Compare commits
No commits in common. "1eeb24a2e2c1e99914fbb666ff4b2fb1f2f23d78" and "20c8821823d10e47ea6dc438bcf80852364ebd93" have entirely different histories.
1eeb24a2e2
...
20c8821823
|
@ -1,56 +1,52 @@
|
||||||
{ hostName, config, lib, pkgs, self, ... }:
|
{ hostName, config, lib, pkgs, self, ... }:
|
||||||
|
|
||||||
|
lib.mkIf config.site.hosts.${hostName}.services.dns.enable {
|
||||||
|
services.bind =
|
||||||
let
|
let
|
||||||
fqdn = "${hostName}.serv.zentralwerk.org";
|
fqdn = "${hostName}.serv.zentralwerk.org";
|
||||||
# public servers (slaves)
|
# public servers (slaves)
|
||||||
publicNS = [ "ns.c3d2.de" "ns.spaceboyz.net" ];
|
publicNS = [ "ns.c3d2.de" "ns.spaceboyz.net" ];
|
||||||
in
|
# allowed for zone-transfer
|
||||||
{
|
slaves = [
|
||||||
options =
|
# ns.c3d2.de
|
||||||
with lib;
|
"217.197.84.53" "2001:67c:1400:2240::a"
|
||||||
let
|
# ns.spaceboyz.net
|
||||||
recordOpts = {
|
"172.22.24.4" "2a01:4f9:4b:39ec::4"
|
||||||
name = mkOption {
|
];
|
||||||
description = "DNS label";
|
|
||||||
type = types.str;
|
|
||||||
};
|
|
||||||
type = mkOption {
|
|
||||||
type = types.enum [ "A" "AAAA" "PTR" ];
|
|
||||||
};
|
|
||||||
data = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
zoneOpts = {
|
|
||||||
name = mkOption {
|
|
||||||
description = "DNS FQDN w/o trailing dot";
|
|
||||||
type = types.str;
|
|
||||||
};
|
|
||||||
ns = mkOption {
|
|
||||||
type = with types; listOf str;
|
|
||||||
};
|
|
||||||
records = mkOption {
|
|
||||||
type = with types; listOf (submodule {
|
|
||||||
options = recordOpts;
|
|
||||||
});
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
in {
|
|
||||||
site.dns.localZones = mkOption {
|
|
||||||
type = with types; listOf (submodule {
|
|
||||||
options = zoneOpts;
|
|
||||||
});
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
config = {
|
|
||||||
site.dns.localZones =
|
|
||||||
let
|
|
||||||
# ip6.arpa aggregation size in CIDR bits
|
# ip6.arpa aggregation size in CIDR bits
|
||||||
reverseZone6Size = 60;
|
reverseZone6Size = 60;
|
||||||
|
|
||||||
|
serial =
|
||||||
|
let
|
||||||
|
timestamp = toString self.lastModified;
|
||||||
|
datePkg = pkgs.runCommandLocal "date-${timestamp}" {} ''
|
||||||
|
date -d @${timestamp} +%Y%m%d%H > $out
|
||||||
|
'';
|
||||||
|
in
|
||||||
|
toString (import datePkg);
|
||||||
|
|
||||||
|
staticZone = { name, ns, records }: {
|
||||||
|
inherit name;
|
||||||
|
master = true;
|
||||||
|
file = builtins.toFile "${name}.zone" ''
|
||||||
|
$ORIGIN ${name}.
