5ba78886d2
- Add automatic SD image builds for Raspberry Pi via Forgejo Actions - Enable binfmt emulation on cryodev-main for aarch64 cross-builds - Add sd-image.nix module to cryodev-pi configuration - Create comprehensive docs/ structure with installation guides - Split installation docs into: first-install (server), reinstall, new-client (Pi) - Add lib/utils.nix and apps/rebuild from synix - Fix headplane module for new upstream API (tale/headplane) - Fix various module issues (mailserver stateVersion, option conflicts) - Add placeholder secrets.yaml files for both hosts - Remove old INSTRUCTIONS.md (content moved to docs/)
2.1 KiB
2.1 KiB
DNS Configuration
Required DNS records for the cryodev infrastructure.
Primary Domain (cryodev.xyz)
A/AAAA Records
| Hostname | Type | Value | Purpose |
|---|---|---|---|
@ |
A | <SERVER_IP> |
Main server |
@ |
AAAA | <SERVER_IPV6> |
Main server (IPv6) |
mail |
A | <SERVER_IP> |
Mail server |
mail |
AAAA | <SERVER_IPV6> |
Mail server (IPv6) |
CNAME Records
| Hostname | Type | Value | Purpose |
|---|---|---|---|
git |
CNAME | @ |
Forgejo |
headscale |
CNAME | @ |
Headscale |
headplane |
CNAME | @ |
Headplane |
netdata |
CNAME | @ |
Netdata Monitoring |
Mail Records
| Hostname | Type | Value | Purpose |
|---|---|---|---|
@ |
MX | 10 mail.cryodev.xyz. |
Mail delivery |
@ |
TXT | "v=spf1 mx ~all" |
SPF |
_dmarc |
TXT | "v=DMARC1; p=none" |
DMARC |
mail._domainkey |
TXT | "v=DKIM1; k=rsa; p=..." |
DKIM |
Getting the DKIM Key
After deploying the mailserver, retrieve the DKIM public key:
sudo cat /var/dkim/cryodev.xyz.mail.txt
Add this as a TXT record for mail._domainkey.cryodev.xyz.
Verification
Check DNS Propagation
# A record
dig A cryodev.xyz
# MX record
dig MX cryodev.xyz
# SPF
dig TXT cryodev.xyz
# DKIM
dig TXT mail._domainkey.cryodev.xyz
# DMARC
dig TXT _dmarc.cryodev.xyz
Online Tools
- MXToolbox - Comprehensive DNS/mail testing
- Mail-tester - Email deliverability testing
- DMARC Analyzer - DMARC record validation
TTL Recommendations
For initial setup, use low TTLs (300 seconds) to allow quick changes.
After verification, increase to:
- A/AAAA records: 3600 (1 hour)
- CNAME records: 3600 (1 hour)
- MX records: 3600 (1 hour)
- TXT records: 3600 (1 hour)
Firewall Requirements
Ensure these ports are open on cryodev-main:
| Port | Protocol | Service |
|---|---|---|
| 22 | TCP | SSH |
| 80 | TCP | HTTP (ACME/redirect) |
| 443 | TCP | HTTPS |
| 25 | TCP | SMTP |
| 465 | TCP | SMTPS |
| 587 | TCP | SMTP Submission |
| 993 | TCP | IMAPS |