nixos-module/container/dnscache: use all the dn42 ns

nixos-module/container/dnscache: extend domain-insecure, remove all local-zone
nixos-module/container/dnscache: use data from config.site.dns.localZones
2021-05-05 23:21:33 +02:00 · 2021-05-05 23:21:12 +02:00 · 2021-05-05 23:20:39 +02:00 · 2021-05-05 23:19:41 +02:00
2 changed files with 258 additions and 222 deletions
--- a/nix/nixos-module/container/dns.nix
+++ b/nix/nixos-module/container/dns.nix
@ -1,52 +1,56 @@
 { hostName, config, lib, pkgs, self, ... }:

-lib.mkIf config.site.hosts.${hostName}.services.dns.enable {
-  services.bind =
 let
  fqdn = "${hostName}.serv.zentralwerk.org";
  # public servers (slaves)
  publicNS = [ "ns.c3d2.de" "ns.spaceboyz.net" ];
-      # allowed for zone-transfer
-      slaves = [
-        # ns.c3d2.de
-        "217.197.84.53" "2001:67c:1400:2240::a"
-        # ns.spaceboyz.net
-        "172.22.24.4" "2a01:4f9:4b:39ec::4"
-      ];
+in
+{
+  options =
+    with lib;
+    let
+      recordOpts = {
+        name = mkOption {
+          description = "DNS label";
+          type = types.str;
+        };
+        type = mkOption {
+          type = types.enum [ "A" "AAAA" "PTR" ];
+        };
+        data = mkOption {
+          type = types.str;
+        };
+      };
+
+      zoneOpts = {
+        name = mkOption {
+          description = "DNS FQDN w/o trailing dot";
+          type = types.str;
+        };
+        ns = mkOption {
+          type = with types; listOf str;
+        };
+        records = mkOption {
+          type = with types; listOf (submodule {
+            options = recordOpts;
+          });
+        };
+      };
+
+    in {
+      site.dns.localZones = mkOption {
+        type = with types; listOf (submodule {
+          options = zoneOpts;
+        });
+      };
+    };
+
+  config = {
+    site.dns.localZones =
+      let
        # ip6.arpa aggregation size in CIDR bits
        reverseZone6Size = 60;

-      serial =
-        let
-          timestamp = toString self.lastModified;
-          datePkg = pkgs.runCommandLocal "date-${timestamp}" {} ''
-            date -d @${timestamp} +%Y%m%d%H > $out
-          '';
-        in
-          toString (import datePkg);
-
-      staticZone = { name, ns, records }: {
-        inherit name;
-        master = true;
-        file = builtins.toFile "${name}.zone" ''
-          $ORIGIN ${name}.
-          $TTL 1h
-
-          @ IN SOA ${fqdn}. astro.spaceboyz.net. (
-              ${serial} ; serial
-              1h ; refresh
-              1m ; retry
-              2h ; expire
-              1m ; minimum
-            )
-          ${lib.concatMapStrings (ns: "  IN NS ${ns}.\n") ns}
-
-          ${lib.concatMapStrings ({ name, type, data }:
-            "${name} IN ${type} ${data}\n"
-          ) records}
-        '';
-      };
-
        hosts4Records = hosts4:
          builtins.attrValues (
            builtins.mapAttrs (name: addr: {
@ -168,13 +172,11 @@ lib.mkIf config.site.hosts.${hostName}.services.dns.enable {
          )
        ) reverseHosts6;

