From 654d45a842eb4f900a6b27db771ab1ba930f471e Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Wed, 18 Jan 2023 02:32:01 +0000 Subject: [PATCH] feat: can now handle two (or more) nameservers --- applications/dns.nix | 29 ++++++++++++++- flake.nix | 20 +++++++--- machines/vendetta.nix | 44 +++++++++++----------- machines/vigil.nix | 85 +++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 150 insertions(+), 28 deletions(-) create mode 100644 machines/vigil.nix diff --git a/applications/dns.nix b/applications/dns.nix index 49cd790..770b99f 100644 --- a/applications/dns.nix +++ b/applications/dns.nix @@ -11,6 +11,33 @@ in { type = lib.types.bool; }; + own = { + nameserver = lib.mkOption { + default = "ns1"; + type = lib.types.str; + description = '' + the hostname of this nameserver, eg ns1, ns2 + ''; + }; + + external = lib.mkOption { + default = [ ]; + type = lib.types.listOf lib.types.str; + description = '' + External records like: agentjones A 193.1.99.72 + ''; + }; + + cname = lib.mkOption { + default = [ ]; + type = lib.types.listOf lib.types.str; + description = '' + External records like: ns1 CNAME ns1 + ''; + }; + }; + + records = { external = lib.mkOption { default = [ ]; @@ -69,7 +96,7 @@ in { '' $TTL 60 ; 1 minute ; hostmaster@skynet.ie is an email address that recieves stuff related to dns - @ IN SOA ns1.skynet.ie. hostmaster.skynet.ie. ( + @ IN SOA ${cfg.own.nameserver}.skynet.ie. hostmaster.skynet.ie. ( 2023011701 ; Serial (YYYYMMDDCC) 600 ; Refresh (10 minutes) 300 ; Retry (5 minutes) diff --git a/flake.nix b/flake.nix index bfac683..d7e4a69 100644 --- a/flake.nix +++ b/flake.nix @@ -31,9 +31,6 @@ ]; }; - # firewall machiene - #agentjones = import ./machines/agentjones.nix; - /* TODO: vm host jarvis.skynet.ie @@ -52,10 +49,18 @@ 22, 53 (UDP) 53 (UDP) + vigil.skynet.ie + ns2.skynet.ie + 193.1.99.121 + 172.20.20.4 + Ports + 22, 53 (UDP) + 53 (UDP) + Wireguard ash.skynet.ie Ash is a robot spy from Alien https://en.wikipedia.org/wiki/Ash_(Alien) we need someone to get us into teh network 193.1.99.75 - 172.20.20.4 + 172.20.205.5 Ports 22, 51820 (UDP) 51820 (UDP) @@ -63,7 +68,7 @@ Icecase stream.skynet.ie 193.1.99.111 - 172.20.20.5 + 172.20.20.6 Ports 22, 80, 443, 8000 80, 443, 8000 @@ -71,7 +76,7 @@ Minecraft minecraft.games.skynet.ie 193.1.99.112 - 172.20.20.6 + 172.20.20.7 Ports 22, 80, 443, 25564, 25565, 25575 80, 443, 25564, 25565, 25575 @@ -84,6 +89,9 @@ # ns1 vendetta = import ./machines/vendetta.nix; + # ns1 + vigil = import ./machines/vigil.nix; + }; }; diff --git a/machines/vendetta.nix b/machines/vendetta.nix index 9cba06d..946e4b3 100644 --- a/machines/vendetta.nix +++ b/machines/vendetta.nix @@ -12,26 +12,13 @@ { pkgs, lib, nodes, ... }: let - # ip_pub = "193.1.99.120"; - ip_pub = "192.168.1.157"; + ip_pub = "193.1.99.120"; ip_priv = "172.20.20.3"; # hostname = "vendetta.skynet.ie"; - hostname = "192.168.1.157"; + hostname = ip_pub; - # this server will have to have dns records - own = { - external = [ - "vendetta A ${ip_pub}" - "ns1 A ${ip_pub}" - - # needs this, temporally - "ns2 A ${ip_pub}" - "mail A ${ip_pub}" - ]; - cname = [ - #"misc CNAME vendetta" - ]; - }; + # sets which nameserver it is + ns = "ns1"; in { imports = [ # applications for this particular server @@ -54,14 +41,29 @@ in { skynet_dns = { enable = true; + # this server will have to have dns records + own = { + nameserver = ns; + external = [ + "vendetta A ${ip_pub}" + "${ns} A ${ip_pub}" + + # needs this, temporally + "mail A ${ip_pub}" + ]; + cname = [ + #"misc CNAME vendetta" + ]; + }; + records = { # using the same logic as the firewall, comments there external = builtins.concatLists ( lib.attrsets.mapAttrsToList (key: value: if builtins.hasAttr "skynet_dns" value.config then ( - if value.config.deployment.targetHost == hostname - then own.external + if value.config.skynet_dns.enable + then value.config.skynet_dns.own.external else value.config.skynet_dns.records.external ) else [] @@ -72,8 +74,8 @@ in { lib.attrsets.mapAttrsToList (key: value: if builtins.hasAttr "skynet_dns" value.config then ( - if value.config.deployment.targetHost == hostname - then own.cname + if value.config.skynet_dns.enable + then value.config.skynet_dns.own.cname else value.config.skynet_dns.records.cname ) else [] diff --git a/machines/vigil.nix b/machines/vigil.nix new file mode 100644 index 0000000..8ba829c --- /dev/null +++ b/machines/vigil.nix @@ -0,0 +1,85 @@ +/* + + Name: https://masseffect.fandom.com/wiki/Vigil + Why: Counterpart to Vendetta + Type: VM + Hardware: - + From: 2023 + Role: DNS Server + Notes: + +*/ + +{ pkgs, lib, nodes, ... }: +let + # ip_pub = "193.1.99.121"; + ip_pub = "192.168.1.157"; + ip_priv = "172.20.20.4"; + # hostname = "vigil.skynet.ie"; + hostname = ip_pub; + + # sets which nameserver it is + ns = "ns2"; +in { + imports = [ + # applications for this particular server + ../applications/dns.nix + ]; + + deployment = { + targetHost = hostname; + targetPort = 22; + targetUser = "root"; + }; + + networking = { + firewall = { + allowedTCPPorts = [22 53]; + allowedUDPPorts = [53]; + }; + }; + + skynet_dns = { + enable = true; + + # this server will have to have dns records + own = { + nameserver = ns; + external = [ + "vigil A ${ip_pub}" + "${ns} A ${ip_pub}" + ]; + cname = [ + #"misc CNAME vendetta" + ]; + }; + + records = { + # using the same logic as the firewall, comments there + external = builtins.concatLists ( + lib.attrsets.mapAttrsToList (key: value: + if builtins.hasAttr "skynet_dns" value.config + then ( + if value.config.skynet_dns.enable + then value.config.skynet_dns.own.external + else value.config.skynet_dns.records.external + ) + else [] + ) nodes + ); + + cname = builtins.concatLists ( + lib.attrsets.mapAttrsToList (key: value: + if builtins.hasAttr "skynet_dns" value.config + then ( + if value.config.skynet_dns.enable + then value.config.skynet_dns.own.cname + else value.config.skynet_dns.records.cname + ) + else [] + ) nodes + ); + }; + }; + +}