dns: cleaned up teh implmentation of the dns, partly to make it easier toa dd records and partly to make it really neat config files.
This commit is contained in:
parent
d683598060
commit
bc2e781586
18 changed files with 163 additions and 202 deletions
|
@ -5,6 +5,38 @@ let
|
|||
# reads that date to a string (will need to be fixed in 2038)
|
||||
current_date = toString builtins.currentTime;
|
||||
|
||||
# gets a list of records that match this type
|
||||
filter_records_type = r_type: builtins.filter (x: x.r_type == r_type) records;
|
||||
filter_records_server = builtins.filter (x: builtins.hasAttr "server" x && x.server) (filter_records_type "A");
|
||||
filter_records_a = builtins.filter (x: builtins.hasAttr "server" x && !x.server) (filter_records_type "A");
|
||||
|
||||
process_ptr = records: lib.lists.forEach records (x: process_ptr_sub x);
|
||||
process_ptr_sub = record: {record=(builtins.substring 9 3 record.record); r_type="PTR"; value=record.value;};
|
||||
ip_ptr_to_int = ip: lib.strings.toInt (builtins.substring 9 3 ip);
|
||||
|
||||
sort_records_server = builtins.sort (a: b: a.record < b.record) filter_records_server;
|
||||
sort_records_a = builtins.sort (a: b: (ip_ptr_to_int a.value) < (ip_ptr_to_int b.value)) filter_records_a;
|
||||
sort_records_cname = builtins.sort (a: b: a.value < b.value) (filter_records_type "CNAME");
|
||||
sort_records_ptr = builtins.sort (a: b: (lib.strings.toInt a.record) < (lib.strings.toInt b.record)) (process_ptr (filter_records_type "PTR"));
|
||||
|
||||
format_records = records: offset: lib.strings.concatMapStrings (x: "${padString x.record offset} IN ${padString x.r_type 5} ${x.value}\n") records;
|
||||
|
||||
# small function to trim it down a tad
|
||||
padString = text: length: fixedWidthString_post length " " text;
|
||||
|
||||
# like lib.strings.fixedWidthString but postfix
|
||||
fixedWidthString_post = width: filler: str:
|
||||
let
|
||||
strw = lib.stringLength str;
|
||||
reqWidth = width - (lib.stringLength filler);
|
||||
in
|
||||
assert lib.assertMsg (strw <= width) "fixedWidthString_post: requested string length (${toString width}) must not be shorter than actual length (${toString strw})";
|
||||
if strw == width
|
||||
then str
|
||||
else (fixedWidthString_post reqWidth filler str) + filler;
|
||||
|
||||
|
||||
|
||||
# base config for domains we own (skynet.ie, csn.ul.ie, ulcompsoc.ie)
|
||||
get_config_file = (domain:
|
||||
''$TTL 60 ; 1 minute
|
||||
|
@ -29,20 +61,24 @@ let
|
|||
|
||||
|
||||
; ------------------------------------------
|
||||
; Server Names
|
||||
; Server Names (A Records)
|
||||
; ------------------------------------------
|
||||
${lib.strings.concatMapStrings (x: x + "\n") records.external}
|
||||
${format_records sort_records_server 11}
|
||||
|
||||
|
||||
; internal addresses
|
||||
; ------------------------------------------
|
||||
; May come back to this idea in teh future
|
||||
; agentjones.int A 172.20.20.1
|
||||
|
||||
|
||||
; cname's
|
||||
; A (non server names
|
||||
; ------------------------------------------
|
||||
${lib.strings.concatMapStrings (x: x + "\n") records.cname}
|
||||
${format_records sort_records_a 18}
|
||||
|
||||
; ------------------------------------------
|
||||
; CNAMES
|
||||
; ------------------------------------------
|
||||
${format_records sort_records_cname 31}
|
||||
|
||||
; ------------------------------------------
|
||||
; TXT
|
||||
; ------------------------------------------
|
||||
${format_records (filter_records_type "TXT") 29}
|
||||
|
||||
''
|
||||
);
|
||||
|
@ -66,7 +102,10 @@ $TTL 60 ; 1 minute
|
|||
@ NS ns1.skynet.ie.
|
||||
@ NS ns2.skynet.ie.