-    in {
-      enable = true;
-      zones = [ (staticZone {
+      in [ {
        name = "zentralwerk.org";
        ns = publicNS;
        records = [];
-      }) (staticZone {
+      } {
        name = "zentralwerk.dn42";
        ns = [ fqdn ];
        records = [ {
@ -182,7 +184,7 @@ lib.mkIf config.site.hosts.${hostName}.services.dns.enable {
          type = "A";
          data = config.site.net.serv.hosts4.ipa;
        } ];
-      }) (staticZone {
+      } {
        name = "dyn.zentralwerk.org";
        ns = publicNS;
        # TODO: implement dyndns
@ -195,28 +197,28 @@ lib.mkIf config.site.hosts.${hostName}.services.dns.enable {
          type = "A";
          data = "24.134.252.105";
        } ];
-      }) ] ++ builtins.concatLists (
+      } ] ++ builtins.concatLists (
        builtins.attrValues (
          builtins.mapAttrs (net: { dynamicDomain, hosts4, hosts6, ... }: [
            (if dynamicDomain
             then throw "TODO"
-             else staticZone {
+             else {
               name = "${net}.zentralwerk.dn42";
               ns = [ fqdn ];
               records =
                 hosts4Records hosts4 ++
                 lib.optionals (hosts6 ? dn42) (hosts6Records hosts6.dn42);
             })
-            (staticZone {
+            {
              name = "${net}.zentralwerk.org";
              ns = publicNS;
              records =
                lib.optionals (hosts6 ? up1) (hosts6Records hosts6.up1) ++
                lib.optionals (hosts6 ? up2) (hosts6Records hosts6.up2);
-            })
+            }
          ]) namedNets
        )
-      ) ++ map (zone: staticZone {
+      ) ++ map (zone: {
        name = zone;
        ns = [ fqdn ];
        records =
@ -232,7 +234,7 @@ lib.mkIf config.site.hosts.${hostName}.services.dns.enable {
          );
      }) reverseZones4
      ++ builtins.concatMap (ctx:
-        map (zone: staticZone {
+        map (zone: {
          name = zone;
          ns =
            if ctx == "dn42"
@ -251,7 +253,51 @@ lib.mkIf config.site.hosts.${hostName}.services.dns.enable {
            );
        }) reverseZones6.${ctx}
      ) (builtins.attrNames reverseZones6);
+
+    services.bind = lib.mkIf config.site.hosts.${hostName}.services.dns.enable (
+      let
+        serial =
+          let
+            timestamp = toString self.lastModified;
+            datePkg = pkgs.runCommandLocal "date-${timestamp}" {} ''
+            date -d @${timestamp} +%Y%m%d%H > $out
+          '';
+          in
+            toString (import datePkg);
+
+        generateZone = { name, ns, records }: {
+          inherit name;
+          master = true;
+          # allowed for zone-transfer
+          slaves = [
+            # ns.c3d2.de
+            "217.197.84.53" "2001:67c:1400:2240::a"
+            # ns.spaceboyz.net
+            "172.22.24.4" "2a01:4f9:4b:39ec::4"
+          ];
+          file = builtins.toFile "${name}.zone" ''
+            $ORIGIN ${name}.
+            $TTL 1h
+
+            @ IN SOA ${fqdn}. astro.spaceboyz.net. (
+                ${serial} ; serial
+                1h ; refresh
+                1m ; retry
+                2h ; expire
+                1m ; minimum
+            )
+            ${lib.concatMapStrings (ns: "  IN NS ${ns}.\n") ns}
+
+            ${lib.concatMapStrings ({ name, type, data }:
+              "${name} IN ${type} ${data}\n"
+            ) records}
+          '';
        };
+      in {
+        enable = true;
+        zones = map generateZone config.site.dns.localZones;
+      });

    # TODO: dyn
+  };
 }
--- a/nix/nixos-module/container/dnscache.nix
+++ b/nix/nixos-module/container/dnscache.nix
@ -39,23 +39,18 @@ lib.mkIf config.site.hosts.${hostName}.services.dnscache.enable {
        insecure-lan-zones: yes

        domain-insecure: "dn42"
-        domain-insecure: "20.172.in-addr.arpa"
-        domain-insecure: "21.172.in-addr.arpa"
-        domain-insecure: "22.172.in-addr.arpa"
-        domain-insecure: "99.22.172.in-addr.arpa"
-        domain-insecure: "23.172.in-addr.arpa"
+        domain-insecure: "10.in-addr.arpa"
+      ${lib.concatMapStrings (x:
+        "  domain-insecure: ${toString x}.172.in-addr.arpa\n"
+      ) [
+        16 17 18 19
+        20 21 22 23
+        24 25 26 27
+        28 29 30 31
+      ]}
+        domain-insecure: "168.192.in-addr.arpa"
        domain-insecure: "d.f.ip6.arpa"
        domain-insecure: "ffdd"
-        domain-insecure: "200.10.in-addr.arpa"
-        domain-insecure: "201.10.in-addr.arpa"
-        local-zone: "20.172.in-addr.arpa." nodefault
-        local-zone: "21.172.in-addr.arpa." nodefault
-        local-zone: "22.172.in-addr.arpa." nodefault
-        local-zone: "99.22.172.in-addr.arpa." nodefault
-        local-zone: "23.172.in-addr.arpa." nodefault
-        local-zone: "d.f.ip6.arpa." nodefault
-        local-zone: "200.10.in-addr.arpa." nodefault
-        local-zone: "201.10.in-addr.arpa." nodefault

      forward-zone:
        name: "."
@ -73,37 +68,14 @@ lib.mkIf config.site.hosts.${hostName}.services.dnscache.enable {

