dns: cleaned up teh implmentation of the dns, partly to make it easier toa dd records and partly to make it really neat config files.

This commit is contained in:
silver 2023-07-16 01:53:21 +01:00
parent d683598060
commit bc2e781586
18 changed files with 163 additions and 202 deletions

View file

@ -5,6 +5,38 @@ let
# reads that date to a string (will need to be fixed in 2038) # reads that date to a string (will need to be fixed in 2038)
current_date = toString builtins.currentTime; current_date = toString builtins.currentTime;
# gets a list of records that match this type
filter_records_type = r_type: builtins.filter (x: x.r_type == r_type) records;
filter_records_server = builtins.filter (x: builtins.hasAttr "server" x && x.server) (filter_records_type "A");
filter_records_a = builtins.filter (x: builtins.hasAttr "server" x && !x.server) (filter_records_type "A");
process_ptr = records: lib.lists.forEach records (x: process_ptr_sub x);
process_ptr_sub = record: {record=(builtins.substring 9 3 record.record); r_type="PTR"; value=record.value;};
ip_ptr_to_int = ip: lib.strings.toInt (builtins.substring 9 3 ip);
sort_records_server = builtins.sort (a: b: a.record < b.record) filter_records_server;
sort_records_a = builtins.sort (a: b: (ip_ptr_to_int a.value) < (ip_ptr_to_int b.value)) filter_records_a;
sort_records_cname = builtins.sort (a: b: a.value < b.value) (filter_records_type "CNAME");
sort_records_ptr = builtins.sort (a: b: (lib.strings.toInt a.record) < (lib.strings.toInt b.record)) (process_ptr (filter_records_type "PTR"));
format_records = records: offset: lib.strings.concatMapStrings (x: "${padString x.record offset} IN ${padString x.r_type 5} ${x.value}\n") records;
# small function to trim it down a tad
padString = text: length: fixedWidthString_post length " " text;
# like lib.strings.fixedWidthString but postfix
fixedWidthString_post = width: filler: str:
let
strw = lib.stringLength str;
reqWidth = width - (lib.stringLength filler);
in
assert lib.assertMsg (strw <= width) "fixedWidthString_post: requested string length (${toString width}) must not be shorter than actual length (${toString strw})";
if strw == width
then str
else (fixedWidthString_post reqWidth filler str) + filler;
# base config for domains we own (skynet.ie, csn.ul.ie, ulcompsoc.ie) # base config for domains we own (skynet.ie, csn.ul.ie, ulcompsoc.ie)
get_config_file = (domain: get_config_file = (domain:
''$TTL 60 ; 1 minute ''$TTL 60 ; 1 minute
@ -29,20 +61,24 @@ let
; ------------------------------------------ ; ------------------------------------------
; Server Names ; Server Names (A Records)
; ------------------------------------------ ; ------------------------------------------
${lib.strings.concatMapStrings (x: x + "\n") records.external} ${format_records sort_records_server 11}
; internal addresses
; ------------------------------------------ ; ------------------------------------------
; May come back to this idea in teh future ; A (non server names
; agentjones.int A 172.20.20.1
; cname's
; ------------------------------------------ ; ------------------------------------------
${lib.strings.concatMapStrings (x: x + "\n") records.cname} ${format_records sort_records_a 18}
; ------------------------------------------
; CNAMES
; ------------------------------------------
${format_records sort_records_cname 31}
; ------------------------------------------
; TXT
; ------------------------------------------
${format_records (filter_records_type "TXT") 29}
'' ''
); );
@ -66,7 +102,10 @@ $TTL 60 ; 1 minute
@ NS ns1.skynet.ie. @ NS ns1.skynet.ie.
@ NS ns2.skynet.ie. @ NS ns2.skynet.ie.
${lib.strings.concatMapStrings (x: x + "\n") records.reverse} ; ------------------------------------------
; PTR
; ------------------------------------------
${format_records sort_records_ptr 3}
'' ''
); );
@ -185,9 +224,7 @@ inline-signing yes;
old = ""; old = "";
}; };
records = { records = builtins.concatLists (
# using the same logic as the firewall, comments there
external = builtins.concatLists (
lib.attrsets.mapAttrsToList (key: value: lib.attrsets.mapAttrsToList (key: value:
let let
details_server = value.config.skynet_dns.server; details_server = value.config.skynet_dns.server;
@ -195,41 +232,19 @@ inline-signing yes;
in in
if builtins.hasAttr "skynet_dns" value.config if builtins.hasAttr "skynet_dns" value.config
then ( then (
# got to handle habing a dns record for the dns serves themselves.
if details_server.enable if details_server.enable
then ( then (
if details_server.primary if details_server.primary
then details_records.external ++ ["ns1 A ${details_server.ip}"] then details_records ++ [ {record="ns1"; r_type="A"; value=details_server.ip; server=false;} ]
else details_records.external ++ ["ns2 A ${details_server.ip}"] else details_records ++ [ {record="ns2"; r_type="A"; value=details_server.ip; server=false;} ]
) )
else details_records.external else details_records
) )
else [] else []
) nodes ) nodes
); );
cname = builtins.concatLists (
lib.attrsets.mapAttrsToList (key: value:
let
details_records = value.config.skynet_dns.records;
in
if builtins.hasAttr "skynet_dns" value.config
then details_records.cname
else []
) nodes
);
reverse = builtins.concatLists (
lib.attrsets.mapAttrsToList (key: value:
let
details_records = value.config.skynet_dns.records;
in
if builtins.hasAttr "skynet_dns" value.config
then details_records.reverse
else []
) nodes
);
};
nameserver = if cfg.server.primary then "ns1" else "ns2"; nameserver = if cfg.server.primary then "ns1" else "ns2";
in { in {
@ -260,30 +275,26 @@ in {
}; };
}; };
records = { records = lib.mkOption {
external = lib.mkOption { description = "Records, sorted based on therir type";
default = [ ]; type = with lib.types; listOf (submodule {
type = lib.types.listOf lib.types.str; options = {
description = '' record = lib.mkOption {
External records like: agentjones A 193.1.99.72 type = str;
'';
}; };
r_type = lib.mkOption {
cname = lib.mkOption { type = enum ["A" "CNAME" "TXT" "PTR"];
default = [ ];
type = lib.types.listOf lib.types.str;
description = ''
External records like: ns1 CNAME ns1
'';
}; };
value = lib.mkOption {
reverse = lib.mkOption { type = str;
default = [ ];
type = lib.types.listOf lib.types.str;
description = ''
External records like: 20 IN PTR vigil
'';
}; };
server = lib.mkOption {
description = "Core record for a server";
type = bool;
default = false;
};
};
});
}; };
}; };