|
||||
|
||||
${lib.strings.concatMapStrings (x: x + "\n") records.reverse}
|
||||
; ------------------------------------------
|
||||
; PTR
|
||||
; ------------------------------------------
|
||||
${format_records sort_records_ptr 3}
|
||||
''
|
||||
);
|
||||
|
||||
|
@ -185,9 +224,7 @@ inline-signing yes;
|
|||
old = "";
|
||||
};
|
||||
|
||||
records = {
|
||||
# using the same logic as the firewall, comments there
|
||||
external = builtins.concatLists (
|
||||
records = builtins.concatLists (
|
||||
lib.attrsets.mapAttrsToList (key: value:
|
||||
let
|
||||
details_server = value.config.skynet_dns.server;
|
||||
|
@ -195,41 +232,19 @@ inline-signing yes;
|
|||
in
|
||||
if builtins.hasAttr "skynet_dns" value.config
|
||||
then (
|
||||
# got to handle habing a dns record for the dns serves themselves.
|
||||
if details_server.enable
|
||||
then (
|
||||
if details_server.primary
|
||||
then details_records.external ++ ["ns1 A ${details_server.ip}"]
|
||||
else details_records.external ++ ["ns2 A ${details_server.ip}"]
|
||||
then details_records ++ [ {record="ns1"; r_type="A"; value=details_server.ip; server=false;} ]
|
||||
else details_records ++ [ {record="ns2"; r_type="A"; value=details_server.ip; server=false;} ]
|
||||
)
|
||||
else details_records.external
|
||||
else details_records
|
||||
)
|
||||
else []
|
||||
) nodes
|
||||
);
|
||||
|
||||
cname = builtins.concatLists (
|
||||
lib.attrsets.mapAttrsToList (key: value:
|
||||
let
|
||||
details_records = value.config.skynet_dns.records;
|
||||
in
|
||||
if builtins.hasAttr "skynet_dns" value.config
|
||||
then details_records.cname
|
||||
else []
|
||||
) nodes
|
||||
);
|
||||
|
||||
reverse = builtins.concatLists (
|
||||
lib.attrsets.mapAttrsToList (key: value:
|
||||
let
|
||||
details_records = value.config.skynet_dns.records;
|
||||
in
|
||||
if builtins.hasAttr "skynet_dns" value.config
|
||||
then details_records.reverse
|
||||
else []
|
||||
) nodes
|
||||
);
|
||||
};
|
||||
|
||||
nameserver = if cfg.server.primary then "ns1" else "ns2";
|
||||
|
||||
in {
|
||||
|
@ -260,30 +275,26 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
records = {
|
||||
external = lib.mkOption {
|
||||
default = [ ];
|
||||
type = lib.types.listOf lib.types.str;
|
||||
description = ''
|
||||
External records like: agentjones A 193.1.99.72
|
||||
'';
|
||||
records = lib.mkOption {
|
||||
description = "Records, sorted based on therir type";
|
||||
type = with lib.types; listOf (submodule {
|
||||
options = {
|
||||
record = lib.mkOption {
|
||||
type = str;
|
||||
};
|
||||
|
||||
cname = lib.mkOption {
|
||||
default = [ ];
|
||||
type = lib.types.listOf lib.types.str;
|
||||
description = ''
|
||||
External records like: ns1 CNAME ns1
|
||||
'';
|
||||
r_type = lib.mkOption {
|
||||
type = enum ["A" "CNAME" "TXT" "PTR"];
|
||||
};
|
||||
|
||||
reverse = lib.mkOption {
|
||||
default = [ ];
|
||||
type = lib.types.listOf lib.types.str;
|
||||
description = ''
|
||||
External records like: 20 IN PTR vigil
|
||||
'';
|
||||
value = lib.mkOption {
|
||||
type = str;
|
||||
};
|
||||
server = lib.mkOption {
|
||||
description = "Core record for a server";
|
||||
type = bool;
|
||||
default = false;
|
||||
};
|
||||
};
|
||||
});
|
||||
};
|
||||
|
||||
};
|
||||
|
|
|
@ -95,22 +95,19 @@
|
|||
age.secrets.ldap_pw.file = ../secrets/ldap/pw.age;
|
||||
|
