diff --git a/_types/dns_object.nix b/_types/dns_object.nix new file mode 100644 index 0000000..6b7523e --- /dev/null +++ b/_types/dns_object.nix @@ -0,0 +1,19 @@ +{lib, ...}: +with lib; { + options = { + record = mkOption { + type = types.str; + }; + r_type = mkOption { + type = types.enum ["A" "CNAME" "TXT" "PTR" "SRV" "MX"]; + }; + value = mkOption { + type = types.str; + }; + server = mkOption { + description = "Core record for a server"; + type = types.bool; + default = false; + }; + }; +} diff --git a/applications/dns.nix b/applications/dns.nix index 6b7bc6b..0f61aa0 100644 --- a/applications/dns.nix +++ b/applications/dns.nix @@ -11,9 +11,9 @@ current_date = lib.readFile "${pkgs.runCommand "timestamp" {} "echo -n `date +%s` > $out"}"; # gets a list of records that match this type - filter_records_type = r_type: builtins.filter (x: x.r_type == r_type) records; - filter_records_server = builtins.filter (x: builtins.hasAttr "server" x && x.server) (filter_records_type "A"); - filter_records_a = builtins.filter (x: builtins.hasAttr "server" x && !x.server) (filter_records_type "A"); + filter_records_type = records: r_type: builtins.filter (x: x.r_type == r_type) records; + filter_records_server = records: builtins.filter (x: builtins.hasAttr "server" x && x.server) (filter_records_type records "A"); + filter_records_a = records: builtins.filter (x: builtins.hasAttr "server" x && !x.server) (filter_records_type records "A"); process_ptr = records: lib.lists.forEach records (x: process_ptr_sub x); process_ptr_sub = record: { @@ -23,11 +23,11 @@ }; ip_ptr_to_int = ip: lib.strings.toInt (builtins.substring 9 3 ip); - sort_records_server = builtins.sort (a: b: a.record < b.record) filter_records_server; - sort_records_a = builtins.sort (a: b: (ip_ptr_to_int a.value) < (ip_ptr_to_int b.value)) filter_records_a; - sort_records_cname = builtins.sort (a: b: a.value < b.value) (filter_records_type "CNAME"); - sort_records_ptr = builtins.sort (a: b: (lib.strings.toInt a.record) < (lib.strings.toInt b.record)) (process_ptr (filter_records_type "PTR")); - sort_records_srv = builtins.sort (a: b: a.record < b.record) (filter_records_type "SRV"); + sort_records_server = records: builtins.sort (a: b: a.record < b.record) (filter_records_server records); + sort_records_a = records: builtins.sort (a: b: (ip_ptr_to_int a.value) < (ip_ptr_to_int b.value)) (filter_records_a records); + sort_records_cname = records: builtins.sort (a: b: a.value < b.value) (filter_records_type records "CNAME"); + sort_records_ptr = records: builtins.sort (a: b: (lib.strings.toInt a.record) < (lib.strings.toInt b.record)) (process_ptr (filter_records_type records "PTR")); + sort_records_srv = records: builtins.sort (a: b: a.record < b.record) (filter_records_type records "SRV"); format_records = records: offset: lib.strings.concatMapStrings (x: "${padString x.record offset} IN ${padString x.r_type 5} ${x.value}\n") records; @@ -46,10 +46,10 @@ # base config for domains we own (skynet.ie, csn.ul.ie, ulcompsoc.ie) get_config_file = ( - domain: '' + domain: records: '' $TTL 60 ; 1 minute - ; hostmaster@${domain} is an email address that recieves stuff related to dns - @ IN SOA ${nameserver}.${domain}. hostmaster.${domain}. ( + ; hostmaster@skynet.ie is an email address that recieves stuff related to dns + @ IN SOA ${nameserver}.skynet.ie. hostmaster.skynet.ie. ( ; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated ${current_date} 600 ; Refresh (10 minutes) @@ -58,45 +58,43 @@ 3600 ; Minimum (1 hour) ) - @ NS ns1.${domain}. - @ NS ns2.${domain}. - ; @ stands for teh root domain so teh A record below is where ${domain} points to - ;@ A 193.1.99.76 - ;@ MX 5 ${domain}. + ; @ stands for teh root domain so teh A record below is where ${domain} points to + @ NS ns1.skynet.ie. + @ NS ns2.skynet.ie. ; can have multiple mailserves - @ MX 10 mail.