From bbe81fcd3e31570715549d46cfd3207a335975f8 Mon Sep 17 00:00:00 2001 From: Cathal Ferris Date: Sun, 22 Oct 2023 21:57:44 +0000 Subject: [PATCH] Fixing the semicolon comment delimiters to octothorpe comment delimiters, and improving readability. --- applications/dns.nix | 169 +++++++++++++++++++++++++------------------ 1 file changed, 97 insertions(+), 72 deletions(-) diff --git a/applications/dns.nix b/applications/dns.nix index 2bca4fb..0f95099 100644 --- a/applications/dns.nix +++ b/applications/dns.nix @@ -47,55 +47,55 @@ # base config for domains we own (skynet.ie, csn.ul.ie, ulcompsoc.ie) get_config_file = ( domain: '' - $TTL 60 ; 1 minute - ; hostmaster@${domain} is an email address that recieves stuff related to dns + $TTL 60 # 1 minute + # hostmaster@${domain} is an email address that recieves stuff related to dns @ IN SOA ${nameserver}.${domain}. hostmaster.${domain}. ( - ; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated + # Serial (YYYYMMDDCC) this has to be updated for each time the record is updated ${current_date} - 600 ; Refresh (10 minutes) - 300 ; Retry (5 minutes) - 604800 ; Expire (1 week) - 3600 ; Minimum (1 hour) + 600 # Refresh (10 minutes) + 300 # Retry (5 minutes) + 604800 # Expire (1 week) + 3600 # Minimum (1 hour) ) @ NS ns1.${domain}. @ NS ns2.${domain}. - ; @ stands for the root domain so the A record below is where ${domain} points to - ;@ A 193.1.99.76 - ;@ MX 5 ${domain}. + # @ stands for the root domain so the A record below is where ${domain} points to + #@ A 193.1.99.76 + #@ MX 5 ${domain}. - ; can have multiple mailserves + # can have multiple mailserves @ MX 10 mail.${domain}. - ; ------------------------------------------ - ; Server Names (A Records) - ; ------------------------------------------ + # ------------------------------------------ + # Server Names (A Records) + # ------------------------------------------ ${format_records sort_records_server 31} - ; ------------------------------------------ - ; A (non server names - ; ------------------------------------------ + # ------------------------------------------ + # A (non server names) + # ------------------------------------------ ${format_records sort_records_a 31} - ; ------------------------------------------ - ; CNAMES - ; ------------------------------------------ + # ------------------------------------------ + # CNAMES + # ------------------------------------------ ${format_records sort_records_cname 31} - ; ------------------------------------------ - ; TXT - ; ------------------------------------------ + # ------------------------------------------ + # TXT + # ------------------------------------------ ${format_records (filter_records_type "TXT") 31} - ; ------------------------------------------ - ; MX - ; ------------------------------------------ + # ------------------------------------------ + # MX + # ------------------------------------------ ${format_records (filter_records_type "MX") 31} - ; ------------------------------------------ - ; SRV - ; ------------------------------------------ + # ------------------------------------------ + # SRV + # ------------------------------------------ ${format_records sort_records_srv 31} @@ -107,23 +107,23 @@ get_config_file_rev = ( domain: '' $ORIGIN 64-64.99.1.193.in-addr.arpa. - $TTL 60 ; 1 minute - ; hostmaster@skynet.ie is an email address that recieves stuff related to dns + $TTL 60 # 1 minute + # hostmaster@skynet.ie is an email address that recieves stuff related to dns @ IN SOA ${nameserver}.skynet.ie. hostmaster.skynet.ie. ( - ; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated + # Serial (YYYYMMDDCC) this has to be updated for each time the record is updated ${current_date} - 600 ; Refresh (10 minutes) - 300 ; Retry (5 minutes) - 604800 ; Expire (1 week) - 3600 ; Minimum (1 hour) + 600 # Refresh (10 minutes) + 300 # Retry (5 minutes) + 604800 # Expire (1 week) + 3600 # Minimum (1 hour) ) @ NS ns1.skynet.ie. @ NS ns2.skynet.ie. - ; ------------------------------------------ - ; PTR - ; ------------------------------------------ + # ------------------------------------------ + # PTR + # ------------------------------------------ ${format_records sort_records_ptr 3} '' ); @@ -131,15 +131,15 @@ # domains we dont have proper ownership over, only here to ensure the logs dont get cluttered. get_config_file_old_domains = ( domain: '' - $TTL 60 ; 1 minute - ; hostmaster@skynet.ie is an email address that recieves stuff related to dns + $TTL 60 # 1 minute + # hostmaster@skynet.ie is an email address that recieves stuff related to dns @ IN SOA ${nameserver}.skynet.ie. hostmaster.skynet.ie. ( - ; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated + # Serial (YYYYMMDDCC) this has to be updated for each time the record is updated ${current_date} - 600 ; Refresh (10 minutes) - 300 ; Retry (5 minutes) - 604800 ; Expire (1 week) - 3600 ; Minimum (1 hour) + 600 # Refresh (10 minutes) + 300 # Retry (5 minutes) + 604800 # Expire (1 week) + 3600 # Minimum (1 hour) ) @ NS ns1.skynet.ie. @@ -174,7 +174,7 @@ # small function to tidy up the spam of the cache networks, would use the subnet except all external traffic has the ip of the router create_cache_networks = map (x: "193.1.99.