||||
# set up dns record for it
|
||||
skynet_dns.records.external = [
|
||||
skynet_dns.records = [
|
||||
# basic one
|
||||
"mail A ${cfg.host.ip}"
|
||||
{record="mail"; r_type="A"; value=cfg.host.ip;}
|
||||
|
||||
# TXT records, all tehse are inside escaped strings to allow using ""
|
||||
# SPF record
|
||||
''${cfg.domain}. IN TXT "v=spf1 a:${cfg.sub}.${cfg.domain} -all"''
|
||||
|
||||
{record="${cfg.domain}."; r_type="TXT"; value=''"v=spf1 a:${cfg.sub}.${cfg.domain} -all"'';}
|
||||
# DKIM
|
||||
''mail._domainkey.${cfg.domain}. IN TXT "v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDl8ptSASx37t5sfmU2d2Y6yi9AVrsNFBZDmJ2uaLa4NuvAjxGQCw4wx+1Jui/HOuKYLpntLsjN851wgPR+3i51g4OblqBDvcHn9NYgWRZfHj9AASANQjdsaAbkXuyKuO46hZqeWlpESAcD6a4Evam4fkm+kiZC0+rccb4cWgsuLwIDAQAB"''
|
||||
|
||||
{record="mail._domainkey.${cfg.domain}."; r_type="TXT"; value=''"v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDl8ptSASx37t5sfmU2d2Y6yi9AVrsNFBZDmJ2uaLa4NuvAjxGQCw4wx+1Jui/HOuKYLpntLsjN851wgPR+3i51g4OblqBDvcHn9NYgWRZfHj9AASANQjdsaAbkXuyKuO46hZqeWlpESAcD6a4Evam4fkm+kiZC0+rccb4cWgsuLwIDAQAB"'';}
|
||||
# DMARC
|
||||
''_dmarc.${cfg.domain}. IN TXT "v=DMARC1; p=none"''
|
||||
];
|
||||
{record="_dmarc.${cfg.domain}."; r_type="TXT"; value=''"v=DMARC1; p=none"'';}
|
||||
|
||||
skynet_dns.records.reverse = [
|
||||
"${builtins.substring 9 3 cfg.host.ip} IN PTR ${cfg.sub}.${cfg.domain}."
|
||||
{record=cfg.host.ip; r_type="PTR"; value="${cfg.sub}.${cfg.domain}.";}
|
||||
];
|
||||
|
||||
mailserver = {
|
||||
|
|
|
@ -44,12 +44,10 @@
|
|||
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
skynet_dns.records = {
|
||||
cname = [
|
||||
skynet_dns.records = [
|
||||
# need a base domain
|
||||
"${cfg.domain.sub} CNAME ${cfg.host.name}"
|
||||
{record=cfg.domain.sub; r_type="CNAME"; value=cfg.host.name;}
|
||||
];
|
||||
};
|
||||
|
||||
# the minecraft servers
|
||||
services.skynet_games_minecraft = {
|
||||
|
|
|
@ -52,22 +52,18 @@
|
|||
"ip daddr ${cfg.host.ip} tcp dport 25565 counter packets 0 bytes 0 accept"
|
||||
];
|
||||
|
||||
skynet_dns.records = {
|
||||
external = [];
|
||||
cname = [
|
||||
"config.${cfg.domain.sub} CNAME ${cfg.host.name}"
|
||||
skynet_dns.records = [
|
||||
# the minecraft (web) config server
|
||||
{record="config.${cfg.domain.sub}"; r_type="CNAME"; value=cfg.host.name;}
|
||||
|
||||
# create a sub-subdomain for each game
|
||||
# compsoc_classic.minecraft.games.skynet.ie
|
||||
"compsoc_classic.${cfg.domain.sub} CNAME ${cfg.host.name}"
|
||||
"compsoc.${cfg.domain.sub} CNAME ${cfg.host.name}"
|
||||
|
||||
# gsoc.minecraft.games.skynet.ie
|
||||
"gsoc.${cfg.domain.sub} CNAME ${cfg.host.name}"
|
||||
"gsoc_abridged.${cfg.domain.sub} CNAME ${cfg.host.name}"
|
||||
# our own minecraft hosts
|
||||
{record="compsoc_classic.${cfg.domain.sub}"; r_type="CNAME"; value=cfg.host.name;}
|
||||
{record="compsoc.${cfg.domain.sub}"; r_type="CNAME"; value=cfg.host.name;}
|
||||
|
||||
# gsoc servers
|
||||
{record="gsoc.${cfg.domain.sub}"; r_type="CNAME"; value=cfg.host.name;}
|
||||
{record="gsoc_abridged.${cfg.domain.sub}"; r_type="CNAME"; value=cfg.host.name;}
|
||||
];
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
# for the proxy
|
||||
|
|
|
@ -94,13 +94,10 @@
|
|||
};
|
||||
|
||||
# using https://nixos.org/manual/nixos/stable/index.html#module-services-gitlab as a guide
|
||||
