aboutsummaryrefslogtreecommitdiffstats
path: root/hosts
diff options
context:
space:
mode:
authorMark Nipper <nipsy@bitgnome.net>2024-06-15 16:33:27 -0700
committerMark Nipper <nipsy@bitgnome.net>2024-06-15 16:33:27 -0700
commit5ad570331bf04b7b92a7b3a22cefb42f3c60cf77 (patch)
tree7b46826af467a2c1e8202ca928d4ddb0fb212847 /hosts
parentf913eb2c44feae49e8081e36654c1ab4dbeb2524 (diff)
downloadnix-5ad570331bf04b7b92a7b3a22cefb42f3c60cf77.tar
nix-5ad570331bf04b7b92a7b3a22cefb42f3c60cf77.tar.gz
nix-5ad570331bf04b7b92a7b3a22cefb42f3c60cf77.tar.bz2
nix-5ad570331bf04b7b92a7b3a22cefb42f3c60cf77.tar.lz
nix-5ad570331bf04b7b92a7b3a22cefb42f3c60cf77.tar.xz
nix-5ad570331bf04b7b92a7b3a22cefb42f3c60cf77.tar.zst
nix-5ad570331bf04b7b92a7b3a22cefb42f3c60cf77.zip
Add NSD to darkstar
Diffstat (limited to 'hosts')
-rw-r--r--hosts/common/optional/services/nsd.nix13
-rw-r--r--hosts/common/optional/services/nsd/bitgnome.com.zone23
-rw-r--r--hosts/common/optional/services/nsd/bitgnome.net.zone76
-rw-r--r--hosts/common/optional/services/nsd/blaspheme.net.zone27
-rw-r--r--hosts/common/optional/services/nsd/dwmachfab.com.zone35
-rw-r--r--hosts/common/optional/services/nsd/lindseyholcomb.org.zone23
-rw-r--r--hosts/common/optional/services/nsd/timetrad.com.zone35
-rw-r--r--hosts/darkstar/default.nix1
8 files changed, 233 insertions, 0 deletions
diff --git a/hosts/common/optional/services/nsd.nix b/hosts/common/optional/services/nsd.nix
new file mode 100644
index 0000000..7f95d5a
--- /dev/null
+++ b/hosts/common/optional/services/nsd.nix
@@ -0,0 +1,13 @@
+{
+ services.nsd = {
+ enable = true;
+ zones = {
+ "bitgnome.com.".data = builtins.readFile ./nsd/bitgnome.com.zone;
+ "bitgnome.net.".data = builtins.readFile ./nsd/bitgnome.net.zone;
+ "blaspheme.net.".data = builtins.readFile ./nsd/blaspheme.net.zone;
+ "dwmachfab.com.".data = builtins.readFile ./nsd/dwmachfab.com.zone;
+ "lindseyholcomb.org.".data = builtins.readFile ./nsd/lindseyholcomb.org.zone;
+ "timetrad.com.".data = builtins.readFile ./nsd/timetrad.com.zone;
+ };
+ };
+}
diff --git a/hosts/common/optional/services/nsd/bitgnome.com.zone b/hosts/common/optional/services/nsd/bitgnome.com.zone
new file mode 100644
index 0000000..8163125
--- /dev/null
+++ b/hosts/common/optional/services/nsd/bitgnome.com.zone
@@ -0,0 +1,23 @@
+; Mark Nipper <nipsy@bitgnome.net>
+$ORIGIN bitgnome.com.
+$TTL 1h
+
+@ in soa ns.bitgnome.net. nipsy.bitgnome.net. (
+ 2022101701 ; serial
+ 1d ; refresh
+ 2h ; retry
+ 4w ; expire
+ 1h ; minimum
+ )
+
+ in ns ns.bitgnome.net.
+ in ns ns2.bitgnome.net.
+ in mx 10 mail.bitgnome.net.
+ in spf "v=spf1 a mx -all"
+ in txt "v=spf1 a mx -all"
+ in a 5.161.149.85
+ in aaaa 2a01:4ff:f0:e164::1
+ in caa 0 issue ";"
+ in caa 0 iodef "mailto:nipsy@bitgnome.net"
+
+www in cname @
diff --git a/hosts/common/optional/services/nsd/bitgnome.net.zone b/hosts/common/optional/services/nsd/bitgnome.net.zone
new file mode 100644
index 0000000..a64855c
--- /dev/null
+++ b/hosts/common/optional/services/nsd/bitgnome.net.zone
@@ -0,0 +1,76 @@
+; Mark Nipper <nipsy@bitgnome.net>
+$ORIGIN bitgnome.net.
+$TTL 1h
+
+@ in soa ns.bitgnome.net. nipsy.bitgnome.net. (
+ 2024060502 ; serial
+ 1d ; refresh
+ 2h ; retry
+ 4w ; expire
+ 1h ; minimum
+ )
+
+ in ns ns
+ in ns ns2
+ in mx 10 mail
+ in a 5.161.149.85
+ in aaaa 2a01:4ff:f0:e164::1
+ in spf "v=spf1 a mx -all"
+ in txt "v=spf1 a mx -all"
+ in caa 0 issue "letsencrypt.org"
+ in caa 0 iodef "mailto:nipsy@bitgnome.net"
+; in sshfp 1 1 3a57d529429d56a34da3633c57ab7be197896a8f
+; in sshfp 2 1 34acc116ea0ec7853a70f7df5d72e7539bfdeacf
+; in sshfp 3 1 b9acd4407929f3193d2757a104775d3cafebacaf
+; in sshfp 1 2 01d092a732d0818f50f1775aeb52bece87b2b43d7ef87df9c293da95bf85de23
+; in sshfp 2 2 c9b093a17ee29785c1c6fe94482735d6e20e59e25732b63a3998bdf3f7f7960b
+; in sshfp 3 2 b303db2410f71b4d861a9e840bac9e085a5519d68bbefb0fee6232b9408c0dae
+
+; name servers
+ns in a 5.161.149.85
+ns in aaaa 2a01:4ff:f0:e164::1
+ns2 in a 67.5.105.68
+
+; srv records
+_xmpp-client._tcp 5m in srv 0 0 5222 bitgnome.net.
+_xmpp-server._tcp 5m in srv 0 0 5269 bitgnome.net.
+_jabber._tcp 5m in srv 0 0 5269 bitgnome.net.
+
+; assorted mail records
+202006._domainkey 5m in txt ( "v=DKIM1; h=sha256; k=rsa; s=email; "
+ "p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoNuipuXzlhkKA8p7TkQe59gKyfAzOa4beUgjmRJ+vhRtwkQ8eFUBLoomAwJDgu1v/x06oguKnWyb8BBkhS47PLS5JptKWeZxBLPuVOSC0ZBpktTNdzvT6ZOHZZQ/QP8XByNItDuMnf9D+7iuBbADeIZpfWdBBJLJ+VyCnp4iyIFSOaN6JKYB1zKTj8zv2Sa0FTLvzAVEsn7KIG"
+ "LYjwSV1Xjoa5FTtxEg/I96G4FntdwThHO1/GBTF6sYeAXh5ZEeftnSJ5tybi3wYnqvE1zLxPS6hy5TKuU0HqdXAw6sBFmsqeKS9TYPNyoY2Uhb1c5DjcQhztbuebDzsE5dOVkCAp4iaSmK7WfIkYoshEokxS8Ge6LYDFqYlUvj37wZPYbPHlBU3vxmmgw6iMbqwgqk0hk7FJDH8LSe8cfnN2HhYA74OHvqb1a38zSF28VLSzJhVB7xHmct"
+ "wkRwZToD2whfCq7ug4SzEssBrHNYFC1HBrjbedNujChvFLqAt4bufXmsRwnyLxejStnQ/hfuu+8GczNb/Z8yhpErsS/aWrNTPStxiMnS7vHbQuISCXdxmqI2jZG6JPEsN2lRKa9Q8LYCOHfQj0aeLA9TI7C3lqhux1wrFUkCB4edBHzwUe2aDU+4dQyUeBiHNU4GryrEpAVNL5JECK9XX8i70jvO1hbdHNUCAwEAAQ==" )
