From a44f6dfe7fe6bac9b98adf7d444294b9571bb702 Mon Sep 17 00:00:00 2001 From: Nguyễn Gia Phong Date: Tue, 21 Feb 2023 06:54:34 +0900 Subject: Support OpenNIC --- configuration.nix | 4 ---- dns.nix | 32 +++++++++++++++++++++++++++++++- static.nix | 53 +++++++++++++++++++++++++++-------------------------- vpsadminos.nix | 7 +++++-- 4 files changed, 63 insertions(+), 33 deletions(-) diff --git a/configuration.nix b/configuration.nix index 4e7f513..41106e2 100644 --- a/configuration.nix +++ b/configuration.nix @@ -42,10 +42,6 @@ networking = { domain = "loang.net"; hostName = "brno"; - nameservers = [ - "84.200.69.80" "84.200.70.40" - "2001:1608:10:25::1c04:b12f" "2001:1608:10:25::9249:d69b" - ]; }; security.sudo = { diff --git a/dns.nix b/dns.nix index 35f6676..48c5395 100644 --- a/dns.nix +++ b/dns.nix @@ -17,7 +17,28 @@ # along with loang configuration. If not, see . { ... }: -{ +let + cercleLibreZone = builtins.toFile "cercle.libre.zone" '' + @ SOA danh.loang.net. mcsinyx.disroot.org. 2023021702 14400 3600 604800 3600 + @ NS danh.loang.net. + @ A 37.205.11.127 + @ AAAA 2a03:3b40:100::1:2 + ''; + sinyxIndyZone = builtins.toFile "sinyx.indy.zone" '' + @ SOA danh.loang.net. mcsinyx.disroot.org. 2023022002 14400 3600 604800 3600 + @ NS danh.loang.net. + @ A 37.205.11.127 + @ AAAA 2a03:3b40:100::1:2 + * A 37.205.11.127 + * AAAA 2a03:3b40:100::1:2 + ''; + stripromanPirateZone = builtins.toFile "striproman.pirate.zone" '' + @ SOA danh.loang.net. mcsinyx.disroot.org. 2023022023 14400 3600 604800 3600 + @ NS danh.loang.net. + @ A 37.205.11.127 + @ AAAA 2a03:3b40:100::1:2 + ''; +in { networking.firewall = { allowedTCPPorts = [ 53 ]; allowedUDPPorts = [ 53 ]; @@ -63,6 +84,9 @@ dnssec-signing: on zone: + - domain: cercle.libre + file: ${cercleLibreZone} + dnssec-signing: off - domain: cnx.gdn notify: secondary acl: secondary @@ -70,6 +94,12 @@ notify: secondary acl: lego acl: secondary + - domain: sinyx.indy + file: ${sinyxIndyZone} + dnssec-signing: off + - domain: striproman.pirate + file: ${stripromanPirateZone} + dnssec-signing: off - domain: xrvs.net notify: secondary acl: secondary diff --git a/static.nix b/static.nix index 06a10e4..603b3c0 100644 --- a/static.nix +++ b/static.nix @@ -68,32 +68,6 @@ in { root = "/var/lib/www/${domain}"; }; - "xem.${domain}" = let - address = "http://${phylactery.host}:${toString phylactery.port}"; - in { - enableACME = true; - forceSSL = true; - locations."/".proxyPass = address; - }; - - "cnx.gdn" = { - enableACME = true; - forceSSL = true; - root = "/var/lib/www/cnx.gdn"; - }; - - "px.cnx.gdn" = { - enableACME = true; - forceSSL = true; - locations = { - "/".index = "index.xhtml"; - "~ /index.xhtml$".extraConfig = '' - expires -1; - ''; - }; - root = "/var/lib/www/px.cnx.gdn"; - }; - "septagram.suricrasia.online" = { enableACME = true; extraConfig = '' @@ -102,7 +76,34 @@ in { forceSSL = true; root = "/var/lib/www/septagram.suricrasia.online"; }; + } // (let aliasOpenNIC = openNIC: icann: config: { + ${openNIC} = { + # https://wiki.opennic.org/opennic/tls + addSSL = true; + useACMEHost = icann; + } // config; + ${icann} = { + enableACME = true; + forceSSL = true; + } // config; }; + in (aliasOpenNIC "cercle.libre" "khoanh.${domain}" { + root = "/var/lib/www/cercle.libre"; + }) // (aliasOpenNIC "sinyx.indy" "cnx.gdn" { + root = "/var/lib/www/cnx.gdn"; + }) // (aliasOpenNIC "pix.sinyx.indy" "px.cnx.gdn" { + locations = { + "/".index = "index.xhtml"; + "~ /index.xhtml$".extraConfig = '' + expires -1; + ''; + }; + root = "/var/lib/www/px.cnx.gdn"; + }) // (aliasOpenNIC "striproman.pirate" "cmx.cnx.gdn" (let + address = "http://${phylactery.host}:${toString phylactery.port}"; + in { + locations."/".proxyPass = address; + }))); }; phylactery = { diff --git a/vpsadminos.nix b/vpsadminos.nix index 0a7189b..9c5a666 100644 --- a/vpsadminos.nix +++ b/vpsadminos.nix @@ -6,9 +6,12 @@ # # https://github.com/vpsfreecz/vpsadminos/blob/staging/os/lib/nixos-container/vpsadminos.nix -{ config, pkgs, lib, ... }: +{ pkgs, lib, ... }: with lib; -let nameservers = [ "9.9.9.9" "2620:fe::fe" ]; +let nameservers = [ + "88.198.92.222" "2a01:4f8:1c0c:82c0::1" # ns1.by.de.dns.opennic.glue + "195.90.211.16" # ns15.de.dns.opennic.glue +]; in { networking.nameservers = mkDefault nameservers; services.resolved = mkDefault { fallbackDns = nameservers; }; -- cgit 1.4.1