${domain}. + @ MX 10 mail.skynet.ie. ; ------------------------------------------ ; Server Names (A Records) ; ------------------------------------------ - ${format_records sort_records_server 31} + ${format_records (sort_records_server records) 31} ; ------------------------------------------ ; A (non server names ; ------------------------------------------ - ${format_records sort_records_a 31} + ${format_records (sort_records_a records) 31} ; ------------------------------------------ ; CNAMES ; ------------------------------------------ - ${format_records sort_records_cname 31} + ${format_records (sort_records_cname records) 31} ; ------------------------------------------ ; TXT ; ------------------------------------------ - ${format_records (filter_records_type "TXT") 31} + ${format_records (filter_records_type records "TXT") 31} ; ------------------------------------------ ; MX ; ------------------------------------------ - ${format_records (filter_records_type "MX") 31} + ${format_records (filter_records_type records "MX") 31} ; ------------------------------------------ ; SRV ; ------------------------------------------ - ${format_records sort_records_srv 65} + ${format_records (sort_records_srv records) 65} '' @@ -105,7 +103,7 @@ # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/4/html/reference_guide/s2-bind-configuration-zone-reverse # config for our reverse dnspointers (not properly working) get_config_file_rev = ( - domain: '' + domain: records: '' $ORIGIN 64-64.99.1.193.in-addr.arpa. $TTL 60 ; 1 minute ; hostmaster@skynet.ie is an email address that recieves stuff related to dns @@ -124,27 +122,7 @@ ; ------------------------------------------ ; PTR ; ------------------------------------------ - ${format_records sort_records_ptr 3} - '' - ); - - # domains we dont have proper ownship over, only here to ensure the logs dont get cluttered. - get_config_file_old_domains = ( - domain: '' - $TTL 60 ; 1 minute - ; hostmaster@skynet.ie is an email address that recieves stuff related to dns - @ IN SOA ${nameserver}.skynet.ie. hostmaster.skynet.ie. ( - ; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated - ${current_date} - 600 ; Refresh (10 minutes) - 300 ; Retry (5 minutes) - 604800 ; Expire (1 week) - 3600 ; Minimum (1 hour) - ) - - @ NS ns1.skynet.ie. - @ NS ns2.skynet.ie. - + ${format_records (sort_records_ptr records) 3} '' ); @@ -190,19 +168,29 @@ # (text.owned "csn.ul.ie") # standard function to create the etc file, pass in the text and domain and it makes it - create_entry_etc = domain: type: + create_entry_etc = domain: type: records: if type == "owned" - then create_entry_etc_sub domain (text.owned domain) + then create_entry_etc_sub domain (text.owned domain records) else if type == "reverse" - then create_entry_etc_sub domain (text.reverse domain) - else if type == "old" - then create_entry_etc_sub domain (text.old domain) + then create_entry_etc_sub domain (text.reverse domain records) else {}; - create_entry_zone = domain: extraConfig: { + create_entry_zone_names = builtins.attrNames (removeAttrs config.skynet.records ["skynet.ie"]); + create_entry_zone_mapped = map (x: (create_entry_zone x)) create_entry_zone_names; + create_entry_zone_attr = lib.mkMerge create_entry_zone_mapped; + + create_entry_etc_mapped = map (x: (create_entry_etc x "owned" config.skynet.records.${x})) create_entry_zone_names; + create_entry_etc_attr = lib.mkMerge create_entry_etc_mapped; + + create_entry_zone = domain: { "${domain}" = { extraConfig = '' - ${extraConfig} + allow-update { + key rfc2136key.${domain}.; + }; + + dnssec-policy default; + inline-signing yes; // for bumping the config // ${current_date} ''; @@ -218,30 +206,12 @@ }; text = { - owned = domain: get_config_file domain; - reverse = domain: get_config_file_rev domain; - old = domain: get_config_file_old_domains domain; - }; - - extraConfig = { - owned = - if cfg.server.primary - then '' - allow-update { key rfc2136key.skynet.ie.; }; - - dnssec-policy default; - inline-signing yes; - '' - else ""; - - # no extra config for reverse - reverse = ""; - - old = ""; + owned = domain: records: get_config_file domain records; + reverse = domain: records: get_config_file_rev domain records; }; records = - config.skynet.records + config.skynet.records."skynet.ie" ++ builtins.concatLists ( lib.attrsets.mapAttrsToList ( key: value: let @@ -316,28 +286,11 @@ in { }; }; - # mirrorred in ../config/dns.nix records = lib.mkOption { description = "Records, sorted based on therir type"; - type = with lib.types; - listOf (submodule { - options = { - record = lib.mkOption { - type = str; - }; - r_type = lib.mkOption { - type = enum ["A" "CNAME" "TXT" "PTR" "SRV" "MX"]; - }; - value = lib.mkOption { - type = str; - }; - server = lib.mkOption { - description = "Core record for a server"; - type = bool; - default = false; - }; - }; - }); + type = lib.types.listOf (lib.types.submodule (import ../_types/dns_object.nix { + inherit lib; + })); }; }; }; @@ -351,21 +304,21 @@ in { "ip daddr ${cfg.server.ip} udp dport 53 counter packets 0 bytes 0 accept" ]; - services.bind.zones = - (create_entry_zone "csn.ul.ie" extraConfig.owned) - // (create_entry_zone "skynet.ie" extraConfig.owned) - // (create_entry_zone "ulcompsoc.ie" extraConfig.owned) - // (create_entry_zone "64-64.99.1.193.in-addr.arpa" extraConfig.reverse) - // (create_entry_zone "conradcollins.net" extraConfig.old) - // (create_entry_zone "edelharty.net" extraConfig.old); + services.bind.zones = lib.mkMerge [ + (create_entry_zone "csn.ul.ie") + (create_entry_zone "skynet.ie") + (create_entry_zone "ulcompsoc.ie") + (create_entry_zone "64-64.99.1.193.in-addr.arpa") + create_entry_zone_attr + ]; - environment.etc = - (create_entry_etc "csn.ul.ie" "owned") - // (create_entry_etc "skynet.ie" "owned") - // (create_entry_etc "ulcompsoc.ie" "owned") - // (create_entry_etc "64-64.99.1.193.in-addr.arpa" "reverse") - // (create_entry_etc "conradcollins.net" "old") - // (create_entry_etc "edelharty.net" "old"); + environment.etc = lib.mkMerge [ + (create_entry_etc "csn.ul.ie" "owned" records) + (create_entry_etc "skynet.ie" "owned" records) + (create_entry_etc "ulcompsoc.ie" "owned" records) + (create_entry_etc "64-64.99.1.193.in-addr.arpa" "reverse" records) + create_entry_etc_attr + ]; # secrets required age.secrets.dns_dnskeys = { diff --git a/config/dns.nix b/config/dns.nix index 991f058..8764ade 100644 --- a/config/dns.nix +++ b/config/dns.nix @@ -1,62 +1,58 @@ {lib, ...}: { - imports = [ - # Paths to other modules. - # Compose this module out of smaller ones. - ]; + imports = []; - # this needs to mirror ../applications/dns.nix - options.skynet.records = lib.mkOption { - description = "Records, sorted based on therir type"; - type = with lib.types; - listOf (submodule { - options = { - record = lib.mkOption { - type = str; - }; - r_type = lib.mkOption { - type = enum ["A" "CNAME" "TXT" "PTR" "SRV" "MX"]; - }; - value = lib.mkOption { - type = str; - }; - server = lib.mkOption { - description = "Core record for a server"; - type = bool; - default = false; - }; - }; - }); + options.skynet = { + records = lib.mkOption { + description = "Records, sorted based on therir type"; + type = lib.types.attrsOf (lib.types.listOf (lib.types.submodule (import ../_types/dns_object.nix { + inherit lib; + }))); + }; }; config = { - skynet.records = [ - { - record = "optimus-reborn"; - r_type = "A"; - value = "193.1.99.90"; - server = true; - } - { - record = "panel.games"; - r_type = "CNAME"; - value = "optimus-reborn"; - } - { - record = "bumblebee"; - r_type = "A"; - value = "193.1.99.91"; - server = true; - } - { - record = "minecraft.compsoc.games"; - r_type = "CNAME"; - value = "bumblebee"; - } - { - record = "_minecraft._tcp.minecraft.compsoc.games.skynet.ie."; - r_type = "SRV"; - value = "0 10 25518 minecraft.compsoc.games.skynet.ie."; - } - ]; + skynet.records = { + "skynet.ie" = [ + { + record = "optimus-reborn"; + r_type = "A"; + value = "193.1.99.90"; + server = true; + } + { + record = "panel.games"; + r_type = "CNAME"; + value = "optimus-reborn"; + } + { + record = "bumblebee"; + r_type = "A"; + value = "193.1.99.91"; + server = true; + } + { + record = "minecraft.compsoc.games"; + r_type = "CNAME"; + value = "bumblebee"; + } + { + record = "_minecraft._tcp.minecraft.compsoc.games.skynet.ie."; + r_type = "SRV"; + value = "0 10 25518 minecraft.compsoc.games.skynet.ie."; + } + ]; + + # some space to avoid conflicts + "conradcollins.net" = []; + "edelharty.net" = []; + + "outinul.ie" = [ + { + record = "@"; + r_type = "CNAME"; + value = "users.skynet.ie."; + } + ]; + }; }; }