+_adsp._domainkey 5m in txt "dkim=all"
+_dmarc 5m in txt "v=DMARC1;p=quarantine;sp=quarantine;adkim=r;aspf=r"
+
+_mta-sts 5m in txt "v=STSv1; id=20220120235310"
+_smtp._tls 5m in txt "v=TLSRPTv1; rua=mailto:nipsy@bitgnome.net"
+
+king 5m in a 5.161.149.85
+king 5m in aaaa 2a01:4ff:f0:e164::1
+;king in sshfp 1 1 3a57d529429d56a34da3633c57ab7be197896a8f
+;king in sshfp 2 1 34acc116ea0ec7853a70f7df5d72e7539bfdeacf
+;king in sshfp 3 1 b9acd4407929f3193d2757a104775d3cafebacaf
+;king in sshfp 1 2 01d092a732d0818f50f1775aeb52bece87b2b43d7ef87df9c293da95bf85de23
+;king in sshfp 2 2 c9b093a17ee29785c1c6fe94482735d6e20e59e25732b63a3998bdf3f7f7960b
+;king in sshfp 3 2 b303db2410f71b4d861a9e840bac9e085a5519d68bbefb0fee6232b9408c0dae
+mail 5m in a 5.161.149.85
+mail 5m in aaaa 2a01:4ff:f0:e164::1
+www 5m in cname @
+irc 5m in cname @
+nipsy 5m in cname @
+mta-sts 5m in cname @
+;jamie in cname @
+;ssh in cname @
+;absolut101 in cname @
+;royder in cname @
+
+; external machines
+arrakis 1m in a 67.5.105.68
+;darkstar 1m in a 66.69.213.114
+;nb 1m in a 67.10.209.108
+;terraria 1m in a 128.83.27.4
+;caladan 1m in a 104.130.129.241
+;caladan 1m in aaaa 2001:4800:7818:101:be76:4eff:fe03:db44
+darkstar 1m in a 67.5.105.68
diff --git a/hosts/common/optional/services/nsd/blaspheme.net.zone b/hosts/common/optional/services/nsd/blaspheme.net.zone
new file mode 100644
index 0000000..5eb3fec
--- /dev/null
+++ b/hosts/common/optional/services/nsd/blaspheme.net.zone
@@ -0,0 +1,27 @@
+; Mark Nipper <nipsy@bitgnome.net>
+$ORIGIN blaspheme.net.
+$TTL 1h
+
+@ in soa ns.bitgnome.net. nipsy.bitgnome.net. (
+ 2022101701 ; serial
+ 1d ; refresh
+ 2h ; retry
+ 4w ; expire
+ 1h ; minimum
+ )
+
+ in ns ns.bitgnome.net.
+ in ns ns2.bitgnome.net.
+ in mx 10 mail.bitgnome.net.
+ in spf "v=spf1 a mx -all"
+ in txt "v=spf1 a mx -all"
+ in a 5.161.149.85
+ in aaaa 2a01:4ff:f0:e164::1
+ in caa 0 issue "letsencrypt.org"
+ in caa 0 iodef "mailto:nipsy@bitgnome.net"
+
+www in cname @
+;gallery in cname @
+
+; external machines
+;ramped 1m in a 24.28.14.165
diff --git a/hosts/common/optional/services/nsd/dwmachfab.com.zone b/hosts/common/optional/services/nsd/dwmachfab.com.zone
new file mode 100644
index 0000000..7b02acd
--- /dev/null
+++ b/hosts/common/optional/services/nsd/dwmachfab.com.zone
@@ -0,0 +1,35 @@
+; Mark Nipper <nipsy@bitgnome.net>
+$ORIGIN dwmachfab.com.