|
||||||
|
$TTL 1h
|
||||||
|
|
||||||
|
@ IN SOA ${fqdn}. astro.spaceboyz.net. (
|
||||||
|
${serial} ; serial
|
||||||
|
1h ; refresh
|
||||||
|
1m ; retry
|
||||||
|
2h ; expire
|
||||||
|
1m ; minimum
|
||||||
|
)
|
||||||
|
${lib.concatMapStrings (ns: " IN NS ${ns}.\n") ns}
|
||||||
|
|
||||||
|
${lib.concatMapStrings ({ name, type, data }:
|
||||||
|
"${name} IN ${type} ${data}\n"
|
||||||
|
) records}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
hosts4Records = hosts4:
|
hosts4Records = hosts4:
|
||||||
builtins.attrValues (
|
builtins.attrValues (
|
||||||
builtins.mapAttrs (name: addr: {
|
builtins.mapAttrs (name: addr: {
|
||||||
|
@ -172,11 +168,13 @@ in
|
||||||
)
|
)
|
||||||
) reverseHosts6;
|
) reverseHosts6;
|
||||||
|
|
||||||
in [ {
|
in {
|
||||||
|
enable = true;
|
||||||
|
zones = [ (staticZone {
|
||||||
name = "zentralwerk.org";
|
name = "zentralwerk.org";
|
||||||
ns = publicNS;
|
ns = publicNS;
|
||||||
records = [];
|
records = [];
|
||||||
} {
|
}) (staticZone {
|
||||||
name = "zentralwerk.dn42";
|
name = "zentralwerk.dn42";
|
||||||
ns = [ fqdn ];
|
ns = [ fqdn ];
|
||||||
records = [ {
|
records = [ {
|
||||||
|
@ -184,7 +182,7 @@ in
|
||||||
type = "A";
|
type = "A";
|
||||||
data = config.site.net.serv.hosts4.ipa;
|
data = config.site.net.serv.hosts4.ipa;
|
||||||
} ];
|
} ];
|
||||||
} {
|
}) (staticZone {
|
||||||
name = "dyn.zentralwerk.org";
|
name = "dyn.zentralwerk.org";
|
||||||
ns = publicNS;
|
ns = publicNS;
|
||||||
# TODO: implement dyndns
|
# TODO: implement dyndns
|
||||||
|
@ -197,28 +195,28 @@ in
|
||||||
type = "A";
|
type = "A";
|
||||||
data = "24.134.252.105";
|
data = "24.134.252.105";
|
||||||
} ];
|
} ];
|
||||||
} ] ++ builtins.concatLists (
|
}) ] ++ builtins.concatLists (
|
||||||
builtins.attrValues (
|
builtins.attrValues (
|
||||||
builtins.mapAttrs (net: { dynamicDomain, hosts4, hosts6, ... }: [
|
builtins.mapAttrs (net: { dynamicDomain, hosts4, hosts6, ... }: [
|
||||||
(if dynamicDomain
|
(if dynamicDomain
|
||||||
then throw "TODO"
|
then throw "TODO"
|
||||||
else {
|
else staticZone {
|
||||||
name = "${net}.zentralwerk.dn42";
|
name = "${net}.zentralwerk.dn42";
|
||||||
ns = [ fqdn ];
|
ns = [ fqdn ];
|
||||||
records =
|
records =
|
||||||
hosts4Records hosts4 ++
|
hosts4Records hosts4 ++
|
||||||
lib.optionals (hosts6 ? dn42) (hosts6Records hosts6.dn42);
|
lib.optionals (hosts6 ? dn42) (hosts6Records hosts6.dn42);
|
||||||
})
|
})
|
||||||
{
|
(staticZone {
|
||||||
name = "${net}.zentralwerk.org";
|
name = "${net}.zentralwerk.org";
|
||||||
ns = publicNS;
|
ns = publicNS;
|
||||||
records =
|
records =
|
||||||
lib.optionals (hosts6 ? up1) (hosts6Records hosts6.up1) ++
|
lib.optionals (hosts6 ? up1) (hosts6Records hosts6.up1) ++
|
||||||
lib.optionals (hosts6 ? up2) (hosts6Records hosts6.up2);
|
lib.optionals (hosts6 ? up2) (hosts6Records hosts6.up2);
|
||||||
}
|
})
|
||||||
]) namedNets
|
]) namedNets
|
||||||
)
|
)
|
||||||
) ++ map (zone: {
|
) ++ map (zone: staticZone {
|
||||||
name = zone;
|
name = zone;
|
||||||
ns = [ fqdn ];
|
ns = [ fqdn ];
|
||||||
records =
|
records =
|
||||||
|
@ -234,7 +232,7 @@ in
|
||||||
);
|
);
|
||||||
}) reverseZones4
|
}) reverseZones4
|
||||||
++ builtins.concatMap (ctx:
|
++ builtins.concatMap (ctx:
|
||||||
map (zone: {
|
map (zone: staticZone {
|
||||||
name = zone;
|
name = zone;
|
||||||
ns =
|
ns =
|
||||||
if ctx == "dn42"
|
if ctx == "dn42"
|
||||||
|
@ -253,51 +251,7 @@ in
|
||||||
);
|
);
|
||||||
}) reverseZones6.${ctx}
|
}) reverseZones6.${ctx}
|
||||||
) (builtins.attrNames reverseZones6);
|
) (builtins.attrNames reverseZones6);
|
||||||
|
|
||||||
services.bind = lib.mkIf config.site.hosts.${hostName}.services.dns.enable (
|
|
||||||
let
|
|
||||||
serial =
|
|
||||||
let
|
|
||||||
timestamp = toString self.lastModified;
|
|
||||||
datePkg = pkgs.runCommandLocal "date-${timestamp}" {} ''
|
|
||||||
date -d @${timestamp} +%Y%m%d%H > $out
|
|
||||||
'';
|
|
||||||
in
|
|
||||||
toString (import datePkg);
|
|
||||||
|
|
||||||
generateZone = { name, ns, records }: {
|
|
||||||
inherit name;
|
|
||||||
master = true;
|
|
||||||
# allowed for zone-transfer
|
|
||||||
slaves = [
|
|
||||||
# ns.c3d2.de
|
|
||||||
"217.197.84.53" "2001:67c:1400:2240::a"
|
|
||||||
# ns.spaceboyz.net
|
|
||||||
"172.22.24.4" "2a01:4f9:4b:39ec::4"
|
|
||||||
];
|
|
||||||
file = builtins.toFile "${name}.zone" ''
|
|
||||||
$ORIGIN ${name}.
