lib/dns: split dynamicReverseZones for ipv4/ipv6 to avoid ip6.arpa zones ending up in reverseZones4

This commit is contained in:
Astro 2023-11-10 00:43:57 +01:00
parent 3295a15758
commit ec47077368
2 changed files with 11 additions and 4 deletions

View File

@ -11,7 +11,7 @@ rec {
publicIPv4 = config.site.hosts.upstream4.interfaces.up4-pppoe.upstream.staticIpv4Address; publicIPv4 = config.site.hosts.upstream4.interfaces.up4-pppoe.upstream.staticIpv4Address;
dynamicReverseZones = [ dynamicReverseZones4 = [
"73.20.172.in-addr.arpa" "73.20.172.in-addr.arpa"
"74.20.172.in-addr.arpa" "74.20.172.in-addr.arpa"
"75.20.172.in-addr.arpa" "75.20.172.in-addr.arpa"
@ -21,6 +21,8 @@ rec {
"79.20.172.in-addr.arpa" "79.20.172.in-addr.arpa"
"99.22.172.in-addr.arpa" "99.22.172.in-addr.arpa"
"99.22.172.in-addr.arpa" "99.22.172.in-addr.arpa"
];
dynamicReverseZones6 = [
"2.0.0.0.c.2.0.8.1.8.0.0.a.2.ip6.arpa" "2.0.0.0.c.2.0.8.1.8.0.0.a.2.ip6.arpa"
"4.1.b.a.c.a.2.8.3.5.f.0.a.2.ip6.arpa" "4.1.b.a.c.a.2.8.3.5.f.0.a.2.ip6.arpa"
"5.0.2.d.3.c.2.4.0.0.2.4.d.f.ip6.arpa" "5.0.2.d.3.c.2.4.0.0.2.4.d.f.ip6.arpa"
@ -97,7 +99,7 @@ rec {
"${zone}" = true; "${zone}" = true;
} }
) {} (builtins.attrNames reverseHosts4) ) {} (builtins.attrNames reverseHosts4)
) ++ dynamicReverseZones ) ++ dynamicReverseZones4
); );
# turns `::` into `0000:0000:0000:0000:0000:0000:0000:0000` # turns `::` into `0000:0000:0000:0000:0000:0000:0000:0000`
@ -242,7 +244,7 @@ rec {
builtins.filter (lib.hasSuffix ".${zone}") builtins.filter (lib.hasSuffix ".${zone}")
(builtins.attrNames reverseHosts4) (builtins.attrNames reverseHosts4)
); );
dynamic = builtins.elem zone dynamicReverseZones; dynamic = builtins.elem zone dynamicReverseZones4;
}) reverseZones4 }) reverseZones4
++ ++
builtins.concatMap (ctx: builtins.concatMap (ctx:
@ -261,6 +263,7 @@ rec {
builtins.filter (lib.hasSuffix ".${zone}") builtins.filter (lib.hasSuffix ".${zone}")
(builtins.attrNames reverseHosts6.${ctx}) (builtins.attrNames reverseHosts6.${ctx})
); );
dynamic = builtins.elem zone dynamicReverseZones6;
}) reverseZones6.${ctx} }) reverseZones6.${ctx}
) (builtins.attrNames reverseZones6); ) (builtins.attrNames reverseZones6);
} }

View File

@ -10,7 +10,11 @@ let
nixpkgs.lib.generators.toPretty {} self.lib.openwrtModels nixpkgs.lib.generators.toPretty {} self.lib.openwrtModels
); );
export-config = pkgs.writeText "config.nix" ( export-config = pkgs.writeText "config.nix" (
nixpkgs.lib.generators.toPretty {} (lib.filterAttrsRecursive (n: v: n != "net-combined") config) nixpkgs.lib.generators.toPretty {} (lib.filterAttrsRecursive (n: v: n != "net-combined") (
config
//
{ site.dns.localZones = self.lib.dns.localZones; }
))
); );
encrypt-secrets = pkgs.writeScriptBin "encrypt-secrets" '' encrypt-secrets = pkgs.writeScriptBin "encrypt-secrets" ''