winzlieb/network
winzlieb
/
network
forked from zentralwerk/network
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

pkgs/dns-slaves: fix

This commit is contained in:
Astro 2022-09-18 15:50:11 +02:00
parent 8583b55c0f
commit da6b2d55fc
2 changed files with 33 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
nix/lib/dns.nix
View File

@ -8,7 +8,7 @@ rec {
internalNS = [ ns ]; internalNS = [ ns ];
# public servers (slaves) # public servers (slaves)
publicNS = [ "ns.c3d2.de" "ns.spaceboyz.net" ]; publicNS = [ "ns.c3d2.de" "ns.spaceboyz.net" ];
dynamicReverseZones = [ dynamicReverseZones = [
"73.20.172.in-addr.arpa" "73.20.172.in-addr.arpa"
"74.20.172.in-addr.arpa" "74.20.172.in-addr.arpa"
@ -20,6 +20,18 @@ rec {
"99.22.172.in-addr.arpa" "99.22.172.in-addr.arpa"
]; ];
mapI = start: end: f:
if start >= end
then []
else [ (f start) ] ++ mapI (start + 1) end f;
isRfc1918Reverse = reverse:
builtins.any (suffix: lib.hasSuffix suffix reverse) ([
"10.in-addr.arpa"
"168.192.in-addr.arpa"
] ++ mapI 0 32 (i:
"${toString (16 + i)}.172.in-addr.arpa"
));
localZones = localZones =
let let
# ip6.arpa aggregation size in CIDR bits # ip6.arpa aggregation size in CIDR bits
@ -44,7 +56,8 @@ rec {
# generate zones only for nets with hosts # generate zones only for nets with hosts
namedNets = lib.filterAttrs (_name: { hosts4, hosts6, dynamicDomain, ... }: namedNets = lib.filterAttrs (_name: { hosts4, hosts6, dynamicDomain, ... }:
(hosts4 != [] && hosts6 != []) || hosts4 != {} ||
hosts6 != {} ||
dynamicDomain dynamicDomain
) config.site.net; ) config.site.net;
@ -143,10 +156,11 @@ rec {
# `{ dn42 = [ "....ip6.arpa" ]; }` # `{ dn42 = [ "....ip6.arpa" ]; }`
reverseZones6 = builtins.mapAttrs (_ctx: reverseHosts6ctx: reverseZones6 = builtins.mapAttrs (_ctx: reverseHosts6ctx:
builtins.attrNames ( builtins.attrNames (
builtins.foldl' (result: rname: result // { builtins.foldl' (result: rname:
"${builtins.substring ((128 - reverseZone6Size) / 2) (72 - ((128 - reverseZone6Size) / 2)) rname}" = true; result // {
}) {} (builtins.attrNames reverseHosts6ctx) "${builtins.substring ((128 - reverseZone6Size) / 2) (72 - ((128 - reverseZone6Size) / 2)) rname}" = true;
) }) {} (builtins.attrNames reverseHosts6ctx)
)
) reverseHosts6; ) reverseHosts6;
in [ { in [ {
@ -169,7 +183,9 @@ rec {
type = "A"; type = "A";
data = "81.201.149.152"; data = "81.201.149.152";
} ]; } ];
} ] ++ builtins.concatLists ( } ]
++
builtins.concatLists (
builtins.attrValues ( builtins.attrValues (
builtins.mapAttrs (net: { dynamicDomain, hosts4, hosts6, extraRecords, ... }: [ builtins.mapAttrs (net: { dynamicDomain, hosts4, hosts6, extraRecords, ... }: [
{ {
@ -190,9 +206,14 @@ rec {
} }
]) namedNets ]) namedNets
) )
) ++ map (zone: { )
++
map (zone: {
name = zone; name = zone;
ns = internalNS; ns =
if isRfc1918Reverse zone
then internalNS
else publicNS;
records = records =
map (reverse: { map (reverse: {
name = builtins.head ( name = builtins.head (
@ -206,7 +227,8 @@ rec {
); );
dynamic = builtins.elem zone dynamicReverseZones; dynamic = builtins.elem zone dynamicReverseZones;
}) reverseZones4 }) reverseZones4
++ builtins.concatMap (ctx: ++
builtins.concatMap (ctx:
map (zone: { map (zone: {
name = zone; name = zone;
ns = ns =

2
nix/pkgs/dns-slaves.nix
View File

@ -20,7 +20,7 @@ writeText "named.slave.conf" (
type slave; type slave;
masters {${mastersStr} }; masters {${mastersStr} };
file "/var/lib/bind/slave/${name}.zone"; file "/var/lib/bind/slave/${name}.zone";
allow-notify {${mastersStr} }; allow-notify { ${mastersStr} };
allow-query { any; }; allow-query { any; };
}; };
'') ( '') (