Das Netzwerk in der Riesaer Str. 32
Nelze vybrat více než 25 témat Téma musí začínat písmenem nebo číslem, může obsahovat pomlčky („-“) a může být dlouhé až 35 znaků.

dns.nix 4.7KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171
  1. { hostName, config, lib, pkgs, self, inputs, ... }:
  2. let
  3. serial =
  4. let
  5. timestamp = toString self.lastModified;
  6. datePkg = pkgs.runCommandLocal "date-${timestamp}" {} ''
  7. date -d @${timestamp} +%Y%m%d%H > $out
  8. '';
  9. in
  10. toString (import datePkg);
  11. generateZoneFile = { name, ns, records, dynamic }:
  12. builtins.toFile "${name}.zone" ''
  13. $ORIGIN ${name}.
  14. $TTL 1h
  15. @ IN SOA ${lib.dns.ns}. astro.spaceboyz.net. (
  16. ${serial} ; serial
  17. 1h ; refresh
  18. 1m ; retry
  19. 2h ; expire
  20. 1m ; minimum
  21. )
  22. ${lib.concatMapStrings (ns: " IN NS ${ns}.\n") ns}
  23. ${lib.concatMapStrings ({ name, type, data }:
  24. "${name} IN ${type} ${data}\n"
  25. ) records}
  26. '';
  27. in
  28. {
  29. options =
  30. with lib;
  31. let
  32. recordOpts = {
  33. name = mkOption {
  34. description = "DNS label";
  35. type = types.str;
  36. };
  37. type = mkOption {
  38. type = types.enum [ "A" "AAAA" "PTR" ];
  39. };
  40. data = mkOption {
  41. type = types.str;
  42. };
  43. };
  44. zoneOpts = {
  45. name = mkOption {
  46. description = "DNS FQDN w/o trailing dot";
  47. type = types.str;
  48. };
  49. ns = mkOption {
  50. type = with types; listOf str;
  51. };
  52. records = mkOption {
  53. type = with types; listOf (submodule {
  54. options = recordOpts;
  55. });
  56. };
  57. dynamic = mkOption {
  58. type = types.bool;
  59. default = false;
  60. };
  61. };
  62. in {
  63. site.dns.localZones = mkOption {
  64. type = with types; listOf (submodule {
  65. options = zoneOpts;
  66. });
  67. };
  68. };
  69. config = {
  70. site.dns.localZones = lib.dns.localZones;
  71. services.bind = lib.mkIf config.site.hosts.${hostName}.services.dns.enable (
  72. let
  73. generateZone = zone@{ name, dynamic, ... }: {
  74. inherit name;
  75. master = true;
  76. # allowed for zone-transfer
  77. slaves = [
  78. # ns.c3d2.de
  79. "217.197.84.53" "2001:67c:1400:2240::a"
  80. # ns.spaceboyz.net
  81. "172.22.24.4" "2a01:4f9:4b:39ec::4"
  82. ];
  83. file =
  84. if dynamic
  85. then "/var/db/bind/${name}.zone"
  86. else generateZoneFile zone;
  87. extraConfig = ''
  88. also-notify {
  89. # ns.c3d2.de
  90. 217.197.84.53;
  91. 2001:67c:1400:2240::a;
  92. # ns.spaceboyz.net
  93. 95.217.229.209;
  94. 2a01:4f9:4b:39ec::4;
  95. };
  96. notify-source ${config.site.net.serv.hosts4.dns};
  97. notify-source-v6 ${config.site.net.serv.hosts6.up1.dns};
  98. '' + lib.optionalString dynamic ''
  99. allow-update { key "dyndns"; };
  100. '';
  101. };
  102. in {
  103. enable = true;
  104. zones = map generateZone config.site.dns.localZones;
  105. extraConfig = ''
  106. key "dyndns" {
  107. algorithm hmac-sha256;
  108. secret "${inputs.zentralwerk-network-key.lib.dyndnsKey}";
  109. };
  110. '';
  111. extraOptions = ''
  112. # allow underscores in dynamic hostnames
  113. ${lib.concatMapStringsSep "\n" (type: ''
  114. check-names ${type} ignore;
  115. '') [ "master" "slave" "response" ]}
  116. '';
  117. });
  118. systemd.services.create-dynamic-zones = {
  119. description = "Creates dynamic zone files";
  120. requiredBy = [ "bind.service" ];
  121. before = [ "bind.service" ];
  122. serviceConfig.Type = "oneshot";
  123. script = ''
  124. mkdir -p /var/db/bind
  125. ${lib.concatMapStringsSep "\n" (zone@{ name, ... }: ''
  126. [ -e /var/db/bind/${name}.zone ] || \
  127. cp ${generateZoneFile zone} /var/db/bind/${name}.zone
  128. chown -R named /var/db/bind
  129. chmod -R u+rwX /var/db/bind
  130. '') (
  131. builtins.filter ({ dynamic, ... }: dynamic) config.site.dns.localZones
  132. )}
  133. '';
  134. };
  135. systemd.services.update-dynamic-zones = {
  136. description = "Creates initial records in dynamic zone files";
  137. requiredBy = [ "bind.service" ];
  138. after = [ "bind.service" ];
  139. serviceConfig.Type = "oneshot";
  140. path = [ pkgs.dnsutils ];
  141. script = ''
  142. ${lib.concatMapStrings (zone: ''
  143. nsupdate -y "hmac-sha256:dyndns:${inputs.zentralwerk-network-key.lib.dyndnsKey}" <<EOF
  144. server localhost
  145. ${lib.concatMapStringsSep "\n" ({ name, type, data }: ''
  146. delete ${name}.${zone.name}. IN ${type}
  147. add ${name}.${zone.name}. 3600 IN ${type} ${data}
  148. '') zone.records}
  149. send
  150. EOF
  151. '') (
  152. builtins.filter ({ dynamic, ... }: dynamic) config.site.dns.localZones
  153. )}
  154. '';
  155. };
  156. };
  157. }