sbr.pm-gandi.nix

 1# Gandi (public) DNS zone for sbr.pm - uses VPN IPs (10.100.0.x) only
 2{ dns, globals, ... }:
 3let
 4  dnsHelpers = import ../../../../lib/dns-helpers.nix { inherit globals; };
 5  inherit (dnsHelpers) getMachineIP;
 6
 7  # Import the common zone and override immich to point to kerkouane's public IP
 8  baseZone = import ./sbr.pm-common.nix {
 9    inherit dns globals;
10    getIPForMachine = getMachineIP;
11  };
12in
13baseZone
14// {
15  subdomains = baseZone.subdomains // {
16    # Override services to point to kerkouane's public IP (reverse proxy entry point)
17    immich.A = [ "167.99.17.238" ];
18    navidrome.A = [ "167.99.17.238" ];
19    jellyfin.A = [ "167.99.17.238" ];
20    audiobookshelf.A = [ "167.99.17.238" ];
21
22    # Internal services accessible via VPN only
23    ollama.A = [ "10.100.0.50" ]; # rhea VPN IP
24
25    # Service aliases
26    music.A = [ "167.99.17.238" ]; # navidrome
27    photos.A = [ "167.99.17.238" ]; # immich
28    podcasts.A = [ "167.99.17.238" ]; # audiobookshelf
29    llm.A = [ "10.100.0.50" ]; # ollama (rhea VPN IP)
30  };
31}