Skynet/nixos
7
1
Fork 0
Code Issues 45 Pull requests 1 Projects Releases Packages Wiki Activity Actions

Added comment lines for readability

Browse source
This commit is contained in:
pio 2023-10-23 20:23:39 +00:00
parent 38e0eada72
commit fa3d68d77b
1 changed files with 28 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

49
applications/dns.nix
View file

@ -44,6 +44,7 @@
then str then str
else (fixedWidthString_post reqWidth filler str) + filler; else (fixedWidthString_post reqWidth filler str) + filler;
#------------------------------------------------------------------------------
# base config for domains we own (skynet.ie, csn.ul.ie, ulcompsoc.ie) # base config for domains we own (skynet.ie, csn.ul.ie, ulcompsoc.ie)
get_config_file = ( get_config_file = (
domain: '' domain: ''
@ -102,6 +103,8 @@
'' ''
); );
#------------------------------------------------------------------------------
# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/4/html/reference_guide/s2-bind-configuration-zone-reverse # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/4/html/reference_guide/s2-bind-configuration-zone-reverse
# config for our reverse dnspointers (not properly working) # config for our reverse dnspointers (not properly working)
get_config_file_rev = ( get_config_file_rev = (
@ -148,7 +151,8 @@
'' ''
); );
# arrys of the two nameservers #------------------------------------------------------------------------------
# addresses of the two nameservers
tmp1 = ["193.1.99.109"]; tmp1 = ["193.1.99.109"];
tmp2 = ["193.1.99.120"]; tmp2 = ["193.1.99.120"];
@ -171,6 +175,7 @@
else [] else []
); );
#------------------------------------------------------------------------------
# small function to tidy up the spam of the cache networks, would use the subnet except all external traffic has the ip of the router # small function to tidy up the spam of the cache networks, would use the subnet except all external traffic has the ip of the router
create_cache_networks = map (x: "193.1.99.${toString x}/32") (lib.lists.range 71 126); create_cache_networks = map (x: "193.1.99.${toString x}/32") (lib.lists.range 71 126);
@ -188,7 +193,7 @@
}; };
}; };
# (text.owned "csn.ul.ie") # (text.owned "csn.ul.ie")
#------------------------------------------------------------------------------
# standard function to create the file in /etc/ - pass in the text and domain and the function creates that file # standard function to create the file in /etc/ - pass in the text and domain and the function creates that file
create_entry_etc = domain: type: create_entry_etc = domain: type:
if type == "owned" if type == "owned"
@ -198,7 +203,7 @@
else if type == "old" else if type == "old"
then create_entry_etc_sub domain (text.old domain) then create_entry_etc_sub domain (text.old domain)
else {}; else {};
#------------------------------------------------------------------------------
create_entry_zone = domain: extraConfig: { create_entry_zone = domain: extraConfig: {
"${domain}" = { "${domain}" = {
extraConfig = '' extraConfig = ''
@ -222,7 +227,7 @@
reverse = domain: get_config_file_rev domain; reverse = domain: get_config_file_rev domain;
old = domain: get_config_file_old_domains domain; old = domain: get_config_file_old_domains domain;
}; };
#------------------------------------------------------------------------------
extraConfig = { extraConfig = {
owned = owned =
if cfg.server.primary if cfg.server.primary
@ -239,7 +244,7 @@
old = ""; old = "";
}; };
#------------------------------------------------------------------------------
records = builtins.concatLists ( records = builtins.concatLists (
lib.attrsets.mapAttrsToList ( lib.attrsets.mapAttrsToList (
key: value: let key: value: let
@ -282,6 +287,7 @@
nodes nodes
); );
#------------------------------------------------------------------------------
nameserver = nameserver =
if cfg.server.primary if cfg.server.primary
then "ns1" then "ns1"
@ -338,6 +344,7 @@ in {
}; };
}; };
#------------------------------------------------------------------------------
config = lib.mkIf cfg.server.enable { config = lib.mkIf cfg.server.enable {
# open the firewall for this # open the firewall for this
skynet_firewall.forward = [ skynet_firewall.forward = [
@ -387,17 +394,17 @@ in {
extraOptions = '' extraOptions = ''
dnssec-validation yes; dnssec-validation yes;
''; '';
#------------------------------------------------------------------------------
# set the upstream dns servers # set the upstream dns servers
# overrides the default dns servers # overrides the default dns servers
# Set for HEANet and Quad9 IPv4 servers, x4 total # Set for HEANet and Quad9 IPv4 servers, x4 total
forwarders = [ forwarders = [
#------------------------------------------------------------------------------
