From a44f6dfe7fe6bac9b98adf7d444294b9571bb702 Mon Sep 17 00:00:00 2001
From: Nguyễn Gia Phong <mcsinyx@disroot.org>
Date: Tue, 21 Feb 2023 06:54:34 +0900
Subject: Support OpenNIC

---
 configuration.nix |  4 ----
 dns.nix           | 32 +++++++++++++++++++++++++++++++-
 static.nix        | 53 +++++++++++++++++++++++++++--------------------------
 vpsadminos.nix    |  7 +++++--
 4 files changed, 63 insertions(+), 33 deletions(-)

diff --git a/configuration.nix b/configuration.nix
index 4e7f513..41106e2 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -42,10 +42,6 @@
   networking = {
     domain = "loang.net";
     hostName = "brno";
-    nameservers = [
-      "84.200.69.80" "84.200.70.40"
-      "2001:1608:10:25::1c04:b12f" "2001:1608:10:25::9249:d69b"
-    ];
   };
 
   security.sudo = {
diff --git a/dns.nix b/dns.nix
index 35f6676..48c5395 100644
--- a/dns.nix
+++ b/dns.nix
@@ -17,7 +17,28 @@
 # along with loang configuration.  If not, see <https://www.gnu.org/licenses/>.
 
 { ... }:
-{
+let
+  cercleLibreZone = builtins.toFile "cercle.libre.zone" ''
+    @ SOA  danh.loang.net. mcsinyx.disroot.org. 2023021702 14400 3600 604800 3600
+    @ NS   danh.loang.net.
+    @ A    37.205.11.127
+    @ AAAA 2a03:3b40:100::1:2
+  '';
+  sinyxIndyZone = builtins.toFile "sinyx.indy.zone" ''
+    @ SOA  danh.loang.net. mcsinyx.disroot.org. 2023022002 14400 3600 604800 3600
+    @ NS   danh.loang.net.
+    @ A    37.205.11.127
+    @ AAAA 2a03:3b40:100::1:2
+    * A    37.205.11.127
+    * AAAA 2a03:3b40:100::1:2
+  '';
+  stripromanPirateZone = builtins.toFile "striproman.pirate.zone" ''
+    @ SOA  danh.loang.net. mcsinyx.disroot.org. 2023022023 14400 3600 604800 3600
+    @ NS   danh.loang.net.
+    @ A    37.205.11.127
+    @ AAAA 2a03:3b40:100::1:2
+  '';
+in {
   networking.firewall = {
     allowedTCPPorts = [ 53 ];
     allowedUDPPorts = [ 53 ];
@@ -63,6 +84,9 @@
           dnssec-signing: on
 
       zone:
+        - domain: cercle.libre
+          file: ${cercleLibreZone}
+          dnssec-signing: off
         - domain: cnx.gdn
           notify: secondary
           acl: secondary
@@ -70,6 +94,12 @@
           notify: secondary
           acl: lego
           acl: secondary
+        - domain: sinyx.indy
+          file: ${sinyxIndyZone}
+          dnssec-signing: off
+        - domain: striproman.pirate
+          file: ${stripromanPirateZone}
+          dnssec-signing: off
         - domain: xrvs.net
           notify: secondary
           acl: secondary
diff --git a/static.nix b/static.nix
index 06a10e4..603b3c0 100644
--- a/static.nix
+++ b/static.nix
@@ -68,32 +68,6 @@ in {
           root = "/var/lib/www/${domain}";
         };
 
-        "xem.${domain}" = let
-          address = "http://${phylactery.host}:${toString phylactery.port}";
-        in {
-          enableACME = true;
-          forceSSL = true;
-          locations."/".proxyPass = address;
-        };
-
-        "cnx.gdn" = {
-          enableACME = true;
-          forceSSL = true;
-          root = "/var/lib/www/cnx.gdn";
-        };
-
-        "px.cnx.gdn" = {
-          enableACME = true;
-          forceSSL = true;
-          locations = {
-            "/".index = "index.xhtml";
-            "~ /index.xhtml$".extraConfig = ''
-              expires -1;
-            '';
-          };
-          root = "/var/lib/www/px.cnx.gdn";
-        };
-
         "septagram.suricrasia.online" = {
           enableACME = true;
           extraConfig = ''
@@ -102,7 +76,34 @@ in {
           forceSSL = true;
           root = "/var/lib/www/septagram.suricrasia.online";
         };
+      } // (let aliasOpenNIC = openNIC: icann: config: {
+        ${openNIC} = {
+          # https://wiki.opennic.org/opennic/tls
+          addSSL = true;
+          useACMEHost = icann;
+        } // config;
+        ${icann} = {
+          enableACME = true;
+          forceSSL = true;
+        } // config;
       };
+      in (aliasOpenNIC "cercle.libre" "khoanh.${domain}" {
+        root = "/var/lib/www/cercle.libre";
+      }) // (aliasOpenNIC "sinyx.indy" "cnx.gdn" {
+        root = "/var/lib/www/cnx.gdn";
+      }) // (aliasOpenNIC "pix.sinyx.indy" "px.cnx.gdn" {
+        locations = {
+          "/".index = "index.xhtml";
+          "~ /index.xhtml$".extraConfig = ''
+            expires -1;
+          '';
+        };
+        root = "/var/lib/www/px.cnx.gdn";
+      }) // (aliasOpenNIC "striproman.pirate" "cmx.cnx.gdn" (let
+        address = "http://${phylactery.host}:${toString phylactery.port}";
+      in {
+        locations."/".proxyPass = address;
+      })));
     };
 
     phylactery = {
diff --git a/vpsadminos.nix b/vpsadminos.nix
index 0a7189b..9c5a666 100644
--- a/vpsadminos.nix
+++ b/vpsadminos.nix
@@ -6,9 +6,12 @@
 #
 #   https://github.com/vpsfreecz/vpsadminos/blob/staging/os/lib/nixos-container/vpsadminos.nix
 
-{ config, pkgs, lib, ... }:
+{ pkgs, lib, ... }:
 with lib;
-let nameservers = [ "9.9.9.9" "2620:fe::fe" ];
+let nameservers = [
+  "88.198.92.222" "2a01:4f8:1c0c:82c0::1" # ns1.by.de.dns.opennic.glue
+  "195.90.211.16" # ns15.de.dns.opennic.glue
+];
 in {
   networking.nameservers = mkDefault nameservers;
   services.resolved = mkDefault { fallbackDns = nameservers; };
-- 
cgit 1.4.1