Skynet/nixos
6
1
Fork 0
Code Issues 43 Pull requests 1 Projects Releases Packages Wiki Activity Actions

Compare commits

merge into: Skynet:main
Branches Tags
Skynet:main
Skynet:#85-test-forgejo
Skynet:#76-Nuked-Backup
Skynet:#70-logging-dns
Skynet:#56-external-dns
Skynet:#52-dns-for-non-nixos
Skynet:#50_mirror_using_gitlab.com
Skynet:second-interface-routing
Skynet:add_automx2
...
pull from: Skynet:#56-external-dns
Branches Tags
Skynet:main
Skynet:#85-test-forgejo
Skynet:#76-Nuked-Backup
Skynet:#70-logging-dns
Skynet:#56-external-dns
Skynet:#52-dns-for-non-nixos
Skynet:#50_mirror_using_gitlab.com
Skynet:second-interface-routing
Skynet:add_automx2

7 commits
main ... #56-extern

Author SHA1 Message Date
Brendan Golden
8e355bab9a feat: I think i got external/non-nixos domains working pretty solidly 2024-03-12 00:59:02 +00:00
Brendan Golden
a000bcc66d feat: simplified the dns a tad by passing through vars to functions 2024-03-12 00:13:11 +00:00
Brendan Golden
5141b57eb5 feat: simplified the dns a tad by passing through vars to functions 2024-03-12 00:12:47 +00:00
Brendan Golden
97e18e5514 feat: no need for the extra config 2024-03-11 23:47:21 +00:00
Brendan Golden
752194eb61 fix: slight cleanup of the dns file 2024-03-11 23:29:07 +00:00
Brendan Golden
fce75fde73 feat: made the custom dns a tad more general 2024-03-11 23:27:09 +00:00
Brendan Golden
ed43da872c feat: figured out how to share types across files 2024-03-11 23:14:29 +00:00
3 changed files with 130 additions and 162 deletions
Show stats Expand all files Collapse all files

19
_types/dns_object.nix Normal file
View file

@ -0,0 +1,19 @@
{lib, ...}:
with lib; {
options = {
record = mkOption {
type = types.str;
};
r_type = mkOption {
type = types.enum ["A" "CNAME" "TXT" "PTR" "SRV" "MX"];
};
value = mkOption {
type = types.str;
};
server = mkOption {
description = "Core record for a server";
type = types.bool;
default = false;
};
};
}