|
|
||||||
$TTL 1h
|
|
||||||
|
|
||||||
@ IN SOA ${fqdn}. astro.spaceboyz.net. (
|
|
||||||
${serial} ; serial
|
|
||||||
1h ; refresh
|
|
||||||
1m ; retry
|
|
||||||
2h ; expire
|
|
||||||
1m ; minimum
|
|
||||||
)
|
|
||||||
${lib.concatMapStrings (ns: " IN NS ${ns}.\n") ns}
|
|
||||||
|
|
||||||
${lib.concatMapStrings ({ name, type, data }:
|
|
||||||
"${name} IN ${type} ${data}\n"
|
|
||||||
) records}
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
in {
|
|
||||||
enable = true;
|
|
||||||
zones = map generateZone config.site.dns.localZones;
|
|
||||||
});
|
|
||||||
|
|
||||||
# TODO: dyn
|
# TODO: dyn
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -39,18 +39,23 @@ lib.mkIf config.site.hosts.${hostName}.services.dnscache.enable {
|
||||||
insecure-lan-zones: yes
|
insecure-lan-zones: yes
|
||||||
|
|
||||||
domain-insecure: "dn42"
|
domain-insecure: "dn42"
|
||||||
domain-insecure: "10.in-addr.arpa"
|
domain-insecure: "20.172.in-addr.arpa"
|
||||||
${lib.concatMapStrings (x:
|
domain-insecure: "21.172.in-addr.arpa"
|
||||||
" domain-insecure: ${toString x}.172.in-addr.arpa\n"
|
domain-insecure: "22.172.in-addr.arpa"
|
||||||
) [
|
domain-insecure: "99.22.172.in-addr.arpa"
|
||||||
16 17 18 19
|
domain-insecure: "23.172.in-addr.arpa"
|
||||||
20 21 22 23
|
|
||||||
24 25 26 27
|
|
||||||
28 29 30 31
|
|
||||||
]}
|
|
||||||
domain-insecure: "168.192.in-addr.arpa"
|
|
||||||
domain-insecure: "d.f.ip6.arpa"
|
domain-insecure: "d.f.ip6.arpa"
|
||||||
domain-insecure: "ffdd"
|
domain-insecure: "ffdd"
|
||||||
|
domain-insecure: "200.10.in-addr.arpa"
|
||||||
|
domain-insecure: "201.10.in-addr.arpa"
|
||||||
|
local-zone: "20.172.in-addr.arpa." nodefault
|
||||||
|
local-zone: "21.172.in-addr.arpa." nodefault
|
||||||
|
local-zone: "22.172.in-addr.arpa." nodefault
|
||||||
|
local-zone: "99.22.172.in-addr.arpa." nodefault
|
||||||
|
local-zone: "23.172.in-addr.arpa." nodefault
|
||||||
|
local-zone: "d.f.ip6.arpa." nodefault
|
||||||
|
local-zone: "200.10.in-addr.arpa." nodefault
|
||||||
|
local-zone: "201.10.in-addr.arpa." nodefault
|
||||||
|
|
||||||
forward-zone:
|
forward-zone:
|
||||||
name: "."
|
name: "."