View file

@ -95,22 +95,19 @@
age.secrets.ldap_pw.file = ../secrets/ldap/pw.age; age.secrets.ldap_pw.file = ../secrets/ldap/pw.age;
# set up dns record for it # set up dns record for it
skynet_dns.records.external = [ skynet_dns.records = [
# basic one # basic one
"mail A ${cfg.host.ip}" {record="mail"; r_type="A"; value=cfg.host.ip;}
# TXT records, all tehse are inside escaped strings to allow using ""
# SPF record # SPF record
''${cfg.domain}. IN TXT "v=spf1 a:${cfg.sub}.${cfg.domain} -all"'' {record="${cfg.domain}."; r_type="TXT"; value=''"v=spf1 a:${cfg.sub}.${cfg.domain} -all"'';}
# DKIM # DKIM
''mail._domainkey.${cfg.domain}. IN TXT "v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDl8ptSASx37t5sfmU2d2Y6yi9AVrsNFBZDmJ2uaLa4NuvAjxGQCw4wx+1Jui/HOuKYLpntLsjN851wgPR+3i51g4OblqBDvcHn9NYgWRZfHj9AASANQjdsaAbkXuyKuO46hZqeWlpESAcD6a4Evam4fkm+kiZC0+rccb4cWgsuLwIDAQAB"'' {record="mail._domainkey.${cfg.domain}."; r_type="TXT"; value=''"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDl8ptSASx37t5sfmU2d2Y6yi9AVrsNFBZDmJ2uaLa4NuvAjxGQCw4wx+1Jui/HOuKYLpntLsjN851wgPR+3i51g4OblqBDvcHn9NYgWRZfHj9AASANQjdsaAbkXuyKuO46hZqeWlpESAcD6a4Evam4fkm+kiZC0+rccb4cWgsuLwIDAQAB"'';}
# DMARC # DMARC
''_dmarc.${cfg.domain}. IN TXT "v=DMARC1; p=none"'' {record="_dmarc.${cfg.domain}."; r_type="TXT"; value=''"v=DMARC1; p=none"'';}
];
skynet_dns.records.reverse = [ {record=cfg.host.ip; r_type="PTR"; value="${cfg.sub}.${cfg.domain}.";}
"${builtins.substring 9 3 cfg.host.ip} IN PTR ${cfg.sub}.${cfg.domain}."
]; ];
mailserver = { mailserver = {