165
applications/dns.nix
View file

@ -11,9 +11,9 @@
current_date = lib.readFile "${pkgs.runCommand "timestamp" {} "echo -n `date +%s` > $out"}"; current_date = lib.readFile "${pkgs.runCommand "timestamp" {} "echo -n `date +%s` > $out"}";
# gets a list of records that match this type # gets a list of records that match this type
filter_records_type = r_type: builtins.filter (x: x.r_type == r_type) records; filter_records_type = records: r_type: builtins.filter (x: x.r_type == r_type) records;
filter_records_server = builtins.filter (x: builtins.hasAttr "server" x && x.server) (filter_records_type "A"); filter_records_server = records: builtins.filter (x: builtins.hasAttr "server" x && x.server) (filter_records_type records "A");
filter_records_a = builtins.filter (x: builtins.hasAttr "server" x && !x.server) (filter_records_type "A"); filter_records_a = records: builtins.filter (x: builtins.hasAttr "server" x && !x.server) (filter_records_type records "A");
process_ptr = records: lib.lists.forEach records (x: process_ptr_sub x); process_ptr = records: lib.lists.forEach records (x: process_ptr_sub x);
process_ptr_sub = record: { process_ptr_sub = record: {
@ -23,11 +23,11 @@
}; };
ip_ptr_to_int = ip: lib.strings.toInt (builtins.substring 9 3 ip); ip_ptr_to_int = ip: lib.strings.toInt (builtins.substring 9 3 ip);
sort_records_server = builtins.sort (a: b: a.record < b.record) filter_records_server; sort_records_server = records: builtins.sort (a: b: a.record < b.record) (filter_records_server records);
sort_records_a = builtins.sort (a: b: (ip_ptr_to_int a.value) < (ip_ptr_to_int b.value)) filter_records_a; sort_records_a = records: builtins.sort (a: b: (ip_ptr_to_int a.value) < (ip_ptr_to_int b.value)) (filter_records_a records);
sort_records_cname = builtins.sort (a: b: a.value < b.value) (filter_records_type "CNAME"); sort_records_cname = records: builtins.sort (a: b: a.value < b.value) (filter_records_type records "CNAME");
sort_records_ptr = builtins.sort (a: b: (lib.strings.toInt a.record) < (lib.strings.toInt b.record)) (process_ptr (filter_records_type "PTR")); sort_records_ptr = records: builtins.sort (a: b: (lib.strings.toInt a.record) < (lib.strings.toInt b.record)) (process_ptr (filter_records_type records "PTR"));
sort_records_srv = builtins.sort (a: b: a.record < b.record) (filter_records_type "SRV"); sort_records_srv = records: builtins.sort (a: b: a.record < b.record) (filter_records_type records "SRV");
format_records = records: offset: lib.strings.concatMapStrings (x: "${padString x.record offset} IN ${padString x.r_type 5} ${x.value}\n") records; format_records = records: offset: lib.strings.concatMapStrings (x: "${padString x.record offset} IN ${padString x.r_type 5} ${x.value}\n") records;
@ -46,10 +46,10 @@
# base config for domains we own (skynet.ie, csn.ul.ie, ulcompsoc.ie) # base config for domains we own (skynet.ie, csn.ul.ie, ulcompsoc.ie)
get_config_file = ( get_config_file = (
domain: '' domain: records: ''
$TTL 60 ; 1 minute $TTL 60 ; 1 minute
; hostmaster@${domain} is an email address that recieves stuff related to dns ; hostmaster@skynet.ie is an email address that recieves stuff related to dns
@ IN SOA ${nameserver}.${domain}. hostmaster.${domain}. ( @ IN SOA ${nameserver}.skynet.ie. hostmaster.skynet.ie. (
; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated ; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated
${current_date} ${current_date}
600 ; Refresh (10 minutes) 600 ; Refresh (10 minutes)
@ -58,45 +58,43 @@
3600 ; Minimum (1 hour) 3600 ; Minimum (1 hour)
) )
@ NS ns1.${domain}.
@ NS ns2.${domain}.
; @ stands for teh root domain so teh A record below is where ${domain} points to ; @ stands for teh root domain so teh A record below is where ${domain} points to
;@ A 193.1.99.76 @ NS ns1.skynet.ie.
;@ MX 5 ${domain}. @ NS ns2.skynet.ie.
; can have multiple mailserves ; can have multiple mailserves
@ MX 10 mail.${domain}. @ MX 10 mail.skynet.ie.
; ------------------------------------------ ; ------------------------------------------
; Server Names (A Records) ; Server Names (A Records)
; ------------------------------------------ ; ------------------------------------------
${format_records sort_records_server 31} ${format_records (sort_records_server records) 31}
; ------------------------------------------ ; ------------------------------------------
; A (non server names ; A (non server names
; ------------------------------------------ ; ------------------------------------------
${format_records sort_records_a 31} ${format_records (sort_records_a records) 31}
; ------------------------------------------ ; ------------------------------------------
; CNAMES ; CNAMES
; ------------------------------------------ ; ------------------------------------------
${format_records sort_records_cname 31} ${format_records (sort_records_cname records) 31}
; ------------------------------------------ ; ------------------------------------------
; TXT ; TXT
; ------------------------------------------ ; ------------------------------------------
${format_records (filter_records_type "TXT") 31} ${format_records (filter_records_type records "TXT") 31}
; ------------------------------------------ ; ------------------------------------------
; MX ; MX
; ------------------------------------------ ; ------------------------------------------
${format_records (filter_records_type "MX") 31} ${format_records (filter_records_type records "MX") 31}
; ------------------------------------------ ; ------------------------------------------
; SRV ; SRV
; ------------------------------------------ ; ------------------------------------------
${format_records sort_records_srv 65} ${format_records (sort_records_srv records) 65}
'' ''
@ -105,7 +103,7 @@
# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/4/html/reference_guide/s2-bind-configuration-zone-reverse # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/4/html/reference_guide/s2-bind-configuration-zone-reverse
# config for our reverse dnspointers (not properly working) # config for our reverse dnspointers (not properly working)
get_config_file_rev = ( get_config_file_rev = (
domain: '' domain: records: ''
$ORIGIN 64-64.99.1.193.in-addr.arpa. $ORIGIN 64-64.99.1.193.in-addr.arpa.
$TTL 60 ; 1 minute $TTL 60 ; 1 minute
; hostmaster@skynet.ie is an email address that recieves stuff related to dns ; hostmaster@skynet.ie is an email address that recieves stuff related to dns
@ -124,27 +122,7 @@
; ------------------------------------------ ; ------------------------------------------
; PTR ; PTR
; ------------------------------------------ ; ------------------------------------------
${format_records sort_records_ptr 3} ${format_records (sort_records_ptr records) 3}
''
);
# domains we dont have proper ownship over, only here to ensure the logs dont get cluttered.
get_config_file_old_domains = (
domain: ''
$TTL 60 ; 1 minute
; hostmaster@skynet.ie is an email address that recieves stuff related to dns
@ IN SOA ${nameserver}.skynet.ie. hostmaster.skynet.ie. (
; Serial (YYYYMMDDCC) this has to be updated for each time the record is updated
${current_date}
600 ; Refresh (10 minutes)
300 ; Retry (5 minutes)
604800 ; Expire (1 week)
3600 ; Minimum (1 hour)
)
@ NS ns1.skynet.ie.
@ NS ns2.skynet.ie.
'' ''
); );
@ -190,19 +168,29 @@
# (text.owned "csn.ul.ie") # (text.owned "csn.ul.ie")
# standard function to create the etc file, pass in the text and domain and it makes it # standard function to create the etc file, pass in the text and domain and it makes it
create_entry_etc = domain: type: create_entry_etc = domain: type: records:
if type == "owned" if type == "owned"
then create_entry_etc_sub domain (text.owned domain) then create_entry_etc_sub domain (text.owned domain records)
else if type == "reverse" else if type == "reverse"
then create_entry_etc_sub domain (text.reverse domain) then create_entry_etc_sub domain (text.reverse domain records)
else if type == "old"
then create_entry_etc_sub domain (text.old domain)
else {}; else {};
create_entry_zone = domain: extraConfig: { create_entry_zone_names = builtins.attrNames (removeAttrs config.skynet.records ["skynet.ie"]);
create_entry_zone_mapped = map (x: (create_entry_zone x)) create_entry_zone_names;
create_entry_zone_attr = lib.mkMerge create_entry_zone_mapped;
create_entry_etc_mapped = map (x: (create_entry_etc x "owned" config.skynet.records.${x})) create_entry_zone_names;
create_entry_etc_attr = lib.mkMerge create_entry_etc_mapped;
create_entry_zone = domain: {
"${domain}" = { "${domain}" = {
extraConfig = '' extraConfig = ''
${extraConfig} allow-update {
key rfc2136key.${domain}.;
};
dnssec-policy default;
inline-signing yes;
// for bumping the config // for bumping the config
// ${current_date} // ${current_date}
''; '';
@ -218,30 +206,12 @@
}; };
text = { text = {
owned = domain: get_config_file domain; owned = domain: records: get_config_file domain records;
reverse = domain: get_config_file_rev domain; reverse = domain: records: get_config_file_rev domain records;
old = domain: get_config_file_old_domains domain;
};
extraConfig = {
owned =
if cfg.server.primary
then ''
allow-update { key rfc2136key.skynet.ie.; };
dnssec-policy default;
inline-signing yes;
''
else "";
# no extra config for reverse
reverse = "";
old = "";
}; };
records = records =
config.skynet.records config.skynet.records."skynet.ie"
++ builtins.concatLists ( ++ builtins.concatLists (
lib.attrsets.mapAttrsToList ( lib.attrsets.mapAttrsToList (
key: value: let key: value: let
@ -316,28 +286,11 @@ in {
}; };
}; };
# mirrorred in ../config/dns.nix
records = lib.mkOption { records = lib.mkOption {
description = "Records, sorted based on therir type"; description = "Records, sorted based on therir type";
type = with lib.types; type = lib.types.listOf (lib.types.submodule (import ../_types/dns_object.nix {
listOf (submodule { inherit lib;
options = { }));
record = lib.mkOption {
type = str;
};
r_type = lib.mkOption {
type = enum ["A" "CNAME" "TXT" "PTR" "SRV" "MX"];
};
value = lib.mkOption {
type = str;
};
server = lib.mkOption {
description = "Core record for a server";
type = bool;
default = false;
};
};
});
}; };
}; };
}; };
@ -351,21 +304,21 @@ in {
"ip daddr ${cfg.server.ip} udp dport 53 counter packets 0 bytes 0 accept" "ip daddr ${cfg.server.ip} udp dport 53 counter packets 0 bytes 0 accept"
]; ];
services.bind.zones = services.bind.zones = lib.mkMerge [
(create_entry_zone "csn.ul.ie" extraConfig.owned) (create_entry_zone "csn.ul.ie")
// (create_entry_zone "skynet.ie" extraConfig.owned) (create_entry_zone "skynet.ie")
// (create_entry_zone "ulcompsoc.ie" extraConfig.owned) (create_entry_zone "ulcompsoc.ie")
// (create_entry_zone "64-64.99.1.193.in-addr.arpa" extraConfig.reverse) (create_entry_zone "64-64.99.1.193.in-addr.arpa")
// (create_entry_zone "conradcollins.net" extraConfig.old) create_entry_zone_attr
// (create_entry_zone "edelharty.net" extraConfig.old); ];
environment.etc = environment.etc = lib.mkMerge [
(create_entry_etc "csn.ul.ie" "owned") (create_entry_etc "csn.ul.ie" "owned" records)
// (create_entry_etc "skynet.ie" "owned") (create_entry_etc "skynet.ie" "owned" records)
// (create_entry_etc "ulcompsoc.ie" "owned") (create_entry_etc "ulcompsoc.ie" "owned" records)
// (create_entry_etc "64-64.99.1.193.in-addr.arpa" "reverse") (create_entry_etc "64-64.99.1.193.in-addr.arpa" "reverse" records)
// (create_entry_etc "conradcollins.net" "old") create_entry_etc_attr
// (create_entry_etc "edelharty.net" "old"); ];
# secrets required # secrets required
age.secrets.dns_dnskeys = { age.secrets.dns_dnskeys = {

