Allow DNS for non skynet.ie domains #122
1 changed files with 33 additions and 25 deletions
|
@ -11,6 +11,22 @@
|
||||||
# reads that date to a string (will need to be fixed in 2038)
|
# reads that date to a string (will need to be fixed in 2038)
|
||||||
current_date = lib.readFile "${pkgs.runCommand "timestamp" {} "echo -n `date +%s` > $out"}";
|
current_date = lib.readFile "${pkgs.runCommand "timestamp" {} "echo -n `date +%s` > $out"}";
|
||||||
|
|
||||||
|
# this gets a list of all domains we have records for
|
||||||
|
domains = lib.lists.naturalSort (
|
||||||
|
lib.lists.unique (
|
||||||
|
lib.lists.forEach records (record: record.domain)
|
||||||
|
)
|
||||||
|
);
|
||||||
|
|
||||||
|
domains_owned = [
|
||||||
|
# for historic reasons we own this
|
||||||
|
"csn.ul.ie"
|
||||||
|
# the main one we use now
|
||||||
|
"skynet.ie"
|
||||||
|
# a backup
|
||||||
|
"ulcompsoc.ie"
|
||||||
|
];
|
||||||
|
|
||||||
# gets a list of records that match this type
|
# gets a list of records that match this type
|
||||||
filter_records_type = r_type: builtins.filter (x: x.r_type == r_type) records;
|
filter_records_type = r_type: builtins.filter (x: x.r_type == r_type) records;
|
||||||
filter_records_server = builtins.filter (x: builtins.hasAttr "server" x && x.server) (filter_records_type "A");
|
filter_records_server = builtins.filter (x: builtins.hasAttr "server" x && x.server) (filter_records_type "A");
|
||||||
|
@ -205,10 +221,19 @@
|
||||||
then create_entry_etc_sub domain (text.old domain)
|
then create_entry_etc_sub domain (text.old domain)
|
||||||
else {};
|
else {};
|
||||||
|
|
||||||
create_entry_zone = domain: extraConfig: {
|
create_entry_zone = domain: let
|
||||||
|
if_primary_and_owned =
|
||||||
|
if cfg.server.primary && (lib.lists.any (item: item == domain) domains_owned)
|
||||||
|
then ''
|
||||||
|
allow-update { key rfc2136key.skynet.ie.; };
|
||||||
|
dnssec-policy default;
|
||||||
|
inline-signing yes;
|
||||||
|
''
|
||||||
|
else "";
|
||||||
|
in {
|
||||||
"${domain}" = {
|
"${domain}" = {
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
${extraConfig}
|
${if_primary_and_owned}
|
||||||
// for bumping the config
|
// for bumping the config
|
||||||
// ${current_date}
|
// ${current_date}
|
||||||
'';
|
'';
|
||||||
|
@ -229,23 +254,6 @@
|
||||||
old = domain: get_config_file_old_domains domain;
|
old = domain: get_config_file_old_domains domain;
|
||||||
};
|
};
|
||||||
|
|
||||||
extraConfig = {
|
|
||||||
owned =
|
|
||||||
if cfg.server.primary
|
|
||||||
then ''
|
|
||||||
allow-update { key rfc2136key.skynet.ie.; };
|
|
||||||
|
|
||||||
dnssec-policy default;
|
|
||||||
inline-signing yes;
|
|
||||||
''
|
|
||||||
else "";
|
|
||||||
|
|
||||||
# no extra config for reverse
|
|
||||||
reverse = "";
|
|
||||||
|
|
||||||
old = "";
|
|
||||||
};
|
|
||||||
|
|
||||||
records =
|
records =
|
||||||
config.skynet.records
|
config.skynet.records
|
||||||
++ builtins.concatLists (
|
++ builtins.concatLists (
|
||||||
|
@ -344,12 +352,12 @@ in {
|
||||||
];
|
];
|
||||||
|
|
||||||
services.bind.zones =
|
services.bind.zones =
|
||||||
(create_entry_zone "csn.ul.ie" extraConfig.owned)
|
(create_entry_zone "csn.ul.ie")
|
||||||
// (create_entry_zone "skynet.ie" extraConfig.owned)
|
// (create_entry_zone "skynet.ie")
|
||||||
// (create_entry_zone "ulcompsoc.ie" extraConfig.owned)
|
// (create_entry_zone "ulcompsoc.ie")
|
||||||
// (create_entry_zone "64-64.99.1.193.in-addr.arpa" extraConfig.reverse)
|
// (create_entry_zone "64-64.99.1.193.in-addr.arpa")
|
||||||
// (create_entry_zone "conradcollins.net" extraConfig.old)
|
// (create_entry_zone "conradcollins.net")
|
||||||
// (create_entry_zone "edelharty.net" extraConfig.old);
|
// (create_entry_zone "edelharty.net");
|
||||||
|
|
||||||
environment.etc =
|
environment.etc =
|
||||||
(create_entry_etc "csn.ul.ie" "owned")
|
(create_entry_etc "csn.ul.ie" "owned")
|
||||||
|
|
Loading…
Reference in a new issue