base flake.nix and example

2026-06-05 18:46:50 +07:00 · 2026-03-21 19:13:53 +07:00 · 2026-03-21 19:13:53 +07:00 · 0015313795
commit 0015313795
parent 1c473875f1
4 changed files with 105 additions and 7 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,3 @@
 creds.json
-types-dnscontrol.d.ts
+types-dnscontrol.d.ts
+result
--- a/docs/example.nix
+++ b/docs/example.nix
@ -0,0 +1,78 @@
+{ dns, ... }: let 
+  owner = {
+    username = "satr14washere";
+    email = "admin@satr14.my.id";
+  };
+  proxy = false;
+in with dns.lib.combinators; {
+  A = [
+    { address = "203.0.113.1"; ttl = 60 * 60; }
+    "203.0.113.2"
+    (ttl (60 * 60) (a "203.0.113.3"))
+  ];
+
+  AAAA = [
+    "4321:0:1:2:3:4:567:89ab"
+  ];
+
+  MX = mx.google;
+
+  TXT = [
+    (with spf; strict [ "a:mail.example.com" google ])
+  ];
+
+  DMARC = [ (dmarc.postmarkapp "mailto:re+abcdefghijk@dmarc.postmarkapp.com") ];
+
+  CAA = letsEncrypt "admin@example.com";
+
+  SRV = [
+    {
+      service = "sip";
+      proto = "tcp";
+      port = 5060;
+      target = "sip.example.com";
+    }
+  ];
+
+  SSHFP = [
+    {
+      algorithm = "ed25519";
+      fingerprintType = "sha256";
+      fingerprint = "899EB4AC9285578AFDA3CCBE152EE78D8618B8F3862FEF2703E1FC7011E9B8AA";
+    }
+  ];
+  OPENPGPKEY = [
+    "very long base64 text"
+  ];
+  HTTPS = [
+    {
+      svcPriority = 1;
+      targetName = ".";
+      alpn = [ "http/1.1" "h2" "h3" ];
+      ipv4hint = [ "203.0.113.1" "203.0.113.2" "203.0.113.3" ];
+      ipv6hint = [ "4321:0:1:2:3:4:567:89ab" ];
+    }
+  ];
+  TLSA = [
+    {
+      certUsage = "dane-ee";
+      selector = "spki";
+      matchingType = "sha256";
+      certificate = "899EB4AC9285578AFDA3CCBE152EE78D8618B8F3862FEF2703E1FC7011E9B8AA";
+    }
+  ];
+
+  subdomains = rec {
+    www.A = [ "203.0.113.4" ];
+    www2 = host "203.0.113.5" "4321:0:1:2:3:4:567:89bb";
+    www3 = host "203.0.113.6" null;
+    www4 = www3;
+
+    staging = delegateTo [
+      "ns1.another.com."
+      "ns2.another.com."
+    ];
+
+    foo.subdomains.www.CNAME = [ "foo.test.com." ];
+  };
+}
--- a/domains/satr14.nix
+++ b/domains/satr14.nix
@ -0,0 +1,5 @@
+{ ... }: let 
+  owner.username = "satr14washere";
+in {
+  CNAME = "5th-site.pages.dev";
+}
--- a/flake.nix
+++ b/flake.nix
@ -1,5 +1,5 @@
 {
-  description = "Zone File Generator For part-of.my.id";
+  description = "Zone File Generator";
  inputs.dns.url = "github:nix-community/dns.nix";

  outputs = { dns, ... }: let
@ -11,6 +11,20 @@
        "fattouche.ns.cloudflare.com"
      ];
    };
+    
+    domainFiles = let
+      dir = ./domains;
+      entries = builtins.readDir ./domains;
+      nixFiles = builtins.filter (name: builtins.match ".*\\.nix$" name != null) (builtins.attrNames entries);
+    in map (name: {
+      subdomain = builtins.replaceStrings [ ".nix" ] [ "" ] name;
+      config = import (dir + "/${name}") { inherit dns; };
+    }) nixFiles;
+
+    subdomainsFromFiles = builtins.listToAttrs (map (entry: {
+      name = entry.subdomain;
+      value = entry.config;
+    }) domainFiles);
  in {
    packages.x86_64-linux = builtins.mapAttrs (_: domain:
      dns.util.x86_64-linux.writeZone domain.domain (
@ -21,12 +35,12 @@
            serial = builtins.currentTime;
          };
          NS = domain.nameservers;
-          
-          # note: Cloudflare ignores SOA and NS records uploaded via Zone File, they are just so that dns.nix builds a valid zone file.
-          
-          A = [ "1.1.1.1" ];
+
+          # note: Cloudflare ignores SOA and NS records uploaded via Zone File, they are included just so that dns.nix builds a valid zone file.
+
+          subdomains = subdomainsFromFiles;
        }
      )
    ) domains;
  };
-}
+}