Das Netzwerk in der Riesaer Str. 32
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.

dns.nix 4.7KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171
  1. { hostName, config, lib, pkgs, self, inputs, ... }:
  2. let
  3. serial =
  4. let
  5. timestamp = toString self.lastModified;
  6. datePkg = pkgs.runCommandLocal "date-${timestamp}" {} ''
  7. date -d @${timestamp} +%Y%m%d%H > $out
  8. '';
  9. in
  10. toString (import datePkg);
  11. generateZoneFile = { name, ns, records, dynamic }:
  12. builtins.toFile "${name}.zone" ''
  13. $ORIGIN ${name}.
  14. $TTL 1h
  15. @ IN SOA ${lib.dns.ns}. astro.spaceboyz.net. (
  16. ${serial} ; serial
  17. 1h ; refresh
  18. 1m ; retry
  19. 2h ; expire
  20. 1m ; minimum
  21. )
  22. ${lib.concatMapStrings (ns: " IN NS ${ns}.\n") ns}
  23. ${lib.concatMapStrings ({ name, type, data }:
  24. "${name} IN ${type} ${data}\n"
  25. ) records}
  26. '';
  27. in
  28. {
  29. options =
  30. with lib;
  31. let
  32. recordOpts = {
  33. name = mkOption {
  34. description = "DNS label";
  35. type = types.str;
  36. };
  37. type = mkOption {
  38. type = types.enum [ "A" "AAAA" "PTR" ];
  39. };
  40. data = mkOption {
  41. type = types.str;
  42. };
  43. };
  44. zoneOpts = {
  45. name = mkOption {
  46. description = "DNS FQDN w/o trailing dot";
  47. type = types.str;
  48. };
  49. ns = mkOption {
  50. type = with types; listOf str;
  51. };
  52. records = mkOption {
  53. type = with types; listOf (submodule {
  54. options = recordOpts;
  55. });
  56. };
  57. dynamic = mkOption {
  58. type = types.bool;
  59. default = false;
  60. };
  61. };
  62. in {
  63. site.dns.localZones = mkOption {
  64. type = with types; listOf (submodule {
  65. options = zoneOpts;
  66. });
  67. };
  68. };
  69. config = {
  70. site.dns.localZones = lib.dns.localZones;
  71. services.bind = lib.mkIf config.site.hosts.${hostName}.services.dns.enable (
  72. let
  73. generateZone = zone@{ name, dynamic, ... }: {
  74. inherit name;
  75. master = true;
  76. # allowed for zone-transfer
  77. slaves = [
  78. # ns.c3d2.de
  79. "217.197.84.53" "2001:67c:1400:2240::a"
  80. # ns.spaceboyz.net
  81. "172.22.24.4" "2a01:4f9:4b:39ec::4"
  82. ];
  83. file =
  84. if dynamic
  85. then "/var/db/bind/${name}.zone"
  86. else generateZoneFile zone;
  87. extraConfig = ''
  88. also-notify {
  89. # ns.c3d2.de
  90. 217.197.84.53;
  91. 2001:67c:1400:2240::a;
  92. # ns.spaceboyz.net
  93. 95.217.229.209;
  94. 2a01:4f9:4b:39ec::4;
  95. };
  96. notify-source ${config.site.net.serv.hosts4.dns};
  97. notify-source-v6 ${config.site.net.serv.hosts6.up1.dns};
  98. '' + lib.optionalString dynamic ''
  99. allow-update { key "dyndns"; };
  100. '';
  101. };
  102. in {
  103. enable = true;
  104. zones = map generateZone config.site.dns.localZones;
  105. extraConfig = ''
  106. key "dyndns" {
  107. algorithm hmac-sha256;
  108. secret "${inputs.zentralwerk-network-key.lib.dyndnsKey}";
  109. };
  110. '';
  111. extraOptions = ''
  112. # allow underscores in dynamic hostnames
  113. ${lib.concatMapStringsSep "\n" (type: ''
  114. check-names ${type} ignore;
  115. '') [ "master" "slave" "response" ]}
  116. '';
  117. });
  118. systemd.services.create-dynamic-zones = {
  119. description = "Creates dynamic zone files";
  120. requiredBy = [ "bind.service" ];
  121. before = [ "bind.service" ];
  122. serviceConfig.Type = "oneshot";
  123. script = ''
  124. mkdir -p /var/db/bind
  125. ${lib.concatMapStringsSep "\n" (zone@{ name, ... }: ''
  126. [ -e /var/db/bind/${name}.zone ] || \
  127. cp ${generateZoneFile zone} /var/db/bind/${name}.zone
  128. chown -R named /var/db/bind
  129. chmod -R u+rwX /var/db/bind
  130. '') (
  131. builtins.filter ({ dynamic, ... }: dynamic) config.site.dns.localZones
  132. )}
  133. '';
  134. };
  135. systemd.services.update-dynamic-zones = {
  136. description = "Creates initial records in dynamic zone files";
  137. requiredBy = [ "bind.service" ];
  138. after = [ "bind.service" ];
  139. serviceConfig.Type = "oneshot";
  140. path = [ pkgs.dnsutils ];
  141. script = ''
  142. ${lib.concatMapStrings (zone: ''
  143. nsupdate -y "hmac-sha256:dyndns:${inputs.zentralwerk-network-key.lib.dyndnsKey}" <<EOF
  144. server localhost
  145. ${lib.concatMapStringsSep "\n" ({ name, type, data }: ''
  146. delete ${name}.${zone.name}. IN ${type}
  147. add ${name}.${zone.name}. 3600 IN ${type} ${data}
  148. '') zone.records}
  149. send
  150. EOF
  151. '') (
  152. builtins.filter ({ dynamic, ... }: dynamic) config.site.dns.localZones
  153. )}
  154. '';
  155. };
  156. };
  157. }