setup octodns for automatic dns records

2025-02-15 03:22:20 +02:00
parent 459cae639d
commit c15d518e4a
14 changed files with 351 additions and 92 deletions
--- a/modules/services/webserver.nix
+++ b/modules/services/webserver.nix
@@ -46,36 +46,47 @@ in
  };

  config = lib.mkIf cfg.enable {
-    services.nginx = {
-      enable = lib.mkDefault true;
-      recommendedProxySettings = true;
-      recommendedTlsSettings = true;
-      recommendedBrotliSettings = true;
-      recommendedGzipSettings = true;
-      recommendedZstdSettings = true;
-      recommendedOptimisation = true;
+    services = {
+      nginx = {
+        enable = lib.mkDefault true;
+        recommendedProxySettings = true;
+        recommendedTlsSettings = true;
+        recommendedBrotliSettings = true;
+        recommendedGzipSettings = true;
+        recommendedZstdSettings = true;
+        recommendedOptimisation = true;

-      virtualHosts = lib.mapAttrs
-        (_: { proxyBuffering, locations }: {
-          forceSSL = true;
-          enableACME = true;
-          http2 = true;
-          acmeRoot = lib.mkIf cfg.acme.dnsChallenge null;
-          extraConfig = lib.concatLines [
-            (lib.optionalString (!proxyBuffering) "proxy_buffering off;")
-            "charset utf-8;"
-          ];
-          locations = lib.mapAttrs
-            (_: { proxyPort, extraConfig }: lib.mergeAttrsList [
-              { inherit extraConfig; }
-              (if (lib.isInt proxyPort) then {
-                proxyWebsockets = true;
-                proxyPass = "http://localhost:${toString proxyPort}";
-              } else { })
-            ])
-            locations;
-        })
-        cfg.vHosts;
+        virtualHosts = lib.mapAttrs
+          (_: { proxyBuffering, locations }: {
+            forceSSL = true;
+            enableACME = true;
+            http2 = true;
+            acmeRoot = lib.mkIf cfg.acme.dnsChallenge null;
+            extraConfig = lib.concatLines [
+              (lib.optionalString (!proxyBuffering) "proxy_buffering off;")
+              "charset utf-8;"
+            ];
+            locations = lib.mapAttrs
+              (_: { proxyPort, extraConfig }: lib.mergeAttrsList [
+                { inherit extraConfig; }
+                (if (lib.isInt proxyPort) then {
+                  proxyWebsockets = true;
+                  proxyPass = "http://localhost:${toString proxyPort}";
+                } else { })
+              ])
+              locations;
+          })
+          cfg.vHosts;
+      };
+
+      octodns.records = lib.filterAttrs (name: _: name != config.networking.domain) (
+        lib.mapAttrs'
+          (fqdn: _: {
+            name = lib.removeSuffix ".${config.networking.domain}" fqdn;
+            value = { CNAME.toRoot = true; };
+          })
+          cfg.vHosts
+      );
    };

    security.acme = {