+$TTL 1h
+
+@ in soa ns.bitgnome.net. nipsy.bitgnome.net. (
+ 2022101701 ; serial
+ 1d ; refresh
+ 2h ; retry
+ 4w ; expire
+ 1h ; minimum
+ )
+
+ in ns ns.bitgnome.net.
+ in ns ns2.bitgnome.net.
+ in mx 10 mail.bitgnome.net.
+ in spf "v=spf1 a mx -all"
+ in txt "v=spf1 a mx -all"
+ in a 5.161.149.85
+ in aaaa 2a01:4ff:f0:e164::1
+ in caa 0 issue "letsencrypt.org"
+ in caa 0 iodef "mailto:nipsy@bitgnome.net"
+
+; assorted mail records
+202006._domainkey 5m in txt ( "v=DKIM1; h=sha256; k=rsa; s=email; "
+ "p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6TSR+BszGaWenRxgg53e8qGbMWsNpjmB8XdwGMmae1RviB1/6FTqdlvDhgLQLdL7zK/CiGxgPECsZHqMouNZK/9bh0xjtvVSdCD2LhZJtWBkZjV5h5rVg4diBTZSN9i83FtUaUg4lH0rsek9s1XvO7BAF2mF80L4G77xpQEb2BJLIbinkvY1emIxScMU9Hj3nW8j0sJgruKJon"
+ "QuPHChfnI43Q5OOZ1pXZiX2hxiVAFFZBo/K2dGDHXpb9ZkgQlKM7k+arhRdGUen6LzV4du8eWT3EFzMnY1YOoVznZC/QZ3ty1uq3hv57BG5+VnYDY6IwopFKVSvQA+Gx7XKCwYFQjseHIClCL/VS6SXvAedijLEWmWpO8Q8Lnm8sWewPLuwKuDhV42prviqhUEbtB6e2ablRjwhfkw1G7C3CaM56rgEDiu3Ri97QiqPc3XML+8qYWQal0k"
+ "18AL5v0AxCvDKrIASUd9az9JeA0fkXtgu6xGcZj94JzZHL3MQ9KZG8apWJebplItZokzaoT58Q4mbuUeXWSFyd/gV2KjPcdgYPleSqKVee76QwQtQdZQv9jiraro4wCL4i2nFxH4rDrN/It0uRbHg0DHCQsKD1QTbVXNXDJ8H3n+mFm5MePTsoiVgHLM/zoFZ50jNUk11Fr+7zQewdJLjEI9EXdTekzKV6ECAwEAAQ==" )
+_adsp._domainkey 5m in txt "dkim=all"
+_dmarc 5m in txt "v=DMARC1;p=quarantine;sp=quarantine;adkim=r;aspf=r"
+
+_mta-sts 5m in txt "v=STSv1; id=20220120235310"
+_smtp._tls 5m in txt "v=TLSRPTv1; rua=mailto:nipsy@bitgnome.net"
+
+www in cname @
+mta-sts in cname @
diff --git a/hosts/common/optional/services/nsd/lindseyholcomb.org.zone b/hosts/common/optional/services/nsd/lindseyholcomb.org.zone
new file mode 100644
index 0000000..2141d43
--- /dev/null
+++ b/hosts/common/optional/services/nsd/lindseyholcomb.org.zone
@@ -0,0 +1,23 @@
+; Lindsey Holcomb <lindsey.n.holcomb@gmail.com>
+$ORIGIN lindseyholcomb.org.
+$TTL 1h
+
+@ in soa ns.bitgnome.net. nipsy.bitgnome.net. (
+ 2022101701 ; serial
+ 1d ; refresh
+ 2h ; retry
+ 4w ; expire
+ 1h ; minimum
+ )
+
+ in ns ns.bitgnome.net.
+ in ns ns2.bitgnome.net.
+ in mx 10 mail.bitgnome.net.
