nixos-module/container/dns: factor zones out into config.site.dns.localZones
This commit is contained in:
parent
20c8821823
commit
b800691dad
|
@ -1,52 +1,56 @@
|
|||
{ hostName, config, lib, pkgs, self, ... }:
|
||||
|
||||
lib.mkIf config.site.hosts.${hostName}.services.dns.enable {
|
||||
services.bind =
|
||||
let
|
||||
let
|
||||
fqdn = "${hostName}.serv.zentralwerk.org";
|
||||
# public servers (slaves)
|
||||
publicNS = [ "ns.c3d2.de" "ns.spaceboyz.net" ];
|
||||
# allowed for zone-transfer
|
||||
slaves = [
|
||||
# ns.c3d2.de
|
||||
"217.197.84.53" "2001:67c:1400:2240::a"
|
||||
# ns.spaceboyz.net
|
||||
"172.22.24.4" "2a01:4f9:4b:39ec::4"
|
||||
];
|
||||
in
|
||||
{
|
||||
options =
|
||||
with lib;
|
||||
let
|
||||
recordOpts = {
|
||||
name = mkOption {
|
||||
description = "DNS label";
|
||||
type = types.str;
|
||||
};
|
||||
type = mkOption {
|
||||
type = types.enum [ "A" "AAAA" "PTR" ];
|
||||
};
|
||||
data = mkOption {
|
||||
type = types.str;
|
||||
};
|
||||
};
|
||||
|
||||
zoneOpts = {
|
||||
name = mkOption {
|
||||
description = "DNS FQDN w/o trailing dot";
|
||||
type = types.str;
|
||||
};
|
||||
ns = mkOption {
|
||||
type = with types; listOf str;
|
||||
};
|
||||
records = mkOption {
|
||||
type = with types; listOf (submodule {
|
||||
options = recordOpts;
|
||||
});
|
||||
};
|
||||
};
|
||||
|
||||
in {
|
||||
site.dns.localZones = mkOption {
|
||||
type = with types; listOf (submodule {
|
||||
options = zoneOpts;
|
||||
});
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
site.dns.localZones =
|
||||
let
|
||||
# ip6.arpa aggregation size in CIDR bits
|
||||
reverseZone6Size = 60;
|
||||
|
||||
serial =
|
||||
let
|
||||
timestamp = toString self.lastModified;
|
||||
datePkg = pkgs.runCommandLocal "date-${timestamp}" {} ''
|
||||
date -d @${timestamp} +%Y%m%d%H > $out
|
||||
'';
|
||||
in
|
||||
toString (import datePkg);
|
||||
|
||||
staticZone = { name, ns, records }: {
|
||||
inherit name;
|
||||
master = true;
|
||||
file = builtins.toFile "${name}.zone" ''
|
||||
$ORIGIN ${name}.
|
||||
$TTL 1h
|
||||
|
||||
@ IN SOA ${fqdn}. astro.spaceboyz.net. (
|
||||
${serial} ; serial
|
||||
1h ; refresh
|
||||
1m ; retry
|
||||
2h ; expire
|
||||
1m ; minimum
|
||||
)
|
||||
${lib.concatMapStrings (ns: " IN NS ${ns}.\n") ns}
|
||||
|
||||
${lib.concatMapStrings ({ name, type, data }:
|
||||
"${name} IN ${type} ${data}\n"
|
||||
) records}
|
||||
'';
|
||||
};
|
||||
|
||||
hosts4Records = hosts4:
|
||||
builtins.attrValues (
|
||||
builtins.mapAttrs (name: addr: {
|
||||
|
@ -168,13 +172,11 @@ lib.mkIf config.site.hosts.${hostName}.services.dns.enable {
|
|||
)
|
||||
) reverseHosts6;
|
||||
|
||||
in {
|
||||
enable = true;
|
||||
zones = [ (staticZone {
|
||||
in [ {
|
||||
name = "zentralwerk.org";
|
||||
ns = publicNS;
|
||||
records = [];
|
||||
}) (staticZone {
|
||||
} {
|
||||
name = "zentralwerk.dn42";
|
||||
ns = [ fqdn ];
|
||||
records = [ {
|
||||
|
