Add SD image pipeline, documentation overhaul, and fix module issues

- Add automatic SD image builds for Raspberry Pi via Forgejo Actions - Enable binfmt emulation on cryodev-main for aarch64 cross-builds - Add sd-image.nix module to cryodev-pi configuration - Create comprehensive docs/ structure with installation guides - Split installation docs into: first-install (server), reinstall, new-client (Pi) - Add lib/utils.nix and apps/rebuild from synix - Fix headplane module for new upstream API (tale/headplane) - Fix various module issues (mailserver stateVersion, option conflicts) - Add placeholder secrets.yaml files for both hosts - Remove old INSTRUCTIONS.md (content moved to docs/)
2026-03-11 08:41:58 +01:00 · 2026-03-11 08:41:58 +01:00 · 5ba78886d2
commit 5ba78886d2
parent a5261d8ff0
44 changed files with 3570 additions and 609 deletions
--- a/docs/deployment/dns.md
+++ b/docs/deployment/dns.md
@ -0,0 +1,93 @@
+# DNS Configuration
+
+Required DNS records for the cryodev infrastructure.
+
+## Primary Domain (cryodev.xyz)
+
+### A/AAAA Records
+
+| Hostname | Type | Value | Purpose |
+|----------|------|-------|---------|
+| `@` | A | `<SERVER_IP>` | Main server |
+| `@` | AAAA | `<SERVER_IPV6>` | Main server (IPv6) |
+| `mail` | A | `<SERVER_IP>` | Mail server |
+| `mail` | AAAA | `<SERVER_IPV6>` | Mail server (IPv6) |
+
+### CNAME Records
+
+| Hostname | Type | Value | Purpose |
+|----------|------|-------|---------|
+| `git` | CNAME | `@` | Forgejo |
+| `headscale` | CNAME | `@` | Headscale |
+| `headplane` | CNAME | `@` | Headplane |
+| `netdata` | CNAME | `@` | Netdata Monitoring |
+
+### Mail Records
+
+| Hostname | Type | Value | Purpose |
+|----------|------|-------|---------|
+| `@` | MX | `10 mail.cryodev.xyz.` | Mail delivery |
+| `@` | TXT | `"v=spf1 mx ~all"` | SPF |
+| `_dmarc` | TXT | `"v=DMARC1; p=none"` | DMARC |
+| `mail._domainkey` | TXT | `"v=DKIM1; k=rsa; p=..."` | DKIM |
+
+## Getting the DKIM Key
+
+After deploying the mailserver, retrieve the DKIM public key:
+
+```bash
+sudo cat /var/dkim/cryodev.xyz.mail.txt
+```
+
+Add this as a TXT record for `mail._domainkey.cryodev.xyz`.
+
+## Verification
+
+### Check DNS Propagation
+
+```bash
+# A record
+dig A cryodev.xyz
+
+# MX record
+dig MX cryodev.xyz
+
+# SPF
+dig TXT cryodev.xyz
+
+# DKIM
+dig TXT mail._domainkey.cryodev.xyz
+
+# DMARC
+dig TXT _dmarc.cryodev.xyz
+```
+
+### Online Tools
+
+- [MXToolbox](https://mxtoolbox.com/) - Comprehensive DNS/mail testing
+- [Mail-tester](https://www.mail-tester.com/) - Email deliverability testing
+- [DMARC Analyzer](https://dmarcanalyzer.com/) - DMARC record validation
+
+## TTL Recommendations
+
+For initial setup, use low TTLs (300 seconds) to allow quick changes.
+
+After verification, increase to:
+- A/AAAA records: 3600 (1 hour)
+- CNAME records: 3600 (1 hour)  
+- MX records: 3600 (1 hour)
+- TXT records: 3600 (1 hour)
+
+## Firewall Requirements
+
+Ensure these ports are open on `cryodev-main`:
+
+| Port | Protocol | Service |
+|------|----------|---------|
+| 22 | TCP | SSH |
+| 80 | TCP | HTTP (ACME/redirect) |
+| 443 | TCP | HTTPS |
+| 25 | TCP | SMTP |
+| 465 | TCP | SMTPS |
+| 587 | TCP | SMTP Submission |
+| 993 | TCP | IMAPS |