nixos-servers/nix/modules/networking/dmz/zones/kun.is.nix
2024-01-28 12:06:30 +01:00

64 lines
1.1 KiB
Nix

{ config, dns, ... }:
with dns.lib.combinators;
let
inherit (config.lab.networking) publicIPv4 dmzServicesIPv6 dockerSwarmIPv6;
in
{
CAA = letsEncrypt "caa@kun.is";
SOA = {
nameServer = "ns1";
adminEmail = "webmaster@kun.is";
serial = 2024011401;
};
NS = [
"ns1.kun.is."
"ns2.kun.is."
];
MX = [
(mx.mx 10 "mail.kun.is.")
];
subdomains = {
"*" = {
A = [ publicIPv4 ];
AAAA = [ dockerSwarmIPv6 ];
};
ns = {
A = [ publicIPv4 ];
AAAA = [ dmzServicesIPv6 ];
};
ns1 = {
A = [ publicIPv4 ];
AAAA = [ dmzServicesIPv6 ];
};
ns2 = {
A = [ publicIPv4 ];
AAAA = [ dmzServicesIPv6 ];
};
# Override because we don't support IPv6 for Git SSH.
git = {
A = [ publicIPv4 ];
AAAA = [ ];
};
# Override because we don't support IPv6 for KMS.
kms = {
A = [ publicIPv4 ];
AAAA = [ ];
};
# Override because wg is on opnsense so ipv6 differs from "dmzServicesIPv6"
wg = {
A = [ publicIPv4 ];
AAAA = [ "2a0d:6e00:1a77::1" ];
};
};
}