      # Local networks

+      ${lib.concatMapStrings ({ name, ... }: ''
        forward-zone:
-        name: "zentralwerk.dn42"
-        forward-host: "dns.serv.zentralwerk.org"
-
-      forward-zone:
-        name: "72.20.172.in-addr.arpa"
-        forward-host: "dns.serv.zentralwerk.org"
-
-      forward-zone:
-        name: "73.20.172.in-addr.arpa"
-        forward-host: "dns.serv.zentralwerk.org"
-
-      forward-zone:
-        name: "74.20.172.in-addr.arpa"
-        forward-host: "dns.serv.zentralwerk.org"
-
-      forward-zone:
-        name: "75.20.172.in-addr.arpa"
-        forward-host: "dns.serv.zentralwerk.org"
-
-      forward-zone:
-        name: "76.20.172.in-addr.arpa"
-        forward-host: "dns.serv.zentralwerk.org"
-
-      forward-zone:
-        name: "77.20.172.in-addr.arpa"
-        forward-host: "dns.serv.zentralwerk.org"
-
-      forward-zone:
-        name: "0.0.5.0.2.d.3.c.4.2.0.0.3.2.d.f.ip6.arpa"
-        forward-host: "dns.serv.zentralwerk.org"
+          name: "${name}"
+          forward-host: "${config.site.net.serv.hosts4.dns}"
+        ${lib.concatMapStrings (hosts6:
+          "  forward-host: ${hosts6.dns}\n"
+        ) (builtins.attrValues config.site.net.serv.hosts6)}
+      '') config.site.dns.localZones}

      # C3D2 reverse

@ -133,32 +105,50 @@ lib.mkIf config.site.hosts.${hostName}.services.dnscache.enable {
      stub-zone:
        name: "dn42"
        stub-prime: yes
+        stub-addr: 172.20.0.53
+        stub-addr: fd42:d42:d42:54::1
        stub-addr: 172.23.0.53
+        stub-addr: fd42:d42:d42:53::1

      stub-zone:
        name: "20.172.in-addr.arpa"
        stub-prime: yes
+        stub-addr: 172.20.0.53
+        stub-addr: fd42:d42:d42:54::1
        stub-addr: 172.23.0.53
+        stub-addr: fd42:d42:d42:53::1

      stub-zone:
        name: "21.172.in-addr.arpa"
        stub-prime: yes
+        stub-addr: 172.20.0.53
+        stub-addr: fd42:d42:d42:54::1
        stub-addr: 172.23.0.53
+        stub-addr: fd42:d42:d42:53::1

      stub-zone:
        name: "22.172.in-addr.arpa"
        stub-prime: yes
+        stub-addr: 172.20.0.53
+        stub-addr: fd42:d42:d42:54::1
        stub-addr: 172.23.0.53
+        stub-addr: fd42:d42:d42:53::1

      stub-zone:
        name: "23.172.in-addr.arpa"
        stub-prime: yes
+        stub-addr: 172.20.0.53
+        stub-addr: fd42:d42:d42:54::1
        stub-addr: 172.23.0.53
+        stub-addr: fd42:d42:d42:53::1

      stub-zone:
        name: "d.f.ip6.arpa"
        stub-prime: yes
+        stub-addr: 172.20.0.53
+        stub-addr: fd42:d42:d42:54::1
        stub-addr: 172.23.0.53
+        stub-addr: fd42:d42:d42:53::1
    '';
  };
 }
Author	SHA1	Message	Date
Astro	1eeb24a2e2	nixos-module/container/dnscache: use all the dn42 ns	2021-05-05 23:21:33 +02:00
Astro	911cd33a1c	nixos-module/container/dnscache: extend domain-insecure, remove all local-zone	2021-05-05 23:21:12 +02:00
Astro	a45fb3c484	nixos-module/container/dnscache: use data from config.site.dns.localZones	2021-05-05 23:20:39 +02:00
Astro	b800691dad	nixos-module/container/dns: factor zones out into config.site.dns.localZones	2021-05-05 23:19:41 +02:00