From 0015313795a473d13743d90bce35d5c2892ef4ac Mon Sep 17 00:00:00 2001 From: satr14washere <90962949+satr14washere@users.noreply.github.com> Date: Sat, 21 Mar 2026 19:13:53 +0700 Subject: [PATCH] base flake.nix and example --- .gitignore | 3 +- docs/example.nix | 78 ++++++++++++++++++++++++++++++++++++++++++++++ domains/satr14.nix | 5 +++ flake.nix | 26 ++++++++++++---- 4 files changed, 105 insertions(+), 7 deletions(-) create mode 100644 docs/example.nix create mode 100644 domains/satr14.nix diff --git a/.gitignore b/.gitignore index 6d32cd8..0ff973d 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ creds.json -types-dnscontrol.d.ts \ No newline at end of file +types-dnscontrol.d.ts +result \ No newline at end of file diff --git a/docs/example.nix b/docs/example.nix new file mode 100644 index 0000000..5a58fe9 --- /dev/null +++ b/docs/example.nix @@ -0,0 +1,78 @@ +{ dns, ... }: let + owner = { + username = "satr14washere"; + email = "admin@satr14.my.id"; + }; + proxy = false; +in with dns.lib.combinators; { + A = [ + { address = "203.0.113.1"; ttl = 60 * 60; } + "203.0.113.2" + (ttl (60 * 60) (a "203.0.113.3")) + ]; + + AAAA = [ + "4321:0:1:2:3:4:567:89ab" + ]; + + MX = mx.google; + + TXT = [ + (with spf; strict [ "a:mail.example.com" google ]) + ]; + + DMARC = [ (dmarc.postmarkapp "mailto:re+abcdefghijk@dmarc.postmarkapp.com") ]; + + CAA = letsEncrypt "admin@example.com"; + + SRV = [ + { + service = "sip"; + proto = "tcp"; + port = 5060; + target = "sip.example.com"; + } + ]; + + SSHFP = [ + { + algorithm = "ed25519"; + fingerprintType = "sha256"; + fingerprint = "899EB4AC9285578AFDA3CCBE152EE78D8618B8F3862FEF2703E1FC7011E9B8AA"; + } + ]; + OPENPGPKEY = [ + "very long base64 text" + ]; + HTTPS = [ + { + svcPriority = 1; + targetName = "."; + alpn = [ "http/1.1" "h2" "h3" ]; + ipv4hint = [ "203.0.113.1" "203.0.113.2" "203.0.113.3" ]; + ipv6hint = [ "4321:0:1:2:3:4:567:89ab" ]; + } + ]; + TLSA = [ + { + certUsage = "dane-ee"; + selector = "spki"; + matchingType = "sha256"; + certificate = "899EB4AC9285578AFDA3CCBE152EE78D8618B8F3862FEF2703E1FC7011E9B8AA"; + } + ]; + + subdomains = rec { + www.A = [ "203.0.113.4" ]; + www2 = host "203.0.113.5" "4321:0:1:2:3:4:567:89bb"; + www3 = host "203.0.113.6" null; + www4 = www3; + + staging = delegateTo [ + "ns1.another.com." + "ns2.another.com." + ]; + + foo.subdomains.www.CNAME = [ "foo.test.com." ]; + }; +} diff --git a/domains/satr14.nix b/domains/satr14.nix new file mode 100644 index 0000000..e9b421c --- /dev/null +++ b/domains/satr14.nix @@ -0,0 +1,5 @@ +{ ... }: let + owner.username = "satr14washere"; +in { + CNAME = "5th-site.pages.dev"; +} \ No newline at end of file diff --git a/flake.nix b/flake.nix index b35d8b3..5bbc857 100644 --- a/flake.nix +++ b/flake.nix @@ -1,5 +1,5 @@ { - description = "Zone File Generator For part-of.my.id"; + description = "Zone File Generator"; inputs.dns.url = "github:nix-community/dns.nix"; outputs = { dns, ... }: let @@ -11,6 +11,20 @@ "fattouche.ns.cloudflare.com" ]; }; + + domainFiles = let + dir = ./domains; + entries = builtins.readDir ./domains; + nixFiles = builtins.filter (name: builtins.match ".*\\.nix$" name != null) (builtins.attrNames entries); + in map (name: { + subdomain = builtins.replaceStrings [ ".nix" ] [ "" ] name; + config = import (dir + "/${name}") { inherit dns; }; + }) nixFiles; + + subdomainsFromFiles = builtins.listToAttrs (map (entry: { + name = entry.subdomain; + value = entry.config; + }) domainFiles); in { packages.x86_64-linux = builtins.mapAttrs (_: domain: dns.util.x86_64-linux.writeZone domain.domain ( @@ -21,12 +35,12 @@ serial = builtins.currentTime; }; NS = domain.nameservers; - - # note: Cloudflare ignores SOA and NS records uploaded via Zone File, they are just so that dns.nix builds a valid zone file. - - A = [ "1.1.1.1" ]; + + # note: Cloudflare ignores SOA and NS records uploaded via Zone File, they are included just so that dns.nix builds a valid zone file. + + subdomains = subdomainsFromFiles; } ) ) domains; }; -} +} \ No newline at end of file