_token\"]" \
+                ./hosts/nixos/common/secrets.yaml \
+            )' \
+          --add-flags "--config-file $out/config.yaml"
+      '';
+    };
+}
+