zentralwerk/network
zentralwerk/network
12
4
Fork 2
Code Issues 3 Pull Requests 1 Releases Wiki Activity

Compare commits

base: zentralwerk:1eeb24a2e2c1e99914fbb666ff4b2fb1f2f23d78
Branches Tags
zentralwerk:master
zentralwerk:nix-topology
zentralwerk:nixos-23.05
zentralwerk:bgp
zentralwerk:flpk-data-hoarder
zentralwerk:pacemaker
zentralwerk:nek0-mailtngbert-patch
zentralwerk:yggdrasil
zentralwerk:legacy
..
compare: zentralwerk:20c8821823d10e47ea6dc438bcf80852364ebd93
Branches Tags
zentralwerk:master
zentralwerk:nix-topology
zentralwerk:nixos-23.05
zentralwerk:bgp
zentralwerk:flpk-data-hoarder
zentralwerk:pacemaker
zentralwerk:nek0-mailtngbert-patch
zentralwerk:yggdrasil
zentralwerk:legacy

No commits in common. "1eeb24a2e2c1e99914fbb666ff4b2fb1f2f23d78" and "20c8821823d10e47ea6dc438bcf80852364ebd93" have entirely different histories.
1eeb24a2e2 ... 20c8821823

2 changed files with 214 additions and 250 deletions
Show Stats Expand all files Collapse all files