|
||||||
|
@ -68,14 +73,37 @@ lib.mkIf config.site.hosts.${hostName}.services.dnscache.enable {
|
||||||
|
|
||||||
# Local networks
|
# Local networks
|
||||||
|
|
||||||
${lib.concatMapStrings ({ name, ... }: ''
|
|
||||||
forward-zone:
|
forward-zone:
|
||||||
name: "${name}"
|
name: "zentralwerk.dn42"
|
||||||
forward-host: "${config.site.net.serv.hosts4.dns}"
|
forward-host: "dns.serv.zentralwerk.org"
|
||||||
${lib.concatMapStrings (hosts6:
|
|
||||||
" forward-host: ${hosts6.dns}\n"
|
forward-zone:
|
||||||
) (builtins.attrValues config.site.net.serv.hosts6)}
|
name: "72.20.172.in-addr.arpa"
|
||||||
'') config.site.dns.localZones}
|
forward-host: "dns.serv.zentralwerk.org"
|
||||||
|
|
||||||
|
forward-zone:
|
||||||
|
name: "73.20.172.in-addr.arpa"
|
||||||
|
forward-host: "dns.serv.zentralwerk.org"
|
||||||
|
|
||||||
|
forward-zone:
|
||||||
|
name: "74.20.172.in-addr.arpa"
|
||||||
|
forward-host: "dns.serv.zentralwerk.org"
|
||||||
|
|
||||||
|
forward-zone:
|
||||||
|
name: "75.20.172.in-addr.arpa"
|
||||||
|
forward-host: "dns.serv.zentralwerk.org"
|
||||||
|
|
||||||
|
forward-zone:
|
||||||
|
name: "76.20.172.in-addr.arpa"
|
||||||
|
forward-host: "dns.serv.zentralwerk.org"
|
||||||
|
|
||||||
|
forward-zone:
|
||||||
|
name: "77.20.172.in-addr.arpa"
|
||||||
|
forward-host: "dns.serv.zentralwerk.org"
|
||||||
|
|
||||||
|
forward-zone:
|
||||||
|
name: "0.0.5.0.2.d.3.c.4.2.0.0.3.2.d.f.ip6.arpa"
|
||||||
|
forward-host: "dns.serv.zentralwerk.org"
|
||||||
|
|
||||||
# C3D2 reverse
|
# C3D2 reverse
|
||||||
|
|
||||||
|
@ -105,50 +133,32 @@ lib.mkIf config.site.hosts.${hostName}.services.dnscache.enable {
|
||||||
stub-zone:
|
stub-zone:
|
||||||
name: "dn42"
|
name: "dn42"
|
||||||
stub-prime: yes
|
stub-prime: yes
|
||||||
stub-addr: 172.20.0.53
|
|
||||||
stub-addr: fd42:d42:d42:54::1
|
|
||||||
stub-addr: 172.23.0.53
|
stub-addr: 172.23.0.53
|
||||||
stub-addr: fd42:d42:d42:53::1
|
|
||||||
|
|
||||||
stub-zone:
|
stub-zone:
|
||||||
name: "20.172.in-addr.arpa"
|
name: "20.172.in-addr.arpa"
|
||||||
stub-prime: yes
|
stub-prime: yes
|
||||||
stub-addr: 172.20.0.53
|
|
||||||
stub-addr: fd42:d42:d42:54::1
|
|
||||||
stub-addr: 172.23.0.53
|
stub-addr: 172.23.0.53
|
||||||
stub-addr: fd42:d42:d42:53::1
|
|
||||||
|
|
||||||
stub-zone:
|
stub-zone:
|
||||||
name: "21.172.in-addr.arpa"
|
name: "21.172.in-addr.arpa"
|
||||||
stub-prime: yes
|
stub-prime: yes
|
||||||
stub-addr: 172.20.0.53
|
|
||||||
stub-addr: fd42:d42:d42:54::1
|
|
||||||
stub-addr: 172.23.0.53
|
stub-addr: 172.23.0.53
|
||||||
stub-addr: fd42:d42:d42:53::1
|
|
||||||
|
|
||||||
stub-zone:
|
stub-zone:
|
||||||
name: "22.172.in-addr.arpa"
|
name: "22.172.in-addr.arpa"
|
||||||
stub-prime: yes
|
stub-prime: yes
|
||||||
stub-addr: 172.20.0.53
|
|
||||||
stub-addr: fd42:d42:d42:54::1
|
|
||||||
stub-addr: 172.23.0.53
|
stub-addr: 172.23.0.53
|
||||||
stub-addr: fd42:d42:d42:53::1
|
|
||||||
|
|
||||||
stub-zone:
|
stub-zone:
|
||||||
name: "23.172.in-addr.arpa"
|
name: "23.172.in-addr.arpa"
|
||||||
stub-prime: yes
|
stub-prime: yes
|
||||||
stub-addr: 172.20.0.53
|
|
||||||
stub-addr: fd42:d42:d42:54::1
|
|
||||||
stub-addr: 172.23.0.53
|
stub-addr: 172.23.0.53
|
||||||
stub-addr: fd42:d42:d42:53::1
|
|
||||||
|
|
||||||
stub-zone:
|
stub-zone:
|
||||||
name: "d.f.ip6.arpa"
|
name: "d.f.ip6.arpa"
|
||||||
stub-prime: yes
|
stub-prime: yes
|
||||||
stub-addr: 172.20.0.53
|
|
||||||
stub-addr: fd42:d42:d42:54::1
|
|
||||||
stub-addr: 172.23.0.53
|
stub-addr: 172.23.0.53
|
||||||
stub-addr: fd42:d42:d42:53::1
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user