skynet_dns.records.cname = [
|
||||
"${cfg.domain.sub} CNAME ${cfg.host.name}"
|
||||
];
|
||||
|
||||
skynet_dns.records.external = [
|
||||
skynet_dns.records = [
|
||||
{record=cfg.domain.sub; r_type="CNAME"; value=cfg.host.name;}
|
||||
# for gitlab pages
|
||||
"*.pages.${cfg.domain.base}.${cfg.domain.tld}. 1800 IN A ${cfg.host.ip}"
|
||||
{record="*.pages.${cfg.domain.base}.${cfg.domain.tld}."; r_type="A"; value=cfg.host.ip;}
|
||||
];
|
||||
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
|
|
|
@ -77,8 +77,8 @@ Gonna use a priper nixos module for this
|
|||
group = "openldap";
|
||||
};
|
||||
|
||||
skynet_dns.records.cname = [
|
||||
"${cfg.domain.sub} CNAME ${cfg.host.name}"
|
||||
skynet_dns.records = [
|
||||
{record=cfg.domain.sub; r_type="CNAME"; value=cfg.host.name;}
|
||||
];
|
||||
|
||||
# firewall on teh computer itself
|
||||
|
|
|
@ -48,8 +48,8 @@
|
|||
|
||||
age.secrets.ldap_self_service.file = ../../secrets/ldap/self_service.age;
|
||||
|
||||
skynet_dns.records.cname = [
|
||||
"${cfg.domain.sub} CNAME ${cfg.host.name}"
|
||||
skynet_dns.records = [
|
||||
{record=cfg.domain.sub; r_type="CNAME"; value=cfg.host.name;}
|
||||
];
|
||||
|
||||
services.nginx.virtualHosts."${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" = {
|
||||
|
|
|
@ -50,8 +50,8 @@
|
|||
8000
|
||||
];
|
||||
|
||||
skynet_dns.records.cname = [
|
||||
"${cfg.domain.sub} CNAME ${cfg.host.name}"
|
||||
skynet_dns.records = [
|
||||
{record=cfg.domain.sub; r_type="CNAME"; value=cfg.host.name;}
|
||||
];
|
||||
|
||||
skynet_firewall.forward = [
|
||||
|
|
|
@ -31,15 +31,10 @@ in {
|
|||
tags = [ "active" ];
|
||||
};
|
||||
|
||||
skynet_dns.records = {
|
||||
external = [
|
||||
"${name} A ${ip_pub}"
|
||||
skynet_dns.records = [
|
||||
{record=name; r_type="A"; value=ip_pub; server=true;}
|
||||
{record=ip_pub; r_type="PTR"; value=hostname;}
|
||||
];
|
||||
cname = [];
|
||||
reverse = [
|
||||
"${builtins.substring 9 3 ip_pub} IN PTR ${hostname}."
|
||||
];
|
||||
};
|
||||
|
||||
services.skynet_backup = {
|
||||
host = {
|
||||
|
|
|
@ -30,14 +30,10 @@ in {
|
|||
tags = [ "active" ];
|
||||
};
|
||||
|
||||
skynet_dns.records = {
|
||||
external = [
|
||||
"${name} A ${ip_pub}"
|
||||
skynet_dns.records = [
|
||||
{record=name; r_type="A"; value=ip_pub; server=true;}
|
||||
{record=ip_pub; r_type="PTR"; value=hostname;}
|
||||
];
|
||||
reverse = [
|
||||
"${builtins.substring 9 3 ip_pub} IN PTR ${hostname}."
|
||||
];
|
||||
};
|
||||
|
||||
services.skynet_backup = {
|
||||
host = {
|
||||
|
|
|
@ -33,14 +33,10 @@ in {
|
|||
};
|
||||
|
||||
# add this server to dns
|
||||
skynet_dns.records = {
|
||||
external = [
|
||||
"${name} A ${ip_pub}"
|
||||
skynet_dns.records = [
|
||||
{record=name; r_type="A"; value=ip_pub; server=true;}
|
||||
{record=ip_pub; r_type="PTR"; value=hostname;}
|
||||
];
|
||||
reverse = [
|
||||
"${builtins.substring 9 3 ip_pub} IN PTR ${hostname}."
|
||||
];
|
||||
};
|
||||
|
||||
services.skynet_backup = {
|
||||
host = {
|
||||
|
|
|
@ -33,14 +33,10 @@ in {
|
|||
};
|
||||
|
||||
|
||||
skynet_dns.records = {
|
||||
external = [
|
||||
"${name} A ${ip_pub}"
|
||||
skynet_dns.records = [
|
||||
{record=name; r_type="A"; value=ip_pub; server=true;}
|
||||
{record=ip_pub; r_type="PTR"; value=hostname;}
|
||||
];
|
||||
reverse = [
|
||||
"${builtins.substring 9 3 ip_pub} IN PTR ${hostname}."