148
nix/nixos-module/container/dns.nix
View File

@ -1,56 +1,52 @@
{ hostName, config, lib, pkgs, self, ... }: { hostName, config, lib, pkgs, self, ... }:
lib.mkIf config.site.hosts.${hostName}.services.dns.enable {
services.bind =
let let
fqdn = "${hostName}.serv.zentralwerk.org"; fqdn = "${hostName}.serv.zentralwerk.org";
# public servers (slaves) # public servers (slaves)
publicNS = [ "ns.c3d2.de" "ns.spaceboyz.net" ]; publicNS = [ "ns.c3d2.de" "ns.spaceboyz.net" ];
in # allowed for zone-transfer
{ slaves = [
options = # ns.c3d2.de
with lib; "217.197.84.53" "2001:67c:1400:2240::a"
let # ns.spaceboyz.net
recordOpts = { "172.22.24.4" "2a01:4f9:4b:39ec::4"
name = mkOption { ];
description = "DNS label";
type = types.str;
};
type = mkOption {
type = types.enum [ "A" "AAAA" "PTR" ];
};
data = mkOption {
type = types.str;
};
};
zoneOpts = {
name = mkOption {
description = "DNS FQDN w/o trailing dot";
type = types.str;
};
ns = mkOption {
type = with types; listOf str;
};
records = mkOption {
type = with types; listOf (submodule {
options = recordOpts;
});
};
};
in {
site.dns.localZones = mkOption {
type = with types; listOf (submodule {
options = zoneOpts;
});
};
};
config = {
site.dns.localZones =
let
# ip6.arpa aggregation size in CIDR bits # ip6.arpa aggregation size in CIDR bits
reverseZone6Size = 60; reverseZone6Size = 60;
serial =
let
timestamp = toString self.lastModified;
datePkg = pkgs.runCommandLocal "date-${timestamp}" {} ''
date -d @${timestamp} +%Y%m%d%H > $out
'';
in
toString (import datePkg);
staticZone = { name, ns, records }: {
inherit name;
master = true;
file = builtins.toFile "${name}.zone" ''
$ORIGIN ${name}.
$TTL 1h
@ IN SOA ${fqdn}. astro.spaceboyz.net. (
${serial} ; serial
1h ; refresh
1m ; retry
2h ; expire
1m ; minimum
)
${lib.concatMapStrings (ns: " IN NS ${ns}.\n") ns}
${lib.concatMapStrings ({ name, type, data }:
"${name} IN ${type} ${data}\n"
) records}
'';
};
hosts4Records = hosts4: hosts4Records = hosts4:
builtins.attrValues ( builtins.attrValues (
builtins.mapAttrs (name: addr: { builtins.mapAttrs (name: addr: {
@ -172,11 +168,13 @@ in
) )
) reverseHosts6; ) reverseHosts6;
in [ { in {
enable = true;
zones = [ (staticZone {
name = "zentralwerk.org"; name = "zentralwerk.org";
ns = publicNS; ns = publicNS;
records = []; records = [];
} { }) (staticZone {
name = "zentralwerk.dn42"; name = "zentralwerk.dn42";
ns = [ fqdn ]; ns = [ fqdn ];
records = [ { records = [ {
@ -184,7 +182,7 @@ in
type = "A"; type = "A";
data = config.site.net.serv.hosts4.ipa; data = config.site.net.serv.hosts4.ipa;
} ]; } ];
} { }) (staticZone {
name = "dyn.zentralwerk.org"; name = "dyn.zentralwerk.org";
ns = publicNS; ns = publicNS;
# TODO: implement dyndns # TODO: implement dyndns
@ -197,28 +195,28 @@ in
type = "A"; type = "A";
data = "24.134.252.105"; data = "24.134.252.105";
} ]; } ];
} ] ++ builtins.concatLists ( }) ] ++ builtins.concatLists (
builtins.attrValues ( builtins.attrValues (
builtins.mapAttrs (net: { dynamicDomain, hosts4, hosts6, ... }: [ builtins.mapAttrs (net: { dynamicDomain, hosts4, hosts6, ... }: [
(if dynamicDomain (if dynamicDomain
then throw "TODO" then throw "TODO"
else { else staticZone {
name = "${net}.zentralwerk.dn42"; name = "${net}.zentralwerk.dn42";
ns = [ fqdn ]; ns = [ fqdn ];
records = records =
hosts4Records hosts4 ++ hosts4Records hosts4 ++
lib.optionals (hosts6 ? dn42) (hosts6Records hosts6.dn42); lib.optionals (hosts6 ? dn42) (hosts6Records hosts6.dn42);
}) })
{ (staticZone {
name = "${net}.zentralwerk.org"; name = "${net}.zentralwerk.org";
ns = publicNS; ns = publicNS;
records = records =
lib.optionals (hosts6 ? up1) (hosts6Records hosts6.up1) ++ lib.optionals (hosts6 ? up1) (hosts6Records hosts6.up1) ++
lib.optionals (hosts6 ? up2) (hosts6Records hosts6.up2); lib.optionals (hosts6 ? up2) (hosts6Records hosts6.up2);
} })
]) namedNets ]) namedNets
) )
) ++ map (zone: { ) ++ map (zone: staticZone {
name = zone; name = zone;
ns = [ fqdn ]; ns = [ fqdn ];
records = records =
@ -234,7 +232,7 @@ in
); );
}) reverseZones4 }) reverseZones4
++ builtins.concatMap (ctx: ++ builtins.concatMap (ctx:
map (zone: { map (zone: staticZone {
name = zone; name = zone;
ns = ns =
if ctx == "dn42" if ctx == "dn42"
@ -253,51 +251,7 @@ in
); );
}) reverseZones6.${ctx} }) reverseZones6.${ctx}
) (builtins.attrNames reverseZones6); ) (builtins.attrNames reverseZones6);
services.bind = lib.mkIf config.site.hosts.${hostName}.services.dns.enable (
let
serial =
let
timestamp = toString self.lastModified;
datePkg = pkgs.runCommandLocal "date-${timestamp}" {} ''
date -d @${timestamp} +%Y%m%d%H > $out
'';
in
toString (import datePkg);
generateZone = { name, ns, records }: {
inherit name;
master = true;
# allowed for zone-transfer
slaves = [
# ns.c3d2.de
"217.197.84.53" "2001:67c:1400:2240::a"
# ns.spaceboyz.net
"172.22.24.4" "2a01:4f9:4b:39ec::4"
];
file = builtins.toFile "${name}.zone" ''
$ORIGIN ${name}.
$TTL 1h
@ IN SOA ${fqdn}. astro.spaceboyz.net. (
${serial} ; serial
1h ; refresh
1m ; retry
2h ; expire
1m ; minimum
)
${lib.concatMapStrings (ns: " IN NS ${ns}.\n") ns}
${lib.concatMapStrings ({ name, type, data }:
"${name} IN ${type} ${data}\n"
) records}
'';
}; };
in {
enable = true;
zones = map generateZone config.site.dns.localZones;
});
# TODO: dyn # TODO: dyn
};
} }

