From 126db6e3cbf3d7021adeb62d40fd768e39db30fa Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 21 May 2023 19:38:13 +0100 Subject: [PATCH] dns: now have a proper primary and secondary --- applications/dns.nix | 134 +++++++++++++++++++++++++++--------------- machines/vendetta.nix | 4 ++ machines/vigil.nix | 1 + 3 files changed, 92 insertions(+), 47 deletions(-) diff --git a/applications/dns.nix b/applications/dns.nix index 05308c6..fdb7f8c 100644 --- a/applications/dns.nix +++ b/applications/dns.nix @@ -5,8 +5,6 @@ let # reads that date to a string (will need to be fixed in 2038) current_date = toString builtins.currentTime; - - get_config_file = (domain: '' $TTL 60 ; 1 minute @@ -98,6 +96,30 @@ let '' ); + # arrys of teh two nameservers + tmp1 = ["193.1.99.109"]; + tmp2 = ["193.1.99.120"]; + + primaries = (if cfg.primary then + # primary servers have no primaries (ones they listen to) + [] + else + if builtins.elem cfg.own.ip tmp1 then + tmp2 + else + tmp1 + ); + + secondaries = (if cfg.primary then + if builtins.elem cfg.own.ip tmp1 then + tmp2 + else + tmp1 + else + [] + ); + + in { options = { skynet_dns = { @@ -108,7 +130,20 @@ in { type = lib.types.bool; }; + primary = lib.mkOption { + type = lib.types.bool; + default = false; + }; + own = { + ip = lib.mkOption { + default = "ns1"; + type = lib.types.str; + description = '' + ip of this server + ''; + }; + nameserver = lib.mkOption { default = "ns1"; type = lib.types.str; @@ -310,27 +345,7 @@ in { */ "skynet.ie" = { - extraConfig = '' - allow-update { key rfc2136key.skynet.ie.; }; - - //dnssec-policy default; - //inline-signing yes; - - // for bumping the config - // ${current_date} - ''; - # really wish teh nixos config didnt use master/slave - master = true; - slaves = [ ]; - # need to write this to a file - # using the date in it so it will trigger a restart - file = "/etc/dns_custom/dns_zone_skynet"; - # no leading whitespace for first line - - }; - - "csn.ul.ie" = { - extraConfig = '' + extraConfig = if cfg.primary then '' allow-update { key rfc2136key.skynet.ie.; }; dnssec-policy default; @@ -338,13 +353,35 @@ in { // for bumping the config // ${current_date} - ''; + '' else ""; # really wish teh nixos config didnt use master/slave - master = true; - slaves = [ ]; + master = cfg.primary; + masters = primaries; + slaves = secondaries; # need to write this to a file # using the date in it so it will trigger a restart - file = "/etc/dns_custom/dns_zone_csn"; + file = "/etc/dns_custom/dns_zone_skynet.ie"; + # no leading whitespace for first line + + }; + + "csn.ul.ie" = { + extraConfig = if cfg.primary then '' + allow-update { key rfc2136key.skynet.ie.; }; + + dnssec-policy default; + inline-signing yes; + + // for bumping the config + // ${current_date} + '' else ""; + # really wish teh nixos config didnt use master/slave + master = cfg.primary; + masters = primaries; + slaves = secondaries; + # need to write this to a file + # using the date in it so it will trigger a restart + file = "/etc/dns_custom/dns_zone_csn.ul.ie"; # no leading whitespace for first line }; @@ -360,28 +397,30 @@ in { // ${current_date} ''; # really wish teh nixos config didnt use master/slave - master = true; - slaves = [ ]; + master = cfg.primary; + masters = primaries; + slaves = secondaries; # need to write this to a file # using the date in it so it will trigger a restart - file = "/etc/dns_custom/dns_zone_reverse"; + file = "/etc/dns_custom/dns_zone_99.1.193.in-addr.arpa"; # no leading whitespace for first line }; "conradcollins.net" = { - extraConfig = '' - //allow-update { key rfc2136key.skynet.ie.; }; + extraConfig = if cfg.primary then '' + allow-update { key rfc2136key.skynet.ie.; }; - //dnssec-policy default; - //nline-signing yes; + dnssec-policy default; + inline-signing yes; // for bumping the config // ${current_date} - ''; + '' else ""; # really wish teh nixos config didnt use master/slave - master = true; - slaves = [ ]; + master = cfg.primary; + masters = primaries; + slaves = secondaries; # need to write this to a file # using the date in it so it will trigger a restart file = "/etc/dns_custom/dns_zone_conradcollins.net"; @@ -390,18 +429,19 @@ in { }; "edelharty.net" = { - extraConfig = '' - //allow-update { key rfc2136key.skynet.ie.; }; + extraConfig = if cfg.primary then '' + allow-update { key rfc2136key.skynet.ie.; }; - //dnssec-policy default; - //inline-signing yes; + dnssec-policy default; + inline-signing yes; // for bumping the config // ${current_date} - ''; + '' else ""; # really wish teh nixos config didnt use master/slave - master = true; - slaves = [ ]; + master = cfg.primary; + masters = primaries; + slaves = secondaries; # need to write this to a file # using the date in it so it will trigger a restart file = "/etc/dns_custom/dns_zone_edelharty.net"; @@ -421,7 +461,7 @@ in { environment.etc = { # Creates /etc/dns_custom/dns_zone_skynet - "dns_custom/dns_zone_skynet" = { + "dns_custom/dns_zone_skynet.ie" = { user = "named"; group = "named"; @@ -431,7 +471,7 @@ in { text = get_config_file "skynet.ie"; }; - "dns_custom/dns_zone_csn" = { + "dns_custom/dns_zone_csn.ul.ie" = { user = "named"; group = "named"; @@ -441,7 +481,7 @@ in { text = get_config_file "csn.ul.ie"; }; - "dns_custom/dns_zone_reverse" = { + "dns_custom/dns_zone_99.1.193.in-addr.arpa" = { user = "named"; group = "named"; diff --git a/machines/vendetta.nix b/machines/vendetta.nix index f4d854d..5b597a9 100644 --- a/machines/vendetta.nix +++ b/machines/vendetta.nix @@ -61,9 +61,13 @@ in { skynet_dns = { enable = true; + # primary dns server + primary = true; + # this server will have to have dns records own = { nameserver = ns; + ip = ip_pub; external = [ "${name} A ${ip_pub}" "${ns} A ${ip_pub}" diff --git a/machines/vigil.nix b/machines/vigil.nix index f23d92c..593399e 100644 --- a/machines/vigil.nix +++ b/machines/vigil.nix @@ -46,6 +46,7 @@ in { # this server will have to have dns records own = { nameserver = ns; + ip = ip_pub; external = [ "${name} A ${ip_pub}" "${ns} A ${ip_pub}"