diff --git a/applications/dns.nix b/applications/dns.nix index 78ec36f..05528f9 100644 --- a/applications/dns.nix +++ b/applications/dns.nix @@ -5,6 +5,38 @@ let # reads that date to a string (will need to be fixed in 2038) current_date = toString builtins.currentTime; + # gets a list of records that match this type + filter_records_type = r_type: builtins.filter (x: x.r_type == r_type) records; + filter_records_server = builtins.filter (x: builtins.hasAttr "server" x && x.server) (filter_records_type "A"); + filter_records_a = builtins.filter (x: builtins.hasAttr "server" x && !x.server) (filter_records_type "A"); + + process_ptr = records: lib.lists.forEach records (x: process_ptr_sub x); + process_ptr_sub = record: {record=(builtins.substring 9 3 record.record); r_type="PTR"; value=record.value;}; + ip_ptr_to_int = ip: lib.strings.toInt (builtins.substring 9 3 ip); + + sort_records_server = builtins.sort (a: b: a.record < b.record) filter_records_server; + sort_records_a = builtins.sort (a: b: (ip_ptr_to_int a.value) < (ip_ptr_to_int b.value)) filter_records_a; + sort_records_cname = builtins.sort (a: b: a.value < b.value) (filter_records_type "CNAME"); + sort_records_ptr = builtins.sort (a: b: (lib.strings.toInt a.record) < (lib.strings.toInt b.record)) (process_ptr (filter_records_type "PTR")); + + format_records = records: offset: lib.strings.concatMapStrings (x: "${padString x.record offset} IN ${padString x.r_type 5} ${x.value}\n") records; + + # small function to trim it down a tad + padString = text: length: fixedWidthString_post length " " text; + + # like lib.strings.fixedWidthString but postfix + fixedWidthString_post = width: filler: str: + let + strw = lib.stringLength str; + reqWidth = width - (lib.stringLength filler); + in + assert lib.assertMsg (strw <= width) "fixedWidthString_post: requested string length (${toString width}) must not be shorter than actual length (${toString strw})"; + if strw == width + then str + else (fixedWidthString_post reqWidth filler str) + filler; + + + # base config for domains we own (skynet.ie, csn.ul.ie, ulcompsoc.ie) get_config_file = (domain: ''$TTL 60 ; 1 minute @@ -29,20 +61,24 @@ let ; ------------------------------------------ -; Server Names +; Server Names (A Records) ; ------------------------------------------ -${lib.strings.concatMapStrings (x: x + "\n") records.external} +${format_records sort_records_server 11} - -; internal addresses ; ------------------------------------------ -; May come back to this idea in teh future -; agentjones.int A 172.20.20.1 - - -; cname's +; A (non server names ; ------------------------------------------ -${lib.strings.concatMapStrings (x: x + "\n") records.cname} +${format_records sort_records_a 18} + +; ------------------------------------------ +; CNAMES +; ------------------------------------------ +${format_records sort_records_cname 31} + +; ------------------------------------------ +; TXT +; ------------------------------------------ +${format_records (filter_records_type "TXT") 29} '' ); @@ -66,7 +102,10 @@ $TTL 60 ; 1 minute @ NS ns1.skynet.ie. @ NS ns2.skynet.ie. -${lib.strings.concatMapStrings (x: x + "\n") records.reverse} +; ------------------------------------------ +; PTR +; ------------------------------------------ +${format_records sort_records_ptr 3} '' ); @@ -185,50 +224,26 @@ inline-signing yes; old = ""; }; - records = { - # using the same logic as the firewall, comments there - external = builtins.concatLists ( - lib.attrsets.mapAttrsToList (key: value: - let - details_server = value.config.skynet_dns.server; - details_records = value.config.skynet_dns.records; - in - if builtins.hasAttr "skynet_dns" value.config + records = builtins.concatLists ( + lib.attrsets.mapAttrsToList (key: value: + let + details_server = value.config.skynet_dns.server; + details_records = value.config.skynet_dns.records; + in + if builtins.hasAttr "skynet_dns" value.config + then ( + # got to handle habing a dns record for the dns serves themselves. + if details_server.enable then ( - if details_server.enable - then ( - if details_server.primary - then details_records.external ++ ["ns1 A ${details_server.ip}"] - else details_records.external ++ ["ns2 A ${details_server.ip}"] - ) - else details_records.external + if details_server.primary + then details_records ++ [ {record="ns1"; r_type="A"; value=details_server.ip; server=false;} ] + else details_records ++ [ {record="ns2"; r_type="A"; value=details_server.ip; server=false;} ] ) - else [] - ) nodes - ); - - cname = builtins.concatLists ( - lib.attrsets.mapAttrsToList (key: value: - let - details_records = value.config.skynet_dns.records; - in - if builtins.hasAttr "skynet_dns" value.config - then details_records.cname - else [] - ) nodes - ); - - reverse = builtins.concatLists ( - lib.attrsets.mapAttrsToList (key: value: - let - details_records = value.config.skynet_dns.records; - in - if builtins.hasAttr "skynet_dns" value.config - then details_records.reverse - else [] - ) nodes - ); - }; + else details_records + ) + else [] + ) nodes + ); nameserver = if cfg.server.primary then "ns1" else "ns2"; @@ -260,30 +275,26 @@ in { }; }; - records = { - external = lib.mkOption { - default = [ ]; - type = lib.types.listOf lib.types.str; - description = '' - External records like: agentjones A 193.1.99.72 - ''; - }; - - cname = lib.mkOption { - default = [ ]; - type = lib.types.listOf lib.types.str; - description = '' - External records like: ns1 CNAME ns1 - ''; - }; - - reverse = lib.mkOption { - default = [ ]; - type = lib.types.listOf lib.types.str; - description = '' - External records like: 20 IN PTR vigil - ''; - }; + records = lib.mkOption { + description = "Records, sorted based on therir type"; + type = with lib.types; listOf (submodule { + options = { + record = lib.mkOption { + type = str; + }; + r_type = lib.mkOption { + type = enum ["A" "CNAME" "TXT" "PTR"]; + }; + value = lib.mkOption { + type = str; + }; + server = lib.mkOption { + description = "Core record for a server"; + type = bool; + default = false; + }; + }; + }); }; }; diff --git a/applications/email.nix b/applications/email.nix index c7719ba..8623613 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -95,22 +95,19 @@ age.secrets.ldap_pw.file = ../secrets/ldap/pw.age; # set up dns record for it - skynet_dns.records.external = [ + skynet_dns.records = [ # basic one - "mail A ${cfg.host.ip}" - - # SPF record - ''${cfg.domain}. IN TXT "v=spf1 a:${cfg.sub}.${cfg.domain} -all"'' + {record="mail"; r_type="A"; value=cfg.host.ip;} + # TXT records, all tehse are inside escaped strings to allow using "" + # SPF record + {record="${cfg.domain}."; r_type="TXT"; value=''"v=spf1 a:${cfg.sub}.