80
nix/nixos-module/container/dnscache.nix
View File

@ -39,18 +39,23 @@ lib.mkIf config.site.hosts.${hostName}.services.dnscache.enable {
insecure-lan-zones: yes insecure-lan-zones: yes
domain-insecure: "dn42" domain-insecure: "dn42"
domain-insecure: "10.in-addr.arpa" domain-insecure: "20.172.in-addr.arpa"
${lib.concatMapStrings (x: domain-insecure: "21.172.in-addr.arpa"
" domain-insecure: ${toString x}.172.in-addr.arpa\n" domain-insecure: "22.172.in-addr.arpa"
) [ domain-insecure: "99.22.172.in-addr.arpa"
16 17 18 19 domain-insecure: "23.172.in-addr.arpa"
20 21 22 23
24 25 26 27
28 29 30 31
]}
domain-insecure: "168.192.in-addr.arpa"
domain-insecure: "d.f.ip6.arpa" domain-insecure: "d.f.ip6.arpa"
domain-insecure: "ffdd" domain-insecure: "ffdd"
domain-insecure: "200.10.in-addr.arpa"
domain-insecure: "201.10.in-addr.arpa"
local-zone: "20.172.in-addr.arpa." nodefault
local-zone: "21.172.in-addr.arpa." nodefault
local-zone: "22.172.in-addr.arpa." nodefault
local-zone: "99.22.172.in-addr.arpa." nodefault
local-zone: "23.172.in-addr.arpa." nodefault
local-zone: "d.f.ip6.arpa." nodefault
local-zone: "200.10.in-addr.arpa." nodefault
local-zone: "201.10.in-addr.arpa." nodefault
forward-zone: forward-zone:
name: "." name: "."
@ -68,14 +73,37 @@ lib.mkIf config.site.hosts.${hostName}.services.dnscache.enable {
# Local networks # Local networks
${lib.concatMapStrings ({ name, ... }: ''
forward-zone: forward-zone:
name: "${name}" name: "zentralwerk.dn42"
forward-host: "${config.site.net.serv.hosts4.dns}" forward-host: "dns.serv.zentralwerk.org"
${lib.concatMapStrings (hosts6:
" forward-host: ${hosts6.dns}\n" forward-zone:
) (builtins.attrValues config.site.net.serv.hosts6)} name: "72.20.172.in-addr.arpa"
'') config.site.dns.localZones} forward-host: "dns.serv.zentralwerk.org"
forward-zone:
name: "73.20.172.in-addr.arpa"
forward-host: "dns.serv.zentralwerk.org"
forward-zone:
name: "74.20.172.in-addr.arpa"
forward-host: "dns.serv.zentralwerk.org"
forward-zone:
name: "75.20.172.in-addr.arpa"
forward-host: "dns.serv.zentralwerk.org"
forward-zone:
name: "76.20.172.in-addr.arpa"
forward-host: "dns.serv.zentralwerk.org"
forward-zone:
name: "77.20.172.in-addr.arpa"
forward-host: "dns.serv.zentralwerk.org"
forward-zone:
name: "0.0.5.0.2.d.3.c.4.2.0.0.3.2.d.f.ip6.arpa"
forward-host: "dns.serv.zentralwerk.org"
# C3D2 reverse # C3D2 reverse
@ -105,50 +133,32 @@ lib.mkIf config.site.hosts.${hostName}.services.dnscache.enable {
stub-zone: stub-zone:
name: "dn42" name: "dn42"
stub-prime: yes stub-prime: yes
stub-addr: 172.20.0.53
stub-addr: fd42:d42:d42:54::1
stub-addr: 172.23.0.53 stub-addr: 172.23.0.53
stub-addr: fd42:d42:d42:53::1
stub-zone: stub-zone:
name: "20.172.in-addr.arpa" name: "20.172.in-addr.arpa"
stub-prime: yes stub-prime: yes
stub-addr: 172.20.0.53
stub-addr: fd42:d42:d42:54::1
stub-addr: 172.23.0.53 stub-addr: 172.23.0.53
stub-addr: fd42:d42:d42:53::1
stub-zone: stub-zone:
name: "21.172.in-addr.arpa" name: "21.172.in-addr.arpa"
stub-prime: yes stub-prime: yes
stub-addr: 172.20.0.53
stub-addr: fd42:d42:d42:54::1
stub-addr: 172.23.0.53 stub-addr: 172.23.0.53
stub-addr: fd42:d42:d42:53::1
stub-zone: stub-zone:
name: "22.172.in-addr.arpa" name: "22.172.in-addr.arpa"
stub-prime: yes stub-prime: yes
stub-addr: 172.20.0.53
stub-addr: fd42:d42:d42:54::1
stub-addr: 172.23.0.53 stub-addr: 172.23.0.53
stub-addr: fd42:d42:d42:53::1
stub-zone: stub-zone:
name: "23.172.in-addr.arpa" name: "23.172.in-addr.arpa"
stub-prime: yes stub-prime: yes
stub-addr: 172.20.0.53
stub-addr: fd42:d42:d42:54::1
stub-addr: 172.23.0.53 stub-addr: 172.23.0.53
stub-addr: fd42:d42:d42:53::1
stub-zone: stub-zone:
name: "d.f.ip6.arpa" name: "d.f.ip6.arpa"
stub-prime: yes stub-prime: yes
stub-addr: 172.20.0.53
stub-addr: fd42:d42:d42:54::1
stub-addr: 172.23.0.53 stub-addr: 172.23.0.53
stub-addr: fd42:d42:d42:53::1
''; '';
}; };
} }