From 1e9b63e13d056d4726e8f5995e4994cd6ba6e32b Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 21 May 2023 19:06:30 +0100 Subject: [PATCH] dns: added more otehr domains, will tidy up config better later --- applications/dns.nix | 155 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 152 insertions(+), 3 deletions(-) diff --git a/applications/dns.nix b/applications/dns.nix index 1fff9f2..05308c6 100644 --- a/applications/dns.nix +++ b/applications/dns.nix @@ -23,7 +23,7 @@ let @ NS ns1.${domain}. @ NS ns2.${domain}. ; @ stands for teh root domain so teh A record below is where ${domain} points to - @ A 193.1.99.76 + ;@ A 193.1.99.76 ;@ MX 5 ${domain}. ; can have multiple mailserves @@ -56,6 +56,48 @@ let '' ); + + # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/4/html/reference_guide/s2-bind-configuration-zone-reverse + get_config_file_rev = (domain: + '' + $ORIGIN 99.1.193.in-addr.arpa. + $TTL 60 ; 1 minute + ; hostmaster@${domain} is an email address that recieves stuff related to dns + @ IN SOA ${cfg.own.nameserver}.${domain}. hostmaster.${domain}. ( + ; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated + ${current_date} + 600 ; Refresh (10 minutes) + 300 ; Retry (5 minutes) + 604800 ; Expire (1 week) + 3600 ; Minimum (1 hour) + ) + + @ NS ns1.${domain}. + @ NS ns2.${domain}. + + ${lib.strings.concatMapStrings (x: x + "." + domain + ".\n") cfg.records.reverse} + '' + ); + + get_config_file_old_domains = (domain: + '' + $TTL 60 ; 1 minute + ; hostmaster@skynet.ie is an email address that recieves stuff related to dns + @ IN SOA ${cfg.own.nameserver}.skynet.ie. hostmaster.skynet.ie. ( + ; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated + ${current_date} + 600 ; Refresh (10 minutes) + 300 ; Retry (5 minutes) + 604800 ; Expire (1 week) + 3600 ; Minimum (1 hour) + ) + + @ NS ns1.skynet.ie. + @ NS ns2.skynet.ie. + + '' + ); + in { options = { skynet_dns = { @@ -90,6 +132,14 @@ in { External records like: ns1 CNAME ns1 ''; }; + + reverse = lib.mkOption { + default = [ ]; + type = lib.types.listOf lib.types.str; + description = '' + External records like: 20 IN PTR vigil + ''; + }; }; @@ -109,6 +159,14 @@ in { External records like: ns1 CNAME ns1 ''; }; + + reverse = lib.mkOption { + default = [ ]; + type = lib.types.listOf lib.types.str; + description = '' + External records like: 20 IN PTR vigil + ''; + }; }; }; @@ -255,8 +313,8 @@ in { extraConfig = '' allow-update { key rfc2136key.skynet.ie.; }; - dnssec-policy default; - inline-signing yes; + //dnssec-policy default; + //inline-signing yes; // for bumping the config // ${current_date} @@ -290,6 +348,67 @@ in { # no leading whitespace for first line }; + + "99.1.193.in-addr.arpa"= { + extraConfig = '' + //allow-update { key rfc2136key.skynet.ie.; }; + + //dnssec-policy default; + //inline-signing yes; + + // for bumping the config + // ${current_date} + ''; + # really wish teh nixos config didnt use master/slave + master = true; + slaves = [ ]; + # need to write this to a file + # using the date in it so it will trigger a restart + file = "/etc/dns_custom/dns_zone_reverse"; + # no leading whitespace for first line + + }; + + "conradcollins.net" = { + extraConfig = '' + //allow-update { key rfc2136key.skynet.ie.; }; + + //dnssec-policy default; + //nline-signing yes; + + // for bumping the config + // ${current_date} + ''; + # really wish teh nixos config didnt use master/slave + master = true; + slaves = [ ]; + # need to write this to a file + # using the date in it so it will trigger a restart + file = "/etc/dns_custom/dns_zone_conradcollins.net"; + # no leading whitespace for first line + + }; + + "edelharty.net" = { + extraConfig = '' + //allow-update { key rfc2136key.skynet.ie.; }; + + //dnssec-policy default; + //inline-signing yes; + + // for bumping the config + // ${current_date} + ''; + # really wish teh nixos config didnt use master/slave + master = true; + slaves = [ ]; + # need to write this to a file + # using the date in it so it will trigger a restart + file = "/etc/dns_custom/dns_zone_edelharty.net"; + # no leading whitespace for first line + + }; + }; }; @@ -321,6 +440,36 @@ in { text = get_config_file "csn.ul.ie"; }; + + "dns_custom/dns_zone_reverse" = { + user = "named"; + group = "named"; + + # The UNIX file mode bits + mode = "0644"; + + text = get_config_file_rev "skynet.ie"; + }; + + "dns_custom/dns_zone_conradcollins.net" = { + user = "named"; + group = "named"; + + # The UNIX file mode bits + mode = "0644"; + + text = get_config_file_old_domains "conradcollins.net"; + }; + + "dns_custom/dns_zone_edelharty.net" = { + user = "named"; + group = "named"; + + # The UNIX file mode bits + mode = "0644"; + + text = get_config_file_old_domains "edelharty.net"; + }; }; }; } \ No newline at end of file