From d6835980601e01b080f2ab402c0c0c20816bd1b3 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sat, 15 Jul 2023 15:54:42 +0100 Subject: [PATCH] dns: abstracted away much of the dns logic into teh dns config file --- applications/dns.nix | 140 ++++++++++++++++++++++-------------------- flake.nix | 2 +- machines/vendetta.nix | 71 ++++----------------- machines/vigil.nix | 59 +++--------------- 4 files changed, 94 insertions(+), 178 deletions(-) diff --git a/applications/dns.nix b/applications/dns.nix index 96fe4b5..78ec36f 100644 --- a/applications/dns.nix +++ b/applications/dns.nix @@ -1,4 +1,4 @@ -{ lib, pkgs, config, ... }: +{ lib, pkgs, config, nodes, ... }: let cfg = config.skynet_dns; @@ -9,7 +9,7 @@ let get_config_file = (domain: ''$TTL 60 ; 1 minute ; hostmaster@${domain} is an email address that recieves stuff related to dns -@ IN SOA ${cfg.own.nameserver}.${domain}. hostmaster.${domain}. ( +@ IN SOA ${nameserver}.${domain}. hostmaster.${domain}. ( ; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated ${current_date} 600 ; Refresh (10 minutes) @@ -31,14 +31,7 @@ let ; ------------------------------------------ ; Server Names ; ------------------------------------------ - -; External addresses -; ------------------------------------------ -${lib.strings.concatMapStrings (x: x + "\n") cfg.records.external} - - -; this is fixed for now -wintermute A 193.1.101.148 +${lib.strings.concatMapStrings (x: x + "\n") records.external} ; internal addresses @@ -49,7 +42,7 @@ wintermute A 193.1.101.148 ; cname's ; ------------------------------------------ -${lib.strings.concatMapStrings (x: x + "\n") cfg.records.cname} +${lib.strings.concatMapStrings (x: x + "\n") records.cname} '' ); @@ -61,7 +54,7 @@ ${lib.strings.concatMapStrings (x: x + "\n") cfg.records.cname} ''$ORIGIN 99.1.193.in-addr.arpa. $TTL 60 ; 1 minute ; hostmaster@skynet.ie is an email address that recieves stuff related to dns -@ IN SOA ${cfg.own.nameserver}.skynet.ie. hostmaster.skynet.ie. ( +@ IN SOA ${nameserver}.skynet.ie. hostmaster.skynet.ie. ( ; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated ${current_date} 600 ; Refresh (10 minutes) @@ -73,7 +66,7 @@ $TTL 60 ; 1 minute @ NS ns1.skynet.ie. @ NS ns2.skynet.ie. -${lib.strings.concatMapStrings (x: x + "\n") cfg.records.reverse} +${lib.strings.concatMapStrings (x: x + "\n") records.reverse} '' ); @@ -81,7 +74,7 @@ ${lib.strings.concatMapStrings (x: x + "\n") cfg.records.reverse} get_config_file_old_domains = (domain: ''$TTL 60 ; 1 minute ; hostmaster@skynet.ie is an email address that recieves stuff related to dns -@ IN SOA ${cfg.own.nameserver}.skynet.ie. hostmaster.skynet.ie. ( +@ IN SOA ${nameserver}.skynet.ie. hostmaster.skynet.ie. ( ; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated ${current_date} 600 ; Refresh (10 minutes) @@ -100,18 +93,18 @@ ${lib.strings.concatMapStrings (x: x + "\n") cfg.records.reverse} tmp1 = ["193.1.99.109"]; tmp2 = ["193.1.99.120"]; - primaries = (if cfg.primary then + primaries = (if cfg.server.primary then # primary servers have no primaries (ones they listen to) [] else - if builtins.elem cfg.own.ip tmp1 then + if builtins.elem cfg.server.ip tmp1 then tmp2 else tmp1 ); - secondaries = (if cfg.primary then - if builtins.elem cfg.own.ip tmp1 then + secondaries = (if cfg.server.primary then + if builtins.elem cfg.server.ip tmp1 then tmp2 else tmp1 @@ -158,7 +151,7 @@ ${extraConfig} // ${current_date} ''; # really wish teh nixos config didnt use master/slave - master = cfg.primary; + master = cfg.server.primary; masters = primaries; slaves = secondaries; # need to write this to a file @@ -176,7 +169,7 @@ ${extraConfig} extraConfig = { owned = - if cfg.primary then + if cfg.server.primary then '' allow-update { key rfc2136key.skynet.ie.; }; @@ -192,6 +185,53 @@ inline-signing yes; old = ""; }; + records = { + # using the same logic as the firewall, comments there + external = builtins.concatLists ( + lib.attrsets.mapAttrsToList (key: value: + let + details_server = value.config.skynet_dns.server; + details_records = value.config.skynet_dns.records; + in + if builtins.hasAttr "skynet_dns" value.config + then ( + if details_server.enable + then ( + if details_server.primary + then details_records.external ++ ["ns1 A ${details_server.ip}"] + else details_records.external ++ ["ns2 A ${details_server.ip}"] + ) + else details_records.external + ) + else [] + ) nodes + ); + + cname = builtins.concatLists ( + lib.attrsets.mapAttrsToList (key: value: + let + details_records = value.config.skynet_dns.records; + in + if builtins.hasAttr "skynet_dns" value.config + then details_records.cname + else [] + ) nodes + ); + + reverse = builtins.concatLists ( + lib.attrsets.mapAttrsToList (key: value: + let + details_records = value.config.skynet_dns.records; + in + if builtins.hasAttr "skynet_dns" value.config + then details_records.reverse + else [] + ) nodes + ); + }; + + nameserver = if cfg.server.primary then "ns1" else "ns2"; + in { imports = [ @@ -200,60 +240,26 @@ in { options = { skynet_dns = { - enable = lib.mkEnableOption { - default = false; - example = true; - description = "Skynet DNS"; - type = lib.types.bool; - }; + server = { + enable = lib.mkEnableOption { + default = false; + description = "Skynet DNS server"; + type = lib.types.bool; + }; - primary = lib.mkOption { - type = lib.types.bool; - default = false; - }; + primary = lib.mkOption { + type = lib.types.bool; + default = false; + }; - own = { ip = lib.mkOption { type = lib.types.str; description = '' ip of this server ''; }; - - nameserver = lib.mkOption { - default = "ns1"; - type = lib.types.str; - description = '' - the hostname of this nameserver, eg ns1, ns2 - ''; - }; - - external = lib.mkOption { - default = [ ]; - type = lib.types.listOf lib.types.str; - description = '' - External records like: agentjones A 193.1.99.72 - ''; - }; - - cname = lib.mkOption { - default = [ ]; - type = lib.types.listOf lib.types.str; - description = '' - External records like: ns1 CNAME ns1 - ''; - }; - - reverse = lib.mkOption { - default = [ ]; - type = lib.types.listOf lib.types.str; - description = '' - External records like: 20 IN PTR vigil - ''; - }; }; - records = { external = lib.mkOption { default = [ ]; @@ -283,12 +289,12 @@ in { }; }; - config = lib.mkIf cfg.enable { + config = lib.mkIf cfg.server.enable { # open the firewall for this skynet_firewall.forward = [ - "ip daddr ${cfg.own.ip} tcp dport 53 counter packets 0 bytes 0 accept" - "ip daddr ${cfg.own.ip} udp dport 53 counter packets 0 bytes 0 accept" + "ip daddr ${cfg.server.ip} tcp dport 53 counter packets 0 bytes 0 accept" + "ip daddr ${cfg.server.ip} udp dport 53 counter packets 0 bytes 0 accept" ]; services.bind.zones = diff --git a/flake.nix b/flake.nix index a8279cb..2881cb3 100644 --- a/flake.nix +++ b/flake.nix @@ -59,7 +59,7 @@ # ns1 vendetta = import ./machines/vendetta.nix; - # ns1 + # ns2 vigil = import ./machines/vigil.nix; # icecast - ULFM diff --git a/machines/vendetta.nix b/machines/vendetta.nix index 8a5080e..5e85232 