lib/dns: split dynamicReverseZones for ipv4/ipv6 to avoid ip6.arpa zones ending up in reverseZones4

2023-11-10 00:43:57 +01:00 · 2023-11-10 00:43:57 +01:00 · ec47077368
parent 3295a15758
commit ec47077368
2 changed files with 11 additions and 4 deletions
--- a/nix/lib/dns.nix
+++ b/nix/lib/dns.nix
@ -11,7 +11,7 @@ rec {

  publicIPv4 = config.site.hosts.upstream4.interfaces.up4-pppoe.upstream.staticIpv4Address;

-  dynamicReverseZones = [
+  dynamicReverseZones4 = [
    "73.20.172.in-addr.arpa"
    "74.20.172.in-addr.arpa"
    "75.20.172.in-addr.arpa"
@ -21,6 +21,8 @@ rec {
    "79.20.172.in-addr.arpa"
    "99.22.172.in-addr.arpa"
    "99.22.172.in-addr.arpa"
+  ];
+  dynamicReverseZones6 = [
    "2.0.0.0.c.2.0.8.1.8.0.0.a.2.ip6.arpa"
    "4.1.b.a.c.a.2.8.3.5.f.0.a.2.ip6.arpa"
    "5.0.2.d.3.c.2.4.0.0.2.4.d.f.ip6.arpa"
@ -97,7 +99,7 @@ rec {
              "${zone}" = true;
            }
          ) {} (builtins.attrNames reverseHosts4)
-        ) ++ dynamicReverseZones
+        ) ++ dynamicReverseZones4
      );

      # turns `::` into `0000:0000:0000:0000:0000:0000:0000:0000`
@ -242,7 +244,7 @@ rec {
          builtins.filter (lib.hasSuffix ".${zone}")
            (builtins.attrNames reverseHosts4)
        );
-      dynamic = builtins.elem zone dynamicReverseZones;
+      dynamic = builtins.elem zone dynamicReverseZones4;
    }) reverseZones4
    ++
    builtins.concatMap (ctx:
@ -261,6 +263,7 @@ rec {
            builtins.filter (lib.hasSuffix ".${zone}")
              (builtins.attrNames reverseHosts6.${ctx})
          );
+        dynamic = builtins.elem zone dynamicReverseZones6;
      }) reverseZones6.${ctx}
    ) (builtins.attrNames reverseZones6);
 }
--- a/nix/pkgs/default.nix
+++ b/nix/pkgs/default.nix
@ -10,7 +10,11 @@ let
    nixpkgs.lib.generators.toPretty {} self.lib.openwrtModels
  );
  export-config = pkgs.writeText "config.nix" (
-    nixpkgs.lib.generators.toPretty {} (lib.filterAttrsRecursive (n: v: n != "net-combined") config)
+    nixpkgs.lib.generators.toPretty {} (lib.filterAttrsRecursive (n: v: n != "net-combined") (
+      config
+      //
+      { site.dns.localZones = self.lib.dns.localZones; }
+    ))
  );

  encrypt-secrets = pkgs.writeScriptBin "encrypt-secrets" ''