From ec47077368a1282372a879139927a9b4e5b68c5d Mon Sep 17 00:00:00 2001
From: Astro <astro@spaceboyz.net>
Date: Fri, 10 Nov 2023 00:43:57 +0100
Subject: [PATCH] lib/dns: split dynamicReverseZones for ipv4/ipv6 to avoid
 ip6.arpa zones ending up in reverseZones4

---
 nix/lib/dns.nix      | 9 ++++++---
 nix/pkgs/default.nix | 6 +++++-
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/nix/lib/dns.nix b/nix/lib/dns.nix
index bd589a3..89bde8b 100644
--- a/nix/lib/dns.nix
+++ b/nix/lib/dns.nix
@@ -11,7 +11,7 @@ rec {
 
   publicIPv4 = config.site.hosts.upstream4.interfaces.up4-pppoe.upstream.staticIpv4Address;
 
-  dynamicReverseZones = [
+  dynamicReverseZones4 = [
     "73.20.172.in-addr.arpa"
     "74.20.172.in-addr.arpa"
     "75.20.172.in-addr.arpa"
@@ -21,6 +21,8 @@ rec {
     "79.20.172.in-addr.arpa"
     "99.22.172.in-addr.arpa"
     "99.22.172.in-addr.arpa"
+  ];
+  dynamicReverseZones6 = [
     "2.0.0.0.c.2.0.8.1.8.0.0.a.2.ip6.arpa"
     "4.1.b.a.c.a.2.8.3.5.f.0.a.2.ip6.arpa"
     "5.0.2.d.3.c.2.4.0.0.2.4.d.f.ip6.arpa"
@@ -97,7 +99,7 @@ rec {
               "${zone}" = true;
             }
           ) {} (builtins.attrNames reverseHosts4)
-        ) ++ dynamicReverseZones
+        ) ++ dynamicReverseZones4
       );
 
       # turns `::` into `0000:0000:0000:0000:0000:0000:0000:0000`
@@ -242,7 +244,7 @@ rec {
           builtins.filter (lib.hasSuffix ".${zone}")
             (builtins.attrNames reverseHosts4)
         );
-      dynamic = builtins.elem zone dynamicReverseZones;
+      dynamic = builtins.elem zone dynamicReverseZones4;
     }) reverseZones4
     ++
     builtins.concatMap (ctx:
@@ -261,6 +263,7 @@ rec {
             builtins.filter (lib.hasSuffix ".${zone}")
               (builtins.attrNames reverseHosts6.${ctx})
           );
+        dynamic = builtins.elem zone dynamicReverseZones6;
       }) reverseZones6.${ctx}
     ) (builtins.attrNames reverseZones6);
 }
diff --git a/nix/pkgs/default.nix b/nix/pkgs/default.nix
index 54a51c6..11ebae6 100644
--- a/nix/pkgs/default.nix
+++ b/nix/pkgs/default.nix
@@ -10,7 +10,11 @@ let
     nixpkgs.lib.generators.toPretty {} self.lib.openwrtModels
   );
   export-config = pkgs.writeText "config.nix" (
-    nixpkgs.lib.generators.toPretty {} (lib.filterAttrsRecursive (n: v: n != "net-combined") config)
+    nixpkgs.lib.generators.toPretty {} (lib.filterAttrsRecursive (n: v: n != "net-combined") (
+      config
+      //
+      { site.dns.localZones = self.lib.dns.localZones; }
+    ))
   );
 
   encrypt-secrets = pkgs.writeScriptBin "encrypt-secrets" ''