View file

@ -44,12 +44,10 @@
config = mkIf cfg.enable { config = mkIf cfg.enable {
skynet_dns.records = { skynet_dns.records = [
cname = [
# need a base domain # need a base domain
"${cfg.domain.sub} CNAME ${cfg.host.name}" {record=cfg.domain.sub; r_type="CNAME"; value=cfg.host.name;}
]; ];
};
# the minecraft servers # the minecraft servers
services.skynet_games_minecraft = { services.skynet_games_minecraft = {

View file

@ -52,22 +52,18 @@
"ip daddr ${cfg.host.ip} tcp dport 25565 counter packets 0 bytes 0 accept" "ip daddr ${cfg.host.ip} tcp dport 25565 counter packets 0 bytes 0 accept"
]; ];
skynet_dns.records = { skynet_dns.records = [
external = []; # the minecraft (web) config server
cname = [ {record="config.${cfg.domain.sub}"; r_type="CNAME"; value=cfg.host.name;}
"config.${cfg.domain.sub} CNAME ${cfg.host.name}"
# create a sub-subdomain for each game # our own minecraft hosts
# compsoc_classic.minecraft.games.skynet.ie {record="compsoc_classic.${cfg.domain.sub}"; r_type="CNAME"; value=cfg.host.name;}
"compsoc_classic.${cfg.domain.sub} CNAME ${cfg.host.name}" {record="compsoc.${cfg.domain.sub}"; r_type="CNAME"; value=cfg.host.name;}
"compsoc.${cfg.domain.sub} CNAME ${cfg.host.name}"
# gsoc.minecraft.games.skynet.ie
"gsoc.${cfg.domain.sub} CNAME ${cfg.host.name}"
"gsoc_abridged.${cfg.domain.sub} CNAME ${cfg.host.name}"
# gsoc servers
{record="gsoc.${cfg.domain.sub}"; r_type="CNAME"; value=cfg.host.name;}
{record="gsoc_abridged.${cfg.domain.sub}"; r_type="CNAME"; value=cfg.host.name;}
]; ];
};
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
# for the proxy # for the proxy

View file

@ -94,13 +94,10 @@
}; };
# using https://nixos.org/manual/nixos/stable/index.html#module-services-gitlab as a guide # using https://nixos.org/manual/nixos/stable/index.html#module-services-gitlab as a guide
skynet_dns.records.cname = [ skynet_dns.records = [
"${cfg.domain.sub} CNAME ${cfg.host.name}" {record=cfg.domain.sub; r_type="CNAME"; value=cfg.host.name;}
];
skynet_dns.records.external = [
# for gitlab pages # for gitlab pages
"*.pages.${cfg.domain.base}.${cfg.domain.tld}. 1800 IN A ${cfg.host.ip}" {record="*.pages.${cfg.domain.base}.${cfg.domain.tld}."; r_type="A"; value=cfg.host.ip;}
]; ];
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [

View file

@ -77,8 +77,8 @@ Gonna use a priper nixos module for this
group = "openldap"; group = "openldap";
}; };
skynet_dns.records.cname = [ skynet_dns.records = [
"${cfg.domain.sub} CNAME ${cfg.host.name}" {record=cfg.domain.sub; r_type="CNAME"; value=cfg.host.name;}
]; ];
# firewall on teh computer itself # firewall on teh computer itself

View file

@ -48,8 +48,8 @@
age.secrets.ldap_self_service.file = ../../secrets/ldap/self_service.age; age.secrets.ldap_self_service.file = ../../secrets/ldap/self_service.age;
skynet_dns.records.cname = [ skynet_dns.records = [
"${cfg.domain.sub} CNAME ${cfg.host.name}" {record=cfg.domain.sub; r_type="CNAME"; value=cfg.host.name;}
]; ];
services.nginx.virtualHosts."${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" = { services.nginx.virtualHosts."${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" = {

View file

@ -50,8 +50,8 @@
8000 8000
]; ];
skynet_dns.records.cname = [ skynet_dns.records = [
"${cfg.domain.sub} CNAME ${cfg.host.name}" {record=cfg.domain.sub; r_type="CNAME"; value=cfg.host.name;}
]; ];
skynet_firewall.forward = [ skynet_firewall.forward = [

View file

@ -31,15 +31,10 @@ in {
tags = [ "active" ]; tags = [ "active" ];
}; };
skynet_dns.records = { skynet_dns.records = [
external = [ {record=name; r_type="A"; value=ip_pub; server=true;}
"${name} A ${ip_pub}" {record=ip_pub; r_type="PTR"; value=hostname;}
]; ];
cname = [];
reverse = [
"${builtins.substring 9 3 ip_pub} IN PTR ${hostname}."
];
};
services.skynet_backup = { services.skynet_backup = {
host = { host = {