${toString x}/32") (lib.lists.range 71 126); - # standard function to create the file in /etc/ ; pass in the text and domain and the function creates that file + # standard function to create the file in /etc/ - pass in the text and domain and the function creates that file create_entry_etc_sub = domain: text: { # Creates /etc/skynet/dns/domain "skynet/dns/${domain}" = { @@ -189,7 +189,7 @@ }; # (text.owned "csn.ul.ie") - # standard function to create the file in /etc/ ; pass in the text and domain and the function creates that file + # standard function to create the file in /etc/ - pass in the text and domain and the function creates that file create_entry_etc = domain: type: if type == "owned" then create_entry_etc_sub domain (text.owned domain) @@ -390,38 +390,63 @@ in { # set the upstream dns servers # overrides the default dns servers + # Set for HEANet and Quad9 IPv4 servers, x4 total forwarders = [ - ; Name: HEANet - ; DNSSEC: not known - ; Details: ISP for UL, should be a good candidate for primary upstream. If they aren't available, we've no connectivity anyway. - ; Server: ns.heanet.ie HEANet primary + + + # Name: HEANet + # DNSSEC: not known + # Details: ISP for UL, should be a good candidate for primary upstream. If they aren't available, we've no connectivity anyway. + + # IPv4 + # Server: ns.heanet.ie HEANet primary "193.1.193.194" - ; Server: auth-ns2.heanet.ie HEANet secondary (Located Germany) + # Server: auth-ns2.heanet.ie HEANet secondary (Ireland location) "193.1.247.198" - ; Server: auth-ns3.heanet.ie HEANet tertiary (Ireland located) + # Server: auth-ns3.heanet.ie HEANet tertiary (Germany location) # "5.196.22.225" - ; Name: Quad9.net (free service - this one is malware/phish blocked). Suggesting using unfiltered as below. - ; DNSSEC: available - ; Details: Based in Switzerland, zero cost, stated as no tracking data saved. Also has https https://dns.quad9.net/dns-query - ; Server: dns9.quad9.net Primary - # "9.9.9.9" - ; Server: dns.quad9.net Secondary - # "149.112.112.112" - ; Server: dns9.quad9.net IPV6 Primary server - # "2620:fe::9" - ; Server: dns.quad9.net IPV6 Secondary server - # "2620:fe::fe" - ; Name: Quad9.net (free service - this one is unfiltered). - ; DNSSEC: not available - ; Details: Based in Switzerland, zero cost, stated as no tracking data saved. Also has https https://dns10.quad9.net/dns-query - ; Server: dns10.quad9.net Primary + + # IPV6 + # Server: ns.heanet.ie HEANet IPv4 primary + # "2001:770:18:4::c101:c1c2" + # Server: auth-ns2.heanet.ie HEANet IPv4 secondary (Ireland location) + # "2001:770:1c:4::c101:f7c6" + # Server: auth-ns3.heanet.ie HEANet IPv4 tertiary (Germany location) + # "2001:41d0:52:900::871" + + + # Name: Quad9.net (free service - this one is unfiltered). + # DNSSEC: not available + # Details: Based in Switzerland, zero cost, stated as no tracking data saved. Also has https https://dns10.quad9.net/dns-query + + # IPv4 + # Server: dns10.quad9.net IPv4 Primary "9.9.9.10" - ; Server: dns10.quad9.net Secondary + # Server: dns10.quad9.net IPv4 Secondary "149.112.112.10" - ; Server: dns10.quad9.net IPV6 Primary server + + # IPV6 + # Server: dns10.quad9.net IPV6 Primary server # "2620:fe::10" - ; Server: dns10.quad9.net IPV6 Secondary server + # Server: dns10.quad9.net IPV6 Secondary server # "2620:fe::fe:10" + + + # Name: Quad9.net (free service - this one is malware/phish blocked). Suggesting using the unfiltered set just above. + # DNSSEC: available + # Details: Based in Switzerland, zero cost, stated as no tracking data saved. Also has https https://dns.quad9.net/dns-query + + # IPv4 + # Server: dns9.quad9.net IPv4 Primary + # "9.9.9.9" + # Server: dns.quad9.net IPv4 Secondary + # "149.112.112.112" + + # IPv6 + # Server: dns9.quad9.net IPV6 Primary server + # "2620:fe::9" + # Server: dns.quad9.net IPV6 Secondary server + # "2620:fe::fe" ]; cacheNetworks =