|
||||
];
|
||||
};
|
||||
|
||||
services.skynet_backup = {
|
||||
host = {
|
||||
|
|
|
@ -33,14 +33,10 @@ in {
|
|||
};
|
||||
|
||||
# add this server to dns
|
||||
skynet_dns.records = {
|
||||
external = [
|
||||
"${name} A ${ip_pub}"
|
||||
skynet_dns.records = [
|
||||
{record=name; r_type="A"; value=ip_pub; server=true;}
|
||||
{record=ip_pub; r_type="PTR"; value=hostname;}
|
||||
];
|
||||
reverse = [
|
||||
"${builtins.substring 9 3 ip_pub} IN PTR ${hostname}."
|
||||
];
|
||||
};
|
||||
|
||||
services.skynet_backup = {
|
||||
host = {
|
||||
|
|
|
@ -43,15 +43,10 @@ in {
|
|||
tags = [ "active" ];
|
||||
};
|
||||
|
||||
|
||||
skynet_dns.records = {
|
||||
external = [
|
||||
"${name} A ${ip_pub}"
|
||||
skynet_dns.records = [
|
||||
{record=name; r_type="A"; value=ip_pub; server=true;}
|
||||
{record=ip_pub; r_type="PTR"; value=hostname;}
|
||||
];
|
||||
reverse = [
|
||||
"${builtins.substring 9 3 ip_pub} IN PTR ${hostname}."
|
||||
];
|
||||
};
|
||||
|
||||
services.skynet_backup = {
|
||||
server.enable = true;
|
||||
|
|
|
@ -31,14 +31,10 @@ in {
|
|||
tags = [ "active" ];
|
||||
};
|
||||
|
||||
skynet_dns.records = {
|
||||
external = [
|
||||
"${name} A ${ip_pub}"
|
||||
skynet_dns.records = [
|
||||
{record=name; r_type="A"; value=ip_pub; server=true;}
|
||||
{record=ip_pub; r_type="PTR"; value=hostname;}
|
||||
];
|
||||
reverse = [
|
||||
"${builtins.substring 9 3 ip_pub} IN PTR ${hostname}."
|
||||
];
|
||||
};
|
||||
|
||||
services.skynet_backup = {
|
||||
host = {
|
||||
|
|
|
@ -60,14 +60,12 @@ in {
|
|||
ip = ip_pub;
|
||||
};
|
||||
|
||||
records = {
|
||||
external = [
|
||||
"${name} A ${ip_pub}"
|
||||
records = [
|
||||
# vendetta IN A 193.1.99.120
|
||||
{record=name; r_type="A"; value=ip_pub; server=true;}
|
||||
# 120 IN PTR vendetta.skynet.ie.
|
||||
{record=ip_pub; r_type="PTR"; value=hostname;}
|
||||
];
|
||||
reverse = [
|
||||
"${builtins.substring 9 3 ip_pub} IN PTR ${hostname}."
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -45,14 +45,12 @@ in {
|
|||
};
|
||||
|
||||
# this server will have to have dns records
|
||||
records = {
|
||||
external = [
|
||||
"${name} A ${ip_pub}"
|
||||
records = [
|
||||
# vigil IN A 193.1.99.109
|
||||
{record=name; r_type="A"; value=ip_pub; server=true;}
|
||||
# 109 IN PTR vigil.skynet.ie.
|
||||
{record=ip_pub; r_type="PTR"; value=hostname;}
|
||||
];
|
||||
reverse = [
|
||||
"${builtins.substring 9 3 ip_pub} IN PTR ${hostname}."
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -32,14 +32,10 @@ in {
|
|||
};
|
||||
|
||||
|
||||
skynet_dns.records = {
|
||||
external = [
|
||||
"${name} A ${ip_pub}"
|
||||
skynet_dns.records = [
|
||||
{record=name; r_type="A"; value=ip_pub; server=true;}
|
||||
{record=ip_pub; r_type="PTR"; value=hostname;}
|
||||
];
|
||||
reverse = [
|
||||
"${builtins.substring 9 3 ip_pub} IN PTR ${hostname}."
|
||||
];
|
||||
};
|
||||
|
||||
services.skynet_backup = {
|
||||
host = {
|
||||
|
|
Loading…
Reference in a new issue