${cfg.domain} -all"'';} # DKIM - ''mail._domainkey.${cfg.domain}. IN TXT "v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDl8ptSASx37t5sfmU2d2Y6yi9AVrsNFBZDmJ2uaLa4NuvAjxGQCw4wx+1Jui/HOuKYLpntLsjN851wgPR+3i51g4OblqBDvcHn9NYgWRZfHj9AASANQjdsaAbkXuyKuO46hZqeWlpESAcD6a4Evam4fkm+kiZC0+rccb4cWgsuLwIDAQAB"'' - + {record="mail._domainkey.${cfg.domain}."; r_type="TXT"; value=''"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDl8ptSASx37t5sfmU2d2Y6yi9AVrsNFBZDmJ2uaLa4NuvAjxGQCw4wx+1Jui/HOuKYLpntLsjN851wgPR+3i51g4OblqBDvcHn9NYgWRZfHj9AASANQjdsaAbkXuyKuO46hZqeWlpESAcD6a4Evam4fkm+kiZC0+rccb4cWgsuLwIDAQAB"'';} # DMARC - ''_dmarc.${cfg.domain}. IN TXT "v=DMARC1; p=none"'' - ]; + {record="_dmarc.${cfg.domain}."; r_type="TXT"; value=''"v=DMARC1; p=none"'';} - skynet_dns.records.reverse = [ - "${builtins.substring 9 3 cfg.host.ip} IN PTR ${cfg.sub}.${cfg.domain}." + {record=cfg.host.ip; r_type="PTR"; value="${cfg.sub}.${cfg.domain}.";} ]; mailserver = { diff --git a/applications/games.nix b/applications/games.nix index 071a3e7..7c7b126 100644 --- a/applications/games.nix +++ b/applications/games.nix @@ -44,12 +44,10 @@ config = mkIf cfg.enable { - skynet_dns.records = { - cname = [ - # need a base domain - "${cfg.domain.sub} CNAME ${cfg.host.name}" - ]; - }; + skynet_dns.records = [ + # need a base domain + {record=cfg.domain.sub; r_type="CNAME"; value=cfg.host.name;} + ]; # the minecraft servers services.skynet_games_minecraft = { diff --git a/applications/games/minecraft.nix b/applications/games/minecraft.nix index 0728d8c..87c4b39 100644 --- a/applications/games/minecraft.nix +++ b/applications/games/minecraft.nix @@ -52,22 +52,18 @@ "ip daddr ${cfg.host.ip} tcp dport 25565 counter packets 0 bytes 0 accept" ]; - skynet_dns.records = { - external = []; - cname = [ - "config.${cfg.domain.sub} CNAME ${cfg.host.name}" + skynet_dns.records = [ + # the minecraft (web) config server + {record="config.${cfg.domain.sub}"; r_type="CNAME"; value=cfg.host.name;} - # create a sub-subdomain for each game - # compsoc_classic.minecraft.games.skynet.ie - "compsoc_classic.${cfg.domain.sub} CNAME ${cfg.host.name}" - "compsoc.${cfg.domain.sub} CNAME ${cfg.host.name}" + # our own minecraft hosts + {record="compsoc_classic.${cfg.domain.sub}"; r_type="CNAME"; value=cfg.host.name;} + {record="compsoc.${cfg.domain.sub}"; r_type="CNAME"; value=cfg.host.name;} - # gsoc.minecraft.games.skynet.ie - "gsoc.${cfg.domain.sub} CNAME ${cfg.host.name}" - "gsoc_abridged.${cfg.domain.sub} CNAME ${cfg.host.name}" - - ]; - }; + # gsoc servers + {record="gsoc.${cfg.domain.sub}"; r_type="CNAME"; value=cfg.host.name;} + {record="gsoc_abridged.${cfg.domain.sub}"; r_type="CNAME"; value=cfg.host.name;} + ]; networking.firewall.allowedTCPPorts = [ # for the proxy diff --git a/applications/gitlab.nix b/applications/gitlab.nix index ce91861..73850ac 100644 --- a/applications/gitlab.nix +++ b/applications/gitlab.nix @@ -94,13 +94,10 @@ }; # using https://nixos.org/manual/nixos/stable/index.html#module-services-gitlab as a guide - skynet_dns.records.cname = [ - "${cfg.domain.sub} CNAME ${cfg.host.name}" - ]; - - skynet_dns.records.external = [ + skynet_dns.records = [ + {record=cfg.domain.sub; r_type="CNAME"; value=cfg.host.name;} # for gitlab pages - "*.pages.${cfg.domain.base}.