#------------------------------------------------------------------------------
# Name: HEANet # Name: HEANet
# DNSSEC: not known # DNSSEC: not known
# Details: ISP for UL, should be a good candidate for primary upstream. If they aren't available, we've no connectivity anyway. # Details: ISP for UL, should be a good candidate for primary upstream. If they aren't available, we've no connectivity anyway.
#------------------------------------------------------------------------------
# IPv4 # IPv4
# Server: ns.heanet.ie HEANet primary # Server: ns.heanet.ie HEANet primary
"193.1.193.194" "193.1.193.194"
@ -405,7 +412,7 @@ in {
"193.1.247.198" "193.1.247.198"
# Server: auth-ns3.heanet.ie HEANet tertiary (Germany location) # Server: auth-ns3.heanet.ie HEANet tertiary (Germany location)
# "5.196.22.225" # "5.196.22.225"
#------------------------------------------------------------------------------
# IPV6 # IPV6
# Server: ns.heanet.ie HEANet IPv4 primary # Server: ns.heanet.ie HEANet IPv4 primary
# "2001:770:18:4::c101:c1c2" # "2001:770:18:4::c101:c1c2"
@ -413,42 +420,42 @@ in {
# "2001:770:1c:4::c101:f7c6" # "2001:770:1c:4::c101:f7c6"
# Server: auth-ns3.heanet.ie HEANet IPv4 tertiary (Germany location) # Server: auth-ns3.heanet.ie HEANet IPv4 tertiary (Germany location)
# "2001:41d0:52:900::871" # "2001:41d0:52:900::871"
#------------------------------------------------------------------------------
#------------------------------------------------------------------------------
# Name: Quad9.net (free service - this one is unfiltered). # Name: Quad9.net (free service - this one is unfiltered).
# DNSSEC: not available # DNSSEC: not available
# Details: Based in Switzerland, zero cost, stated as no tracking data saved. Also has https https://dns10.quad9.net/dns-query # Details: Based in Switzerland, zero cost, stated as no tracking data saved. Also has https https://dns10.quad9.net/dns-query
#------------------------------------------------------------------------------
# IPv4 # IPv4
# Server: dns10.quad9.net IPv4 Primary # Server: dns10.quad9.net IPv4 Primary
"9.9.9.10" "9.9.9.10"
# Server: dns10.quad9.net IPv4 Secondary # Server: dns10.quad9.net IPv4 Secondary
"149.112.112.10" "149.112.112.10"
#------------------------------------------------------------------------------
# IPV6 # IPV6
# Server: dns10.quad9.net IPV6 Primary server # Server: dns10.quad9.net IPV6 Primary server
# "2620:fe::10" # "2620:fe::10"
# Server: dns10.quad9.net IPV6 Secondary server # Server: dns10.quad9.net IPV6 Secondary server
# "2620:fe::fe:10" # "2620:fe::fe:10"
#------------------------------------------------------------------------------
#------------------------------------------------------------------------------
# Name: Quad9.net (free service - this one is malware/phish blocked). Suggesting using the unfiltered set just above. # Name: Quad9.net (free service - this one is malware/phish blocked). Suggesting using the unfiltered set just above.
# DNSSEC: available # DNSSEC: available
# Details: Based in Switzerland, zero cost, stated as no tracking data saved. Also has https https://dns.quad9.net/dns-query # Details: Based in Switzerland, zero cost, stated as no tracking data saved. Also has https https://dns.quad9.net/dns-query
#------------------------------------------------------------------------------
# IPv4 # IPv4
# Server: dns9.quad9.net IPv4 Primary # Server: dns9.quad9.net IPv4 Primary
# "9.9.9.9" # "9.9.9.9"
# Server: dns.quad9.net IPv4 Secondary # Server: dns.quad9.net IPv4 Secondary
# "149.112.112.112" # "149.112.112.112"
#------------------------------------------------------------------------------
# IPv6 # IPv6
# Server: dns9.quad9.net IPV6 Primary server # Server: dns9.quad9.net IPV6 Primary server
# "2620:fe::9" # "2620:fe::9"
# Server: dns.quad9.net IPV6 Secondary server # Server: dns.quad9.net IPV6 Secondary server
# "2620:fe::fe" # "2620:fe::fe"
]; ];
#------------------------------------------------------------------------------
cacheNetworks = cacheNetworks =
[ [
# this server itself # this server itself
@ -469,7 +476,7 @@ in {
] ]
++ create_cache_networks; ++ create_cache_networks;
}; };
#------------------------------------------------------------------------------
systemd.services.bind = { systemd.services.bind = {
# deletes the journal files evey start so it no longer stalls out # deletes the journal files evey start so it no longer stalls out
preStart = '' preStart = ''
@ -480,7 +487,7 @@ in {
"${config.environment.etc."skynet/dns/skynet.ie".source}" "${config.environment.etc."skynet/dns/skynet.ie".source}"
]; ];
}; };
#------------------------------------------------------------------------------
# creates a folder in /etc for the dns to use # creates a folder in /etc for the dns to use
users.users.named = { users.users.named = {
createHome = true; createHome = true;