Skynet/nixos
6
1
Fork 0
Code Issues 43 Pull requests 1 Projects Releases Packages Wiki Activity Actions

dns: now have a proper primary and secondary

Browse source
This commit is contained in:
silver 2023-05-21 19:38:13 +01:00
parent 1e9b63e13d
commit 126db6e3cb
3 changed files with 92 additions and 47 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

134
applications/dns.nix
View file

@ -5,8 +5,6 @@ let
# reads that date to a string (will need to be fixed in 2038) # reads that date to a string (will need to be fixed in 2038)
current_date = toString builtins.currentTime; current_date = toString builtins.currentTime;
get_config_file = (domain: get_config_file = (domain:
'' ''
$TTL 60 ; 1 minute $TTL 60 ; 1 minute
@ -98,6 +96,30 @@ let
'' ''
); );
# arrys of teh two nameservers
tmp1 = ["193.1.99.109"];
tmp2 = ["193.1.99.120"];
primaries = (if cfg.primary then
# primary servers have no primaries (ones they listen to)
[]
else
if builtins.elem cfg.own.ip tmp1 then
tmp2
else
tmp1
);
secondaries = (if cfg.primary then
if builtins.elem cfg.own.ip tmp1 then
tmp2
else
tmp1
else
[]
);
in { in {
options = { options = {
skynet_dns = { skynet_dns = {
@ -108,7 +130,20 @@ in {
type = lib.types.bool; type = lib.types.bool;
}; };
primary = lib.mkOption {
type = lib.types.bool;
default = false;
};
own = { own = {
ip = lib.mkOption {
default = "ns1";
type = lib.types.str;
description = ''
ip of this server
'';
};
nameserver = lib.mkOption { nameserver = lib.mkOption {
default = "ns1"; default = "ns1";
type = lib.types.str; type = lib.types.str;
@ -310,27 +345,7 @@ in {
*/ */
"skynet.ie" = { "skynet.ie" = {
extraConfig = '' extraConfig = if cfg.primary then ''
allow-update { key rfc2136key.skynet.ie.; };
//dnssec-policy default;
//inline-signing yes;
// for bumping the config
// ${current_date}
'';
# really wish teh nixos config didnt use master/slave
master = true;
slaves = [ ];
# need to write this to a file
# using the date in it so it will trigger a restart
file = "/etc/dns_custom/dns_zone_skynet";
# no leading whitespace for first line
};
"csn.ul.ie" = {
extraConfig = ''
allow-update { key rfc2136key.skynet.ie.; }; allow-update { key rfc2136key.skynet.ie.; };
dnssec-policy default; dnssec-policy default;
@ -338,13 +353,35 @@ in {
// for bumping the config // for bumping the config
// ${current_date} // ${current_date}
''; '' else "";
# really wish teh nixos config didnt use master/slave # really wish teh nixos config didnt use master/slave
master = true; master = cfg.primary;
slaves = [ ]; masters = primaries;
slaves = secondaries;
# need to write this to a file # need to write this to a file
# using the date in it so it will trigger a restart # using the date in it so it will trigger a restart
file = "/etc/dns_custom/dns_zone_csn"; file = "/etc/dns_custom/dns_zone_skynet.ie";
# no leading whitespace for first line
};
"csn.ul.ie" = {
extraConfig = if cfg.primary then ''
allow-update { key rfc2136key.skynet.ie.; };
dnssec-policy default;
inline-signing yes;
// for bumping the config
// ${current_date}
'' else "";
# really wish teh nixos config didnt use master/slave
master = cfg.primary;
masters = primaries;
slaves = secondaries;
# need to write this to a file
# using the date in it so it will trigger a restart
file = "/etc/dns_custom/dns_zone_csn.ul.ie";
# no leading whitespace for first line # no leading whitespace for first line
}; };
@ -360,28 +397,30 @@ in {
// ${current_date} // ${current_date}
''; '';
# really wish teh nixos config didnt use master/slave # really wish teh nixos config didnt use master/slave
master = true; master = cfg.primary;
slaves = [ ]; masters = primaries;