100644 --- a/machines/vendetta.nix +++ b/machines/vendetta.nix @@ -17,9 +17,6 @@ let ip_pub = "193.1.99.120"; ip_priv = "172.20.20.3"; hostname = "${name}.skynet.ie"; - - # sets which nameserver it is - ns = "ns1"; in { imports = [ ./hardware/_base.nix @@ -56,64 +53,20 @@ in { }; skynet_dns = { - enable = true; - - # primary dns server - primary = true; - - # this server will have to have dns records - own = { - nameserver = ns; - ip = ip_pub; - external = [ - "${name} A ${ip_pub}" - "${ns} A ${ip_pub}" - ]; - cname = [ - #"misc CNAME vendetta" - ]; - reverse = [ - "${builtins.substring 9 3 ip_pub} IN PTR ${hostname}." - ]; - }; + server = { + enable = true; + # primary dns server (ns1) + primary = true; + ip = ip_pub; + }; records = { - # using the same logic as the firewall, comments there - external = builtins.concatLists ( - lib.attrsets.mapAttrsToList (key: value: - if builtins.hasAttr "skynet_dns" value.config - then ( - if value.config.skynet_dns.enable - then value.config.skynet_dns.own.external - else value.config.skynet_dns.records.external - ) - else [] - ) nodes - ); - - cname = builtins.concatLists ( - lib.attrsets.mapAttrsToList (key: value: - if builtins.hasAttr "skynet_dns" value.config - then ( - if value.config.skynet_dns.enable - then value.config.skynet_dns.own.cname - else value.config.skynet_dns.records.cname - ) - else [] - ) nodes - ); - - reverse = builtins.concatLists ( - lib.attrsets.mapAttrsToList (key: value: - if builtins.hasAttr "skynet_dns" value.config - then ( - if value.config.skynet_dns.enable - then value.config.skynet_dns.own.reverse - else value.config.skynet_dns.records.reverse - ) - else [] - ) nodes - ); + external = [ + "${name} A ${ip_pub}" + ]; + reverse = [ + "${builtins.substring 9 3 ip_pub} IN PTR ${hostname}." + ]; }; }; diff --git a/machines/vigil.nix b/machines/vigil.nix index 2ac1551..7b853bb 100644 --- a/machines/vigil.nix +++ b/machines/vigil.nix @@ -16,9 +16,6 @@ let ip_pub = "193.1.99.109"; ip_priv = "172.20.20.4"; hostname = "${name}.skynet.ie"; - - # sets which nameserver it is - ns = "ns2"; in { imports = [ @@ -40,62 +37,22 @@ in { }; skynet_dns = { - enable = true; + server = { + enable = true; + # secondary dns server (ns2) + primary = false; + ip = ip_pub; + }; # this server will have to have dns records - own = { - nameserver = ns; - ip = ip_pub; + records = { external = [ - "${name} A ${ip_pub}" - "${ns} A ${ip_pub}" - ]; - cname = [ - #"misc CNAME vendetta" + "${name} A ${ip_pub}" ]; reverse = [ "${builtins.substring 9 3 ip_pub} IN PTR ${hostname}." ]; }; - - records = { - # using the same logic as the firewall, comments there - external = builtins.concatLists ( - lib.attrsets.mapAttrsToList (key: value: - if builtins.hasAttr "skynet_dns" value.config - then ( - if value.config.skynet_dns.enable - then value.config.skynet_dns.own.external - else value.config.skynet_dns.records.external - ) - else [] - ) nodes - ); - - cname = builtins.concatLists ( - lib.attrsets.mapAttrsToList (key: value: - if builtins.hasAttr "skynet_dns" value.config - then ( - if value.config.skynet_dns.enable - then value.config.skynet_dns.own.cname - else value.config.skynet_dns.records.cname - ) - else [] - ) nodes - ); - - reverse = builtins.concatLists ( - lib.attrsets.mapAttrsToList (key: value: - if builtins.hasAttr "skynet_dns" value.config - then ( - if value.config.skynet_dns.enable - then value.config.skynet_dns.own.reverse - else value.config.skynet_dns.records.reverse - ) - else [] - ) nodes - ); - }; }; }