${cfg.domain.tld}. 1800 IN A ${cfg.host.ip}" + {record="*.pages.${cfg.domain.base}.${cfg.domain.tld}."; r_type="A"; value=cfg.host.ip;} ]; networking.firewall.allowedTCPPorts = [ diff --git a/applications/ldap.nix b/applications/ldap.nix index 1d8a373..7e46ab0 100644 --- a/applications/ldap.nix +++ b/applications/ldap.nix @@ -77,8 +77,8 @@ Gonna use a priper nixos module for this group = "openldap"; }; - skynet_dns.records.cname = [ - "${cfg.domain.sub} CNAME ${cfg.host.name}" + skynet_dns.records = [ + {record=cfg.domain.sub; r_type="CNAME"; value=cfg.host.name;} ]; # firewall on teh computer itself diff --git a/applications/ldap/ldap_backend.nix b/applications/ldap/ldap_backend.nix index c6789b1..beba010 100644 --- a/applications/ldap/ldap_backend.nix +++ b/applications/ldap/ldap_backend.nix @@ -48,8 +48,8 @@ age.secrets.ldap_self_service.file = ../../secrets/ldap/self_service.age; - skynet_dns.records.cname = [ - "${cfg.domain.sub} CNAME ${cfg.host.name}" + skynet_dns.records = [ + {record=cfg.domain.sub; r_type="CNAME"; value=cfg.host.name;} ]; services.nginx.virtualHosts."${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" = { diff --git a/applications/ulfm.nix b/applications/ulfm.nix index cfc7cbc..7c101b8 100644 --- a/applications/ulfm.nix +++ b/applications/ulfm.nix @@ -50,8 +50,8 @@ 8000 ]; - skynet_dns.records.cname = [ - "${cfg.domain.sub} CNAME ${cfg.host.name}" + skynet_dns.records = [ + {record=cfg.domain.sub; r_type="CNAME"; value=cfg.host.name;} ]; skynet_firewall.forward = [ diff --git a/machines/agentjones.nix b/machines/agentjones.nix index 5eb9254..0ebbd50 100644 --- a/machines/agentjones.nix +++ b/machines/agentjones.nix @@ -31,15 +31,10 @@ in { tags = [ "active" ]; }; - skynet_dns.records = { - external = [ - "${name} A ${ip_pub}" - ]; - cname = []; - reverse = [ - "${builtins.substring 9 3 ip_pub} IN PTR ${hostname}." - ]; - }; + skynet_dns.records = [ + {record=name; r_type="A"; value=ip_pub; server=true;} + {record=ip_pub; r_type="PTR"; value=hostname;} + ]; services.skynet_backup = { host = { diff --git a/machines/galatea.nix b/machines/galatea.nix index 3e23ab4..9e9c8c0 100644 --- a/machines/galatea.nix +++ b/machines/galatea.nix @@ -30,14 +30,10 @@ in { tags = [ "active" ]; }; - skynet_dns.records = { - external = [ - "${name} A ${ip_pub}" - ]; - reverse = [ - "${builtins.substring 9 3 ip_pub} IN PTR ${hostname}." - ]; - }; + skynet_dns.records = [ + {record=name; r_type="A"; value=ip_pub; server=true;} + {record=ip_pub; r_type="PTR"; value=hostname;} + ]; services.skynet_backup = { host = { diff --git a/machines/gir.nix b/machines/gir.nix index 4959b72..24c10e4 100644 --- a/machines/gir.nix +++ b/machines/gir.nix @@ -33,14 +33,10 @@ in { }; # add this server to dns - skynet_dns.records = { - external = [ - "${name} A ${ip_pub}" - ]; - reverse = [ - "${builtins.substring 9 3 ip_pub} IN PTR ${hostname}." - ]; - }; + skynet_dns.records = [ + {record=name; r_type="A"; value=ip_pub; server=true;} + {record=ip_pub; r_type="PTR"; value=hostname;} + ]; services.skynet_backup = { host = { diff --git a/machines/glados.nix b/machines/glados.nix index e833b1a..db4b1a6 100644 --- a/machines/glados.nix +++ b/machines/glados.nix @@ -33,14 +33,10 @@ in { }; - skynet_dns.records = { - external = [ - "${name} A ${ip_pub}" - ]; - reverse = [ - "${builtins.substring 9 3 ip_pub} IN PTR ${hostname}." - ]; - }; + skynet_dns.records = [ + {record=name; r_type="A"; value=ip_pub; server=true;} + {record=ip_pub; r_type="PTR"; value=hostname;} + ]; services.skynet_backup = { host = { diff --git a/machines/kitt.nix b/machines/kitt.nix index 46f6515..7b8bde9 100644 --- a/machines/kitt.nix +++ b/machines/kitt.nix @@ -33,14 +33,10 @@ in { }; # add this server to dns - skynet_dns.records = { - external = [ - "${name} A ${ip_pub}" - ]; - reverse = [ - "${builtins.substring 9 3 ip_pub} IN PTR ${hostname}." - ]; - }; + skynet_dns.records = [ + {record=name; r_type="A"; value=ip_pub; server=true;} + {record=ip_pub; r_type="PTR"; value=hostname;} + ]; services.skynet_backup = { host = { diff --git a/machines/neuromancer.nix b/machines/neuromancer.nix index 920bcf2..a8f23dc 100644 --- a/machines/neuromancer.nix +++ b/machines/neuromancer.nix @@ -43,15 +43,10 @@ in { tags = [ "active" ]; }; - - skynet_dns.records = { - external = [ - "${name} A ${ip_pub}" - ]; - reverse = [ - "${builtins.substring 9 3 ip_pub} IN PTR ${hostname}." - ]; - }; + skynet_dns.records = [ + {record=name; r_type="A"; value=ip_pub; server=true;} + {record=ip_pub; r_type="PTR"; value=hostname;} + ]; services.skynet_backup = { server.enable = true; diff --git a/machines/optimus.nix b/machines/optimus.nix index f2bd9c0..03ae0f9 100644 --- a/machines/optimus.nix +++ b/machines/optimus.nix @@ -31,14 +31,10 @@ in { tags = [ "active" ]; }; - skynet_dns.records = { - external = [ - "${name} A ${ip_pub}" - ]; - reverse = [ - "${builtins.substring 9 3 ip_pub} IN PTR ${hostname}." - ]; - }; + skynet_dns.records = [ + {record=name; r_type="A"; value=ip_pub; server=true;} + {record=ip_pub; r_type="PTR"; value=hostname;} + ]; services.skynet_backup = { host = { diff --git a/machines/vendetta.nix b/machines/vendetta.nix index 5e85232..da81fee 100644 --- a/machines/vendetta.nix +++ b/machines/vendetta.nix @@ -60,14 +60,12 @@ in { ip = ip_pub; }; - records = { - external = [ - "${name} A ${ip_pub}" - ]; - reverse = [ - "${builtins.substring 9 3 ip_pub} IN PTR ${hostname}." - ]; - }; + records = [ + # vendetta IN A 193.1.99.120 + {record=name; r_type="A"; value=ip_pub; server=true;} + # 120 IN PTR vendetta.skynet.ie. + {record=ip_pub; r_type="PTR"; value=hostname;} + ]; }; } diff --git a/machines/vigil.nix b/machines/vigil.nix index 7b853bb..c2ff3c4 100644 --- a/machines/vigil.nix +++ b/machines/vigil.nix @@ -45,14 +45,12 @@ in { }; # this server will have to have dns records - records = { - external = [ - "${name} A ${ip_pub}" - ]; - reverse = [ - "${builtins.substring 9 3 ip_pub} IN PTR ${hostname}." - ]; - }; + records = [ + # vigil IN A 193.1.99.109 + {record=name; r_type="A"; value=ip_pub; server=true;} + # 109 IN PTR vigil.skynet.ie. + {record=ip_pub; r_type="PTR"; value=hostname;} + ]; }; } diff --git a/machines/wheatly.nix b/machines/wheatly.nix index b5e0d50..5884193 100644 --- a/machines/wheatly.nix +++ b/machines/wheatly.nix @@ -32,14 +32,10 @@ in { }; - skynet_dns.records = { - external = [ - "${name} A ${ip_pub}" - ]; - reverse = [ - "${builtins.substring 9 3 ip_pub} IN PTR ${hostname}." - ]; - }; + skynet_dns.records = [ + {record=name; r_type="A"; value=ip_pub; server=true;} + {record=ip_pub; r_type="PTR"; value=hostname;} + ]; services.skynet_backup = { host = {