From e47f2c85f25f54e658206e16542c45172c989674 Mon Sep 17 00:00:00 2001
From: Brendan Golden <git@brendan.ie>
Date: Sun, 21 May 2023 20:22:54 +0100
Subject: [PATCH] dns: a function to give thw whitelist for the cache networks

---
 applications/dns.nix | 79 +++++---------------------------------------
 1 file changed, 8 insertions(+), 71 deletions(-)

diff --git a/applications/dns.nix b/applications/dns.nix
index fdb7f8c..f6a2ad7 100644
--- a/applications/dns.nix
+++ b/applications/dns.nix
@@ -5,6 +5,7 @@ let
   # reads that date to a string (will need to be fixed in 2038)
   current_date = toString builtins.currentTime;
 
+  # base config for domains we own (skynet.ie, csn.ul.ie, ulcompsoc.ie)
   get_config_file = (domain:
     ''
     $TTL 60  ; 1 minute
@@ -56,6 +57,7 @@ let
 
 
     # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/4/html/reference_guide/s2-bind-configuration-zone-reverse
+    # config for our reverse dnspointers (not properly working)
     get_config_file_rev = (domain:
       ''
       $ORIGIN 99.1.193.in-addr.arpa.
@@ -77,6 +79,7 @@ let
       ''
     );
 
+    # domains we dont have proper ownship over, only here to ensure the logs dont get cluttered.
     get_config_file_old_domains = (domain:
       ''
       $TTL 60  ; 1 minute
@@ -119,6 +122,8 @@ let
       []
   );
 
+  # small function to tidy up the spam of the cache networks, would use teh subnet except all external traffic has the ip of teh router
+  create_cache_networks = (map (x: "193.1.99.${toString x}/32" ) (lib.lists.range 71 126) );
 
 in {
   options = {
@@ -256,78 +261,10 @@ in {
 
         So to fix this we need to allow smaller ranges? - Didnt work
         Fallback is explisitly listing each ip we have
+
+        Now have a function for it
         */
-
-        "193.1.99.71/32"
-        "193.1.99.72/32"
-        "193.1.99.73/32"
-        "193.1.99.71/32"
-        "193.1.99.74/32"
-        "193.1.99.75/32"
-        "193.1.99.76/32"
-        "193.1.99.77/32"
-        "193.1.99.78/32"
-        "193.1.99.79/32"
-
-        "193.1.99.80/32"
-        "193.1.99.81/32"
-        "193.1.99.82/32"
-        "193.1.99.83/32"
-        "193.1.99.81/32"
-        "193.1.99.84/32"
-        "193.1.99.85/32"
-        "193.1.99.86/32"
-        "193.1.99.87/32"
-        "193.1.99.88/32"
-        "193.1.99.89/32"
-
-        "193.1.99.90/32"
-        "193.1.99.91/32"
-        "193.1.99.92/32"
-        "193.1.99.93/32"
-        "193.1.99.91/32"
-        "193.1.99.94/32"
-        "193.1.99.95/32"
-        "193.1.99.96/32"
-        "193.1.99.97/32"
-        "193.1.99.98/32"
-        "193.1.99.99/32"
-
-
-        "193.1.99.100/32"
-        "193.1.99.101/32"
-        "193.1.99.102/32"
-        "193.1.99.103/32"
-        "193.1.99.101/32"
-        "193.1.99.104/32"
-        "193.1.99.105/32"
-        "193.1.99.106/32"
-        "193.1.99.107/32"
-        "193.1.99.108/32"
-        "193.1.99.109/32"
-
-        "193.1.99.110/32"
-        "193.1.99.111/32"
-        "193.1.99.112/32"
-        "193.1.99.113/32"
-        "193.1.99.111/32"
-        "193.1.99.114/32"
-        "193.1.99.115/32"
-        "193.1.99.116/32"
-        "193.1.99.117/32"
-        "193.1.99.118/32"
-        "193.1.99.119/32"
-
-        "193.1.99.120/32"
-        "193.1.99.121/32"
-        "193.1.99.122/32"
-        "193.1.99.123/32"
-        "193.1.99.121/32"
-        "193.1.99.124/32"
-        "193.1.99.125/32"
-        "193.1.99.126/32"
-
-      ];
+     ] ++ create_cache_networks;
 
       zones = {
         /*