slaves = secondaries;
# need to write this to a file # need to write this to a file
# using the date in it so it will trigger a restart # using the date in it so it will trigger a restart
file = "/etc/dns_custom/dns_zone_reverse"; file = "/etc/dns_custom/dns_zone_99.1.193.in-addr.arpa";
# no leading whitespace for first line # no leading whitespace for first line
}; };
"conradcollins.net" = { "conradcollins.net" = {
extraConfig = '' extraConfig = if cfg.primary then ''
//allow-update { key rfc2136key.skynet.ie.; }; allow-update { key rfc2136key.skynet.ie.; };
//dnssec-policy default; dnssec-policy default;
//nline-signing yes; inline-signing yes;
// for bumping the config // for bumping the config
// ${current_date} // ${current_date}
''; '' else "";
# really wish teh nixos config didnt use master/slave # really wish teh nixos config didnt use master/slave
master = true; master = cfg.primary;
slaves = [ ]; masters = primaries;
slaves = secondaries;
# need to write this to a file # need to write this to a file
# using the date in it so it will trigger a restart # using the date in it so it will trigger a restart
file = "/etc/dns_custom/dns_zone_conradcollins.net"; file = "/etc/dns_custom/dns_zone_conradcollins.net";
@ -390,18 +429,19 @@ in {
}; };
"edelharty.net" = { "edelharty.net" = {
extraConfig = '' extraConfig = if cfg.primary then ''
//allow-update { key rfc2136key.skynet.ie.; }; allow-update { key rfc2136key.skynet.ie.; };
//dnssec-policy default; dnssec-policy default;
//inline-signing yes; inline-signing yes;
// for bumping the config // for bumping the config
// ${current_date} // ${current_date}
''; '' else "";
# really wish teh nixos config didnt use master/slave # really wish teh nixos config didnt use master/slave
master = true; master = cfg.primary;
slaves = [ ]; masters = primaries;
slaves = secondaries;
# need to write this to a file # need to write this to a file
# using the date in it so it will trigger a restart # using the date in it so it will trigger a restart
file = "/etc/dns_custom/dns_zone_edelharty.net"; file = "/etc/dns_custom/dns_zone_edelharty.net";
@ -421,7 +461,7 @@ in {
environment.etc = { environment.etc = {
# Creates /etc/dns_custom/dns_zone_skynet # Creates /etc/dns_custom/dns_zone_skynet
"dns_custom/dns_zone_skynet" = { "dns_custom/dns_zone_skynet.ie" = {
user = "named"; user = "named";
group = "named"; group = "named";
@ -431,7 +471,7 @@ in {
text = get_config_file "skynet.ie"; text = get_config_file "skynet.ie";
}; };
"dns_custom/dns_zone_csn" = { "dns_custom/dns_zone_csn.ul.ie" = {
user = "named"; user = "named";
group = "named"; group = "named";
@ -441,7 +481,7 @@ in {
text = get_config_file "csn.ul.ie"; text = get_config_file "csn.ul.ie";
}; };
"dns_custom/dns_zone_reverse" = { "dns_custom/dns_zone_99.1.193.in-addr.arpa" = {
user = "named"; user = "named";
group = "named"; group = "named";

4
machines/vendetta.nix
View file

@ -61,9 +61,13 @@ in {
skynet_dns = { skynet_dns = {
enable = true; enable = true;
# primary dns server
primary = true;
# this server will have to have dns records # this server will have to have dns records
own = { own = {
nameserver = ns; nameserver = ns;
ip = ip_pub;
external = [ external = [
"${name} A ${ip_pub}" "${name} A ${ip_pub}"
"${ns} A ${ip_pub}" "${ns} A ${ip_pub}"

1
machines/vigil.nix
View file

@ -46,6 +46,7 @@ in {
# this server will have to have dns records # this server will have to have dns records
own = { own = {
nameserver = ns; nameserver = ns;
ip = ip_pub;
external = [ external = [
"${name} A ${ip_pub}" "${name} A ${ip_pub}"
"${ns} A ${ip_pub}" "${ns} A ${ip_pub}"