Skynet/nixos
6
1
Fork 0
Code Issues 43 Pull requests 1 Projects Releases Packages Wiki Activity Actions

dns: now have a proper primary and secondary

Browse source
This commit is contained in:
silver 2023-05-21 19:38:13 +01:00
parent 1e9b63e13d
commit 126db6e3cb
3 changed files with 92 additions and 47 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

134
applications/dns.nix
View file

@ -5,8 +5,6 @@ let
# reads that date to a string (will need to be fixed in 2038)
current_date = toString builtins.currentTime;
get_config_file = (domain:
''
$TTL 60 ; 1 minute
@ -98,6 +96,30 @@ let
''
);
# arrys of teh two nameservers
tmp1 = ["193.1.99.109"];
tmp2 = ["193.1.99.120"];
primaries = (if cfg.primary then
# primary servers have no primaries (ones they listen to)
[]
else
if builtins.elem cfg.own.ip tmp1 then
tmp2
else
tmp1
);
secondaries = (if cfg.primary then
if builtins.elem cfg.own.ip tmp1 then
tmp2
else
tmp1
else
[]
);
in {
options = {
skynet_dns = {
@ -108,7 +130,20 @@ in {
type = lib.types.bool;
};
primary = lib.mkOption {
type = lib.types.bool;
default = false;
};
own = {
ip = lib.mkOption {
default = "ns1";
type = lib.types.str;
description = ''
ip of this server
'';
};
nameserver = lib.mkOption {
default = "ns1";
type = lib.types.str;
@ -310,27 +345,7 @@ in {
*/
"skynet.ie" = {
extraConfig = ''
allow-update { key rfc2136key.skynet.ie.; };
//dnssec-policy default;
//inline-signing yes;
// for bumping the config
// ${current_date}
'';
# really wish teh nixos config didnt use master/slave
master = true;
slaves = [ ];
# need to write this to a file
# using the date in it so it will trigger a restart
file = "/etc/dns_custom/dns_zone_skynet";
# no leading whitespace for first line
};
"csn.ul.ie" = {
extraConfig = ''
extraConfig = if cfg.primary then ''
allow-update { key rfc2136key.skynet.ie.; };
dnssec-policy default;
@ -338,13 +353,35 @@ in {
// for bumping the config
// ${current_date}
'';
'' else "";
# really wish teh nixos config didnt use master/slave
master = true;
slaves = [ ];
master = cfg.primary;
masters = primaries;
slaves = secondaries;
# need to write this to a file
# using the date in it so it will trigger a restart
file = "/etc/dns_custom/dns_zone_csn";
file = "/etc/dns_custom/dns_zone_skynet.ie";
# no leading whitespace for first line
};
"csn.ul.ie" = {
extraConfig = if cfg.primary then ''
allow-update { key rfc2136key.skynet.ie.; };
dnssec-policy default;
inline-signing yes;
// for bumping the config
// ${current_date}
'' else "";
# really wish teh nixos config didnt use master/slave
master = cfg.primary;
masters = primaries;
slaves = secondaries;
# need to write this to a file
# using the date in it so it will trigger a restart
file = "/etc/dns_custom/dns_zone_csn.ul.ie";
# no leading whitespace for first line
};
@ -360,28 +397,30 @@ in {
// ${current_date}
'';
# really wish teh nixos config didnt use master/slave
master = true;
slaves = [ ];
master = cfg.primary;
masters = primaries;
slaves = secondaries;
# need to write this to a file
# using the date in it so it will trigger a restart
file = "/etc/dns_custom/dns_zone_reverse";
file = "/etc/dns_custom/dns_zone_99.1.193.in-addr.arpa";
# no leading whitespace for first line
};
"conradcollins.net" = {
extraConfig = ''
//allow-update { key rfc2136key.skynet.ie.; };
extraConfig = if cfg.primary then ''
allow-update { key rfc2136key.skynet.ie.; };
//dnssec-policy default;
//nline-signing yes;
dnssec-policy default;
inline-signing yes;
// for bumping the config
// ${current_date}
'';
'' else "";
# really wish teh nixos config didnt use master/slave
master = true;
slaves = [ ];
master = cfg.primary;
masters = primaries;
slaves = secondaries;
# need to write this to a file
# using the date in it so it will trigger a restart
file = "/etc/dns_custom/dns_zone_conradcollins.net";
@ -390,18 +429,19 @@ in {
};
"edelharty.net" = {
extraConfig = ''
//allow-update { key rfc2136key.skynet.ie.; };
extraConfig = if cfg.primary then ''
allow-update { key rfc2136key.skynet.ie.; };
//dnssec-policy default;
//inline-signing yes;
dnssec-policy default;
inline-signing yes;
// for bumping the config
// ${current_date}
'';
'' else "";
# really wish teh nixos config didnt use master/slave
master = true;
slaves = [ ];
master = cfg.primary;
masters = primaries;
slaves = secondaries;
# need to write this to a file
# using the date in it so it will trigger a restart
file = "/etc/dns_custom/dns_zone_edelharty.net";
@ -421,7 +461,7 @@ in {
environment.etc = {
# Creates /etc/dns_custom/dns_zone_skynet
"dns_custom/dns_zone_skynet" = {
"dns_custom/dns_zone_skynet.ie" = {
user = "named";
group = "named";
@ -431,7 +471,7 @@ in {
text = get_config_file "skynet.ie";
};
"dns_custom/dns_zone_csn" = {
"dns_custom/dns_zone_csn.ul.ie" = {
user = "named";
group = "named";
@ -441,7 +481,7 @@ in {
text = get_config_file "csn.ul.ie";
};
"dns_custom/dns_zone_reverse" = {
"dns_custom/dns_zone_99.1.193.in-addr.arpa" = {
user = "named";
group = "named";

4
machines/vendetta.nix
View file

@ -61,9 +61,13 @@ in {
skynet_dns = {
enable = true;
# primary dns server
primary = true;
# this server will have to have dns records
own = {
nameserver = ns;
ip = ip_pub;
external = [
"${name} A ${ip_pub}"
"${ns} A ${ip_pub}"

1
machines/vigil.nix
View file

@ -46,6 +46,7 @@ in {
# this server will have to have dns records
own = {
nameserver = ns;
ip = ip_pub;
external = [
"${name} A ${ip_pub}"
"${ns} A ${ip_pub}"