46
config/dns.nix
View file

@ -1,35 +1,18 @@
{lib, ...}: { {lib, ...}: {
imports = [ imports = [];
# Paths to other modules.
# Compose this module out of smaller ones.
];
# this needs to mirror ../applications/dns.nix options.skynet = {
options.skynet.records = lib.mkOption { records = lib.mkOption {
description = "Records, sorted based on therir type"; description = "Records, sorted based on therir type";
type = with lib.types; type = lib.types.attrsOf (lib.types.listOf (lib.types.submodule (import ../_types/dns_object.nix {
listOf (submodule { inherit lib;
options = { })));
record = lib.mkOption {
type = str;
}; };
r_type = lib.mkOption {
type = enum ["A" "CNAME" "TXT" "PTR" "SRV" "MX"];
};
value = lib.mkOption {
type = str;
};
server = lib.mkOption {
description = "Core record for a server";
type = bool;
default = false;
};
};
});
}; };
config = { config = {
skynet.records = [ skynet.records = {
"skynet.ie" = [
{ {
record = "optimus-reborn"; record = "optimus-reborn";
r_type = "A"; r_type = "A";
@ -58,5 +41,18 @@
value = "0 10 25518 minecraft.compsoc.games.skynet.ie."; value = "0 10 25518 minecraft.compsoc.games.skynet.ie.";
} }
]; ];
# some space to avoid conflicts
"conradcollins.net" = [];
"edelharty.net" = [];
"outinul.ie" = [
{
record = "@";
r_type = "CNAME";
value = "users.skynet.ie.";
}
];
};
}; };
} }