Added comment lines for readability
This commit is contained in:
parent
38e0eada72
commit
fa3d68d77b
1 changed files with 28 additions and 21 deletions
|
|
@ -44,6 +44,7 @@
|
|||
then str
|
||||
else (fixedWidthString_post reqWidth filler str) + filler;
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# base config for domains we own (skynet.ie, csn.ul.ie, ulcompsoc.ie)
|
||||
get_config_file = (
|
||||
domain: ''
|
||||
|
|
@ -102,6 +103,8 @@
|
|||
''
|
||||
);
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
|
||||
# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/4/html/reference_guide/s2-bind-configuration-zone-reverse
|
||||
# config for our reverse dnspointers (not properly working)
|
||||
get_config_file_rev = (
|
||||
|
|
@ -148,7 +151,8 @@
|
|||
''
|
||||
);
|
||||
|
||||
# arrys of the two nameservers
|
||||
#------------------------------------------------------------------------------
|
||||
# addresses of the two nameservers
|
||||
tmp1 = ["193.1.99.109"];
|
||||
tmp2 = ["193.1.99.120"];
|
||||
|
||||
|
|
@ -171,6 +175,7 @@
|
|||
else []
|
||||
);
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# small function to tidy up the spam of the cache networks, would use the subnet except all external traffic has the ip of the router
|
||||
create_cache_networks = map (x: "193.1.99.${toString x}/32") (lib.lists.range 71 126);
|
||||
|
||||
|
|
@ -188,7 +193,7 @@
|
|||
};
|
||||
};
|
||||
# (text.owned "csn.ul.ie")
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# standard function to create the file in /etc/ - pass in the text and domain and the function creates that file
|
||||
create_entry_etc = domain: type:
|
||||
if type == "owned"
|
||||
|
|
@ -198,7 +203,7 @@
|
|||
else if type == "old"
|
||||
then create_entry_etc_sub domain (text.old domain)
|
||||
else {};
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
create_entry_zone = domain: extraConfig: {
|
||||
"${domain}" = {
|
||||
extraConfig = ''
|
||||
|
|
@ -222,7 +227,7 @@
|
|||
reverse = domain: get_config_file_rev domain;
|
||||
old = domain: get_config_file_old_domains domain;
|
||||
};
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
extraConfig = {
|
||||
owned =
|
||||
if cfg.server.primary
|
||||
|
|
@ -239,7 +244,7 @@
|
|||
|
||||
old = "";
|
||||
};
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
records = builtins.concatLists (
|
||||
lib.attrsets.mapAttrsToList (
|
||||
key: value: let
|
||||
|
|
@ -282,6 +287,7 @@
|
|||
nodes
|
||||
);
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
nameserver =
|
||||
if cfg.server.primary
|
||||
then "ns1"
|
||||
|
|
@ -338,6 +344,7 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
config = lib.mkIf cfg.server.enable {
|
||||
# open the firewall for this
|
||||
skynet_firewall.forward = [
|
||||
|
|
@ -387,17 +394,17 @@ in {
|
|||
extraOptions = ''
|
||||
dnssec-validation yes;
|
||||
'';
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# set the upstream dns servers
|
||||
# overrides the default dns servers
|
||||
# Set for HEANet and Quad9 IPv4 servers, x4 total
|
||||
forwarders = [
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
#------------------------------------------------------------------------------
|
||||
# Name: HEANet
|
||||
# DNSSEC: not known
|
||||
# Details: ISP for UL, should be a good candidate for primary upstream. If they aren't available, we've no connectivity anyway.
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# IPv4
|
||||
# Server: ns.heanet.ie HEANet primary
|
||||
"193.1.193.194"
|
||||
|
|
@ -405,7 +412,7 @@ in {
|
|||
"193.1.247.198"
|
||||
# Server: auth-ns3.heanet.ie HEANet tertiary (Germany location)
|
||||
# "5.196.22.225"
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# IPV6
|
||||
# Server: ns.heanet.ie HEANet IPv4 primary
|
||||
# "2001:770:18:4::c101:c1c2"
|
||||
|
|
@ -413,42 +420,42 @@ in {
|
|||
# "2001:770:1c:4::c101:f7c6"
|
||||
# Server: auth-ns3.heanet.ie HEANet IPv4 tertiary (Germany location)
|
||||
# "2001:41d0:52:900::871"
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
#------------------------------------------------------------------------------
|
||||
# Name: Quad9.net (free service - this one is unfiltered).
|
||||
# DNSSEC: not available
|
||||
# Details: Based in Switzerland, zero cost, stated as no tracking data saved. Also has https https://dns10.quad9.net/dns-query
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# IPv4
|
||||
# Server: dns10.quad9.net IPv4 Primary
|
||||
"9.9.9.10"
|
||||
# Server: dns10.quad9.net IPv4 Secondary
|
||||
"149.112.112.10"
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# IPV6
|
||||
# Server: dns10.quad9.net IPV6 Primary server
|
||||
# "2620:fe::10"
|
||||
# Server: dns10.quad9.net IPV6 Secondary server
|
||||
# "2620:fe::fe:10"
|
||||
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
#------------------------------------------------------------------------------
|
||||
# Name: Quad9.net (free service - this one is malware/phish blocked). Suggesting using the unfiltered set just above.
|
||||
# DNSSEC: available
|
||||
# Details: Based in Switzerland, zero cost, stated as no tracking data saved. Also has https https://dns.quad9.net/dns-query
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# IPv4
|
||||
# Server: dns9.quad9.net IPv4 Primary
|
||||
# "9.9.9.9"
|
||||
# Server: dns.quad9.net IPv4 Secondary
|
||||
# "149.112.112.112"
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# IPv6
|
||||
# Server: dns9.quad9.net IPV6 Primary server
|
||||
# "2620:fe::9"
|
||||
# Server: dns.quad9.net IPV6 Secondary server
|
||||
# "2620:fe::fe"
|
||||
];
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
cacheNetworks =
|
||||
[
|
||||
# this server itself
|
||||
|
|
@ -469,7 +476,7 @@ in {
|
|||
]
|
||||
++ create_cache_networks;
|
||||
};
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
systemd.services.bind = {
|
||||
# deletes the journal files evey start so it no longer stalls out
|
||||
preStart = ''
|
||||
|
|
@ -480,7 +487,7 @@ in {
|
|||
"${config.environment.etc."skynet/dns/skynet.ie".source}"
|
||||
];
|
||||
};
|
||||
|
||||
#------------------------------------------------------------------------------
|
||||
# creates a folder in /etc for the dns to use
|
||||
users.users.named = {
|
||||
createHome = true;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue