/* Name: https://masseffect.fandom.com/wiki/Vigil Why: Counterpart to Vendetta Type: VM Hardware: - From: 2023 Role: DNS Server Notes: */ { pkgs, lib, nodes, ... }: let name = "vigil"; ip_pub = "193.1.99.121"; ip_priv = "172.20.20.4"; # hostname = "${name}.skynet.ie"; hostname = ip_pub; # sets which nameserver it is ns = "ns2"; in { imports = [ # applications for this particular server ../applications/firewall.nix ../applications/dns.nix ]; deployment = { targetHost = hostname; targetPort = 22; targetUser = "root"; }; networking = { firewall = { allowedTCPPorts = [22 53]; allowedUDPPorts = [53]; }; }; # open the firewall for this skynet_firewall.forward = [ "ip saddr ${ip_pub} tcp dport 53 counter packets 0 bytes 0 accept" "ip saddr ${ip_pub} udp dport 53 counter packets 0 bytes 0 accept" ]; skynet_dns = { enable = true; # this server will have to have dns records own = { nameserver = ns; external = [ "${name} A ${ip_pub}" "${ns} A ${ip_pub}" ]; cname = [ #"misc CNAME vendetta" ]; }; records = { # using the same logic as the firewall, comments there external = builtins.concatLists ( lib.attrsets.mapAttrsToList (key: value: if builtins.hasAttr "skynet_dns" value.config then ( if value.config.skynet_dns.enable then value.config.skynet_dns.own.external else value.config.skynet_dns.records.external ) else [] ) nodes ); cname = builtins.concatLists ( lib.attrsets.mapAttrsToList (key: value: if builtins.hasAttr "skynet_dns" value.config then ( if value.config.skynet_dns.enable then value.config.skynet_dns.own.cname else value.config.skynet_dns.records.cname ) else [] ) nodes ); }; }; }