dns: function to handle opn domains
This commit is contained in:
parent
e47f2c85f2
commit
c6b766bd65
1 changed files with 60 additions and 78 deletions
|
|
@ -125,6 +125,57 @@ let
|
||||||
# small function to tidy up the spam of the cache networks, would use teh subnet except all external traffic has the ip of teh router
|
# small function to tidy up the spam of the cache networks, would use teh subnet except all external traffic has the ip of teh router
|
||||||
create_cache_networks = (map (x: "193.1.99.${toString x}/32" ) (lib.lists.range 71 126) );
|
create_cache_networks = (map (x: "193.1.99.${toString x}/32" ) (lib.lists.range 71 126) );
|
||||||
|
|
||||||
|
# standard function to create the etc file, pass in the text and domain and it makes it
|
||||||
|
create_entry_etc = domain: text: {
|
||||||
|
# Creates /etc/skynet/dns/domain
|
||||||
|
|
||||||
|
"skynet/dns/${domain}" = {
|
||||||
|
user = "named";
|
||||||
|
group = "named";
|
||||||
|
|
||||||
|
# The UNIX file mode bits
|
||||||
|
mode = "0644";
|
||||||
|
|
||||||
|
text = text;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
create_entry_zone = (domain: extraConfig: {
|
||||||
|
"${domain}" = {
|
||||||
|
extraConfig = ''
|
||||||
|
${extraConfig}
|
||||||
|
// for bumping the config
|
||||||
|
// ${current_date}
|
||||||
|
'';
|
||||||
|
# really wish teh nixos config didnt use master/slave
|
||||||
|
master = cfg.primary;
|
||||||
|
masters = primaries;
|
||||||
|
slaves = secondaries;
|
||||||
|
# need to write this to a file
|
||||||
|
# using the date in it so it will trigger a restart
|
||||||
|
file = "/etc/skynet/dns/${domain}";
|
||||||
|
# no leading whitespace for first line
|
||||||
|
};
|
||||||
|
});
|
||||||
|
|
||||||
|
text = {
|
||||||
|
owned = domain: get_config_file domain;
|
||||||
|
};
|
||||||
|
|
||||||
|
extraConfig = {
|
||||||
|
owned =
|
||||||
|
if cfg.primary then
|
||||||
|
''
|
||||||
|
allow-update { key rfc2136key.skynet.ie.; };
|
||||||
|
|
||||||
|
dnssec-policy default;
|
||||||
|
inline-signing yes;
|
||||||
|
''
|
||||||
|
else
|
||||||
|
"";
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
in {
|
in {
|
||||||
options = {
|
options = {
|
||||||
skynet_dns = {
|
skynet_dns = {
|
||||||
|
|
@ -266,63 +317,12 @@ in {
|
||||||
*/
|
*/
|
||||||
] ++ create_cache_networks;
|
] ++ create_cache_networks;
|
||||||
|
|
||||||
zones = {
|
zones =
|
||||||
/*
|
|
||||||
put any other zones above skynet and link to their files like so:
|
|
||||||
|
|
||||||
example.ie = {
|
(create_entry_zone "csn.ul.ie" extraConfig.owned )//
|
||||||
extraConfig = "";
|
(create_entry_zone "skynet.ie" extraConfig.owned )//
|
||||||
file = ./dns/example;
|
|
||||||
master = true;
|
|
||||||
masters = [];
|
|
||||||
slaves = [ ];
|
|
||||||
};
|
|
||||||
|
|
||||||
Skynet is handled a bit more dynamically since it is the key one we should focus on
|
|
||||||
*/
|
|
||||||
|
|
||||||
"skynet.ie" = {
|
|
||||||
extraConfig = if cfg.primary then ''
|
|
||||||
allow-update { key rfc2136key.skynet.ie.; };
|
|
||||||
|
|
||||||
dnssec-policy default;
|
|
||||||
inline-signing yes;
|
|
||||||
|
|
||||||
// for bumping the config
|
|
||||||
// ${current_date}
|
|
||||||
'' else "";
|
|
||||||
# really wish teh nixos config didnt use master/slave
|
|
||||||
master = cfg.primary;
|
|
||||||
masters = primaries;
|
|
||||||
slaves = secondaries;
|
|
||||||
# need to write this to a file
|
|
||||||
# using the date in it so it will trigger a restart
|
|
||||||
file = "/etc/dns_custom/dns_zone_skynet.ie";
|
|
||||||
# no leading whitespace for first line
|
|
||||||
|
|
||||||
};
|
|
||||||
|
|
||||||
"csn.ul.ie" = {
|
|
||||||
extraConfig = if cfg.primary then ''
|
|
||||||
allow-update { key rfc2136key.skynet.ie.; };
|
|
||||||
|
|
||||||
dnssec-policy default;
|
|
||||||
inline-signing yes;
|
|
||||||
|
|
||||||
// for bumping the config
|
|
||||||
// ${current_date}
|
|
||||||
'' else "";
|
|
||||||
# really wish teh nixos config didnt use master/slave
|
|
||||||
master = cfg.primary;
|
|
||||||
masters = primaries;
|
|
||||||
slaves = secondaries;
|
|
||||||
# need to write this to a file
|
|
||||||
# using the date in it so it will trigger a restart
|
|
||||||
file = "/etc/dns_custom/dns_zone_csn.ul.ie";
|
|
||||||
# no leading whitespace for first line
|
|
||||||
|
|
||||||
};
|
|
||||||
|
|
||||||
|
{
|
||||||
"99.1.193.in-addr.arpa"= {
|
"99.1.193.in-addr.arpa"= {
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
//allow-update { key rfc2136key.skynet.ie.; };
|
//allow-update { key rfc2136key.skynet.ie.; };
|
||||||
|
|
@ -385,39 +385,21 @@ in {
|
||||||
# no leading whitespace for first line
|
# no leading whitespace for first line
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# creates a folder in /etc for the dns to use
|
# creates a folder in /etc for the dns to use
|
||||||
users.users.named = {
|
users.users.named = {
|
||||||
createHome = true;
|
createHome = true;
|
||||||
home = "/etc/dns_custom";
|
home = "/etc/skynet/dns";
|
||||||
};
|
};
|
||||||
|
|
||||||
environment.etc = {
|
environment.etc =
|
||||||
# Creates /etc/dns_custom/dns_zone_skynet
|
|
||||||
|
|
||||||
"dns_custom/dns_zone_skynet.ie" = {
|
(create_entry_etc "csn.ul.ie" (text.owned "csn.ul.ie")) //
|
||||||
user = "named";
|
(create_entry_etc "skynet.ie" (text.owned "skynet.ie")) //
|
||||||
group = "named";
|
|
||||||
|
|
||||||
# The UNIX file mode bits
|
|
||||||
mode = "0644";
|
|
||||||
|
|
||||||
text = get_config_file "skynet.ie";
|
|
||||||
};
|
|
||||||
|
|
||||||
"dns_custom/dns_zone_csn.ul.ie" = {
|
|
||||||
user = "named";
|
|
||||||
group = "named";
|
|
||||||
|
|
||||||
# The UNIX file mode bits
|
|
||||||
mode = "0644";
|
|
||||||
|
|
||||||
text = get_config_file "csn.ul.ie";
|
|
||||||
};
|
|
||||||
|
|
||||||
|
{
|
||||||
"dns_custom/dns_zone_99.1.193.in-addr.arpa" = {
|
"dns_custom/dns_zone_99.1.193.in-addr.arpa" = {
|
||||||
user = "named";
|
user = "named";
|
||||||
group = "named";
|
group = "named";
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue