From da6b2d55fc7e8d3a84e3c77829b4d03256f28afc Mon Sep 17 00:00:00 2001
From: Astro <astro@spaceboyz.net>
Date: Sun, 18 Sep 2022 15:50:11 +0200
Subject: [PATCH] pkgs/dns-slaves: fix

---
 nix/lib/dns.nix         | 42 +++++++++++++++++++++++++++++++----------
 nix/pkgs/dns-slaves.nix |  2 +-
 2 files changed, 33 insertions(+), 11 deletions(-)

diff --git a/nix/lib/dns.nix b/nix/lib/dns.nix
index cd0c042..935ae51 100644
--- a/nix/lib/dns.nix
+++ b/nix/lib/dns.nix
@@ -8,7 +8,7 @@ rec {
   internalNS = [ ns ];
   # public servers (slaves)
   publicNS = [ "ns.c3d2.de" "ns.spaceboyz.net" ];
-  
+
   dynamicReverseZones = [
     "73.20.172.in-addr.arpa"
     "74.20.172.in-addr.arpa"
@@ -20,6 +20,18 @@ rec {
     "99.22.172.in-addr.arpa"
   ];
 
+  mapI = start: end: f:
+    if start >= end
+    then []
+    else [ (f start) ] ++ mapI (start + 1) end f;
+  isRfc1918Reverse = reverse:
+    builtins.any (suffix: lib.hasSuffix suffix reverse) ([
+      "10.in-addr.arpa"
+      "168.192.in-addr.arpa"
+    ] ++ mapI 0 32 (i:
+      "${toString (16 + i)}.172.in-addr.arpa"
+    ));
+
   localZones =
     let
       # ip6.arpa aggregation size in CIDR bits
@@ -44,7 +56,8 @@ rec {
 
       # generate zones only for nets with hosts
       namedNets = lib.filterAttrs (_name: { hosts4, hosts6, dynamicDomain, ... }:
-        (hosts4 != [] && hosts6 != []) ||
+        hosts4 != {} ||
+        hosts6 != {} ||
         dynamicDomain
       ) config.site.net;
 
@@ -143,10 +156,11 @@ rec {
       # `{ dn42 = [ "....ip6.arpa" ]; }`
       reverseZones6 = builtins.mapAttrs (_ctx: reverseHosts6ctx:
         builtins.attrNames (
-          builtins.foldl' (result: rname: result // {
-            "${builtins.substring ((128 - reverseZone6Size) / 2) (72 - ((128 - reverseZone6Size) / 2)) rname}" = true;
-          }) {} (builtins.attrNames reverseHosts6ctx)
-        )
+          builtins.foldl' (result: rname:
+              result // {
+                "${builtins.substring ((128 - reverseZone6Size) / 2) (72 - ((128 - reverseZone6Size) / 2)) rname}" = true;
+              }) {} (builtins.attrNames reverseHosts6ctx)
+          )
       ) reverseHosts6;
 
     in [ {
@@ -169,7 +183,9 @@ rec {
         type = "A";
         data = "81.201.149.152";
       } ];
-    } ] ++ builtins.concatLists (
+    } ]
+    ++
+    builtins.concatLists (
       builtins.attrValues (
         builtins.mapAttrs (net: { dynamicDomain, hosts4, hosts6, extraRecords, ... }: [
           {
@@ -190,9 +206,14 @@ rec {
           }
         ]) namedNets
       )
-    ) ++ map (zone: {
+    )
+    ++
+    map (zone: {
       name = zone;
-      ns = internalNS;
+      ns =
+        if isRfc1918Reverse zone
+        then internalNS
+        else publicNS;
       records =
         map (reverse: {
           name = builtins.head (
@@ -206,7 +227,8 @@ rec {
         );
       dynamic = builtins.elem zone dynamicReverseZones;
     }) reverseZones4
-    ++ builtins.concatMap (ctx:
+    ++
+    builtins.concatMap (ctx:
       map (zone: {
         name = zone;
         ns =
diff --git a/nix/pkgs/dns-slaves.nix b/nix/pkgs/dns-slaves.nix
index b313628..5f4fdc4 100644
--- a/nix/pkgs/dns-slaves.nix
+++ b/nix/pkgs/dns-slaves.nix
@@ -20,7 +20,7 @@ writeText "named.slave.conf" (
       type slave;
       masters {${mastersStr} };
       file "/var/lib/bind/slave/${name}.zone";
-      allow-notify {${mastersStr} };
+      allow-notify { ${mastersStr} };
       allow-query { any; };
     };
   '') (