View file

@ -30,14 +30,10 @@ in {
tags = [ "active" ]; tags = [ "active" ];
}; };
skynet_dns.records = { skynet_dns.records = [
external = [ {record=name; r_type="A"; value=ip_pub; server=true;}
"${name} A ${ip_pub}" {record=ip_pub; r_type="PTR"; value=hostname;}
]; ];
reverse = [
"${builtins.substring 9 3 ip_pub} IN PTR ${hostname}."
];
};
services.skynet_backup = { services.skynet_backup = {
host = { host = {

View file

@ -33,14 +33,10 @@ in {
}; };
# add this server to dns # add this server to dns
skynet_dns.records = { skynet_dns.records = [
external = [ {record=name; r_type="A"; value=ip_pub; server=true;}
"${name} A ${ip_pub}" {record=ip_pub; r_type="PTR"; value=hostname;}
]; ];
reverse = [
"${builtins.substring 9 3 ip_pub} IN PTR ${hostname}."
];
};
services.skynet_backup = { services.skynet_backup = {
host = { host = {

View file

@ -33,14 +33,10 @@ in {
}; };
skynet_dns.records = { skynet_dns.records = [
external = [ {record=name; r_type="A"; value=ip_pub; server=true;}
"${name} A ${ip_pub}" {record=ip_pub; r_type="PTR"; value=hostname;}
]; ];
reverse = [
"${builtins.substring 9 3 ip_pub} IN PTR ${hostname}."
];
};
services.skynet_backup = { services.skynet_backup = {
host = { host = {

View file

@ -33,14 +33,10 @@ in {
}; };
# add this server to dns # add this server to dns
skynet_dns.records = { skynet_dns.records = [
external = [ {record=name; r_type="A"; value=ip_pub; server=true;}
"${name} A ${ip_pub}" {record=ip_pub; r_type="PTR"; value=hostname;}
]; ];
reverse = [
"${builtins.substring 9 3 ip_pub} IN PTR ${hostname}."
];
};
services.skynet_backup = { services.skynet_backup = {
host = { host = {

View file

@ -43,15 +43,10 @@ in {
tags = [ "active" ]; tags = [ "active" ];
}; };
skynet_dns.records = [
skynet_dns.records = { {record=name; r_type="A"; value=ip_pub; server=true;}
external = [ {record=ip_pub; r_type="PTR"; value=hostname;}
"${name} A ${ip_pub}"
]; ];
reverse = [
"${builtins.substring 9 3 ip_pub} IN PTR ${hostname}."
];
};
services.skynet_backup = { services.skynet_backup = {
server.enable = true; server.enable = true;

View file

@ -31,14 +31,10 @@ in {
tags = [ "active" ]; tags = [ "active" ];
}; };
skynet_dns.records = { skynet_dns.records = [
external = [ {record=name; r_type="A"; value=ip_pub; server=true;}
"${name} A ${ip_pub}" {record=ip_pub; r_type="PTR"; value=hostname;}
]; ];
reverse = [
"${builtins.substring 9 3 ip_pub} IN PTR ${hostname}."
];
};
services.skynet_backup = { services.skynet_backup = {
host = { host = {

View file

@ -60,14 +60,12 @@ in {
ip = ip_pub; ip = ip_pub;
}; };
records = { records = [
external = [ # vendetta IN A 193.1.99.120
"${name} A ${ip_pub}" {record=name; r_type="A"; value=ip_pub; server=true;}
# 120 IN PTR vendetta.skynet.ie.
{record=ip_pub; r_type="PTR"; value=hostname;}
]; ];
reverse = [
"${builtins.substring 9 3 ip_pub} IN PTR ${hostname}."
];
};
}; };
} }

View file

@ -45,14 +45,12 @@ in {
}; };
# this server will have to have dns records # this server will have to have dns records
records = { records = [
external = [ # vigil IN A 193.1.99.109
"${name} A ${ip_pub}" {record=name; r_type="A"; value=ip_pub; server=true;}
# 109 IN PTR vigil.skynet.ie.
{record=ip_pub; r_type="PTR"; value=hostname;}
]; ];
reverse = [
"${builtins.substring 9 3 ip_pub} IN PTR ${hostname}."
];
};
}; };
} }

View file

@ -32,14 +32,10 @@ in {
}; };
skynet_dns.records = { skynet_dns.records = [
external = [ {record=name; r_type="A"; value=ip_pub; server=true;}
"${name} A ${ip_pub}" {record=ip_pub; r_type="PTR"; value=hostname;}
]; ];
reverse = [
"${builtins.substring 9 3 ip_pub} IN PTR ${hostname}."
];
};
services.skynet_backup = { services.skynet_backup = {
host = { host = {