+ in spf "v=spf1 a mx -all"
+ in txt "v=spf1 a mx -all"
+ in a 5.161.149.85
+ in aaaa 2a01:4ff:f0:e164::1
+ in caa 0 issue "letsencrypt.org"
+ in caa 0 iodef "mailto:nipsy@bitgnome.net"
+
+www in cname @
diff --git a/hosts/common/optional/services/nsd/timetrad.com.zone b/hosts/common/optional/services/nsd/timetrad.com.zone
new file mode 100644
index 0000000..c456f2d
--- /dev/null
+++ b/hosts/common/optional/services/nsd/timetrad.com.zone
@@ -0,0 +1,35 @@
+; Mark Nipper <nipsy@bitgnome.net>
+$ORIGIN timetrad.com.
+$TTL 1h
+
+@ in soa ns.bitgnome.net. nipsy.bitgnome.net. (
+ 2022101701 ; serial
+ 1d ; refresh
+ 2h ; retry
+ 4w ; expire
+ 1h ; minimum
+ )
+
+ in ns ns.bitgnome.net.
+ in ns ns2.bitgnome.net.
+ in mx 10 mail.bitgnome.net.
+ in spf "v=spf1 a mx -all"
+ in txt "v=spf1 a mx -all"
+ in a 5.161.149.85
+ in aaaa 2a01:4ff:f0:e164::1
+ in caa 0 issue "letsencrypt.org"
+ in caa 0 iodef "mailto:nipsy@bitgnome.net"
+
+; assorted mail records
+202006._domainkey 5m in txt ( "v=DKIM1; h=sha256; k=rsa; s=email; "
+ "p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyFHnvujgYzLhdgBIB951u4MgWNcyUCbbBVCDmbvJHnobD9mryY6QF9rn6hS24XHLwz9kRE2V9bYuuLoPHkLvmp6TC6fl0Iq657Tm1j11lZXKI6rZZ9iXuDWdfN3p5zrj1dgYjTYS1mlAgwTjRfdmgd+u7mQo8Gx715TtXgStKpDv1aPdzN479igGRwpylCYKgmkkaQ2ZUH/zm7"
+ "NcNFGO0kBAhbro7fvKBcxISS/gRyF+e01hCgPSy6YBr/He0jXTiWL5YC7eO21XpCGEIZ2Y0Oa6gFD0rFIsIkkz5IZk49iWKwUw5jj9kFTf5q1dDvDAmiDyh53LQLas2brDXqH0uASAQkFAMOJbekquiWBkIfUljOZbxUIvbrlO4eBtywzGNcaMxnBRxxL/WydCKe9y3s84Xlp8mmtNevY9bfJOreq3qLDgpD/Nts8eSG+XxHirdUBbiKf3"
+ "7CCeLfqSppGss582hM+QpRzD+MR99sZCccGNhM2oPmWNzupV50F2gUzNR3X/CBO2q+bUoWLGU2nFJNEsYbLIxtV94U7Zmpt0j0WImbfrjuVgY5HDbJcKSC2D5AzBEURwVjyjX1a1F9TbiBdSaVT2yKf113faK4wXC/y+vwHCsgdZ+c4G/P3olOq7b5emMgPkthze+RVeQCrijnTOz8UsdJzY3UPaO7DHMFcCAwEAAQ==" )
+_adsp._domainkey 5m in txt "dkim=all"
+_dmarc 5m in txt "v=DMARC1;p=quarantine;sp=quarantine;adkim=r;aspf=r"
+
+_mta-sts 5m in txt "v=STSv1; id=20220120235310"
+_smtp._tls 5m in txt "v=TLSRPTv1; rua=mailto:nipsy@bitgnome.net"
+
+www in cname @
+mta-sts in cname @
diff --git a/hosts/darkstar/default.nix b/hosts/darkstar/default.nix
index c3c6dcd..3b9da31 100644
--- a/hosts/darkstar/default.nix
+++ b/hosts/darkstar/default.nix
@@ -31,6 +31,7 @@
./services.nix
../common/core
../common/optional/services/kea.nix
+ ../common/optional/services/nsd.nix
../common/optional/services/openssh.nix
../common/optional/zfs.nix
../common/users/nipsy