@ -182,7 +184,7 @@ lib.mkIf config.site.hosts.${hostName}.services.dns.enable {
|
|||
type = "A";
|
||||
data = config.site.net.serv.hosts4.ipa;
|
||||
} ];
|
||||
}) (staticZone {
|
||||
} {
|
||||
name = "dyn.zentralwerk.org";
|
||||
ns = publicNS;
|
||||
# TODO: implement dyndns
|
||||
|
@ -195,28 +197,28 @@ lib.mkIf config.site.hosts.${hostName}.services.dns.enable {
|
|||
type = "A";
|
||||
data = "24.134.252.105";
|
||||
} ];
|
||||
}) ] ++ builtins.concatLists (
|
||||
} ] ++ builtins.concatLists (
|
||||
builtins.attrValues (
|
||||
builtins.mapAttrs (net: { dynamicDomain, hosts4, hosts6, ... }: [
|
||||
(if dynamicDomain
|
||||
then throw "TODO"
|
||||
else staticZone {
|
||||
else {
|
||||
name = "${net}.zentralwerk.dn42";
|
||||
ns = [ fqdn ];
|
||||
records =
|
||||
hosts4Records hosts4 ++
|
||||
lib.optionals (hosts6 ? dn42) (hosts6Records hosts6.dn42);
|
||||
})
|
||||
(staticZone {
|
||||
{
|
||||
name = "${net}.zentralwerk.org";
|
||||
ns = publicNS;
|
||||
records =
|
||||
lib.optionals (hosts6 ? up1) (hosts6Records hosts6.up1) ++
|
||||
lib.optionals (hosts6 ? up2) (hosts6Records hosts6.up2);
|
||||
})
|
||||
}
|
||||
]) namedNets
|
||||
)
|
||||
) ++ map (zone: staticZone {
|
||||
) ++ map (zone: {
|
||||
name = zone;
|
||||
ns = [ fqdn ];
|
||||
records =
|
||||
|
@ -232,7 +234,7 @@ lib.mkIf config.site.hosts.${hostName}.services.dns.enable {
|
|||
);
|
||||
}) reverseZones4
|
||||
++ builtins.concatMap (ctx:
|
||||
map (zone: staticZone {
|
||||
map (zone: {
|
||||
name = zone;
|
||||
ns =
|
||||
if ctx == "dn42"
|
||||
|
@ -251,7 +253,51 @@ lib.mkIf config.site.hosts.${hostName}.services.dns.enable {
|
|||
);
|
||||
}) reverseZones6.${ctx}
|
||||
) (builtins.attrNames reverseZones6);
|
||||
|
||||
services.bind = lib.mkIf config.site.hosts.${hostName}.services.dns.enable (
|
||||
let
|
||||
serial =
|
||||
let
|
||||
timestamp = toString self.lastModified;
|
||||
datePkg = pkgs.runCommandLocal "date-${timestamp}" {} ''
|
||||
date -d @${timestamp} +%Y%m%d%H > $out
|
||||
'';
|
||||
in
|
||||
toString (import datePkg);
|
||||
|
||||
generateZone = { name, ns, records }: {
|
||||
inherit name;
|
||||
master = true;
|
||||
# allowed for zone-transfer
|
||||
slaves = [
|
||||
# ns.c3d2.de
|
||||
"217.197.84.53" "2001:67c:1400:2240::a"
|
||||
# ns.spaceboyz.net
|
||||
"172.22.24.4" "2a01:4f9:4b:39ec::4"
|
||||
];
|
||||
file = builtins.toFile "${name}.zone" ''
|
||||
$ORIGIN ${name}.
|
||||
$TTL 1h
|
||||
|
||||
@ IN SOA ${fqdn}. astro.spaceboyz.net. (
|
||||
${serial} ; serial
|
||||
1h ; refresh
|
||||
1m ; retry
|
||||
2h ; expire
|
||||
1m ; minimum
|
||||
)
|
||||
${lib.concatMapStrings (ns: " IN NS ${ns}.\n") ns}
|
||||
|
||||
${lib.concatMapStrings ({ name, type, data }:
|
||||
"${name} IN ${type} ${data}\n"
|
||||
) records}
|
||||
'';
|
||||
};
|
||||
in {
|
||||
enable = true;
|
||||
zones = map generateZone config.site.dns.localZones;
|
||||
});
|
||||
|
||||
# TODO: dyn
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue