commit dbc75eb0801c26308dc175f96e06f18ecf108d95
parent 0e438d3cfc44a081502eea1353ed6fcb809ac70c
Author: Leah (ctucx) <leah@ctu.cx>
Date: Mon, 12 Sep 2022 23:06:28 +0200
parent 0e438d3cfc44a081502eea1353ed6fcb809ac70c
Author: Leah (ctucx) <leah@ctu.cx>
Date: Mon, 12 Sep 2022 23:06:28 +0200
modules: add dns
5 files changed, 112 insertions(+), 47 deletions(-)
diff --git a/configurations/services/bind/default.nix b/configurations/services/bind/default.nix @@ -1,46 +0,0 @@ -{config, lib, pkgs, ...}: - -let - dns-zones = ./dns-zones; - -in { - - services.bind = { - enable = true; - zones = { - "ctu.cx" = { - file = "${dns-zones}/ctu.cx.zone"; - master = true; - }; - "ctucx.de" = { - file = "${dns-zones}/ctucx.de.zone"; - master = true; - }; - "flauschehorn.sexy" = { - file = "${dns-zones}/flauschehorn.sexy.zone"; - master = true; - }; - "thein.ovh" = { - file = "${dns-zones}/thein.ovh.zone"; - master = true; - }; - "oeffisear.ch" = { - file = "${dns-zones}/oeffisear.ch.zone"; - master = true; - }; - "trans-agenda.de" = { - file = "${dns-zones}/trans-agenda.de.zone"; - master = true; - }; - "wifionic.de" = { - file = "${dns-zones}/wifionic.de.zone"; - master = true; - }; - }; - }; - - networking.firewall = { - allowedTCPPorts = [ 53 ]; - allowedUDPPorts = [ 53 ]; - }; -}
diff --git a/configurations/services/dns/default.nix b/configurations/services/dns/default.nix @@ -0,0 +1,49 @@ +{config, lib, pkgs, ...}: + +let + dns-zones = ./dns-zones; + +in { + + deployment.tags = [ "dns" ]; + + dns = { + enable = true; + extraZones = { + "ctu.cx" = { + file = "${dns-zones}/ctu.cx.zone"; + master = true; + }; + "ctucx.de" = { + file = "${dns-zones}/ctucx.de.zone"; + master = true; + }; + "flauschehorn.sexy" = { + file = "${dns-zones}/flauschehorn.sexy.zone"; + master = true; + }; + "thein.ovh" = { + file = "${dns-zones}/thein.ovh.zone"; + master = true; + }; + "oeffisear.ch" = { + file = "${dns-zones}/oeffisear.ch.zone"; + master = true; + }; + "trans-agenda.de" = { + file = "${dns-zones}/trans-agenda.de.zone"; + master = true; + }; + "wifionic.de" = { + file = "${dns-zones}/wifionic.de.zone"; + master = true; + }; + }; + }; + + networking.firewall = { + allowedTCPPorts = [ 53 ]; + allowedUDPPorts = [ 53 ]; + }; + +}
diff --git a/modules/default.nix b/modules/default.nix @@ -9,6 +9,7 @@ ./vnstati ./desktop-speakers.nix ./email-notify.nix + ./dns.nix ] else []) (if (currentSystem == "aarch64-darwin") then [ ./darwin/quirks.nix
diff --git a/modules/dns.nix b/modules/dns.nix @@ -0,0 +1,61 @@ +{ currentSystem, nodes, config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.dns; + +in { + options.dns = { + enable = mkEnableOption "nix-powered DNS"; + + # contains dns entries defined on the local host + zones = mkOption { + type = lib.types.attrsOf pkgs.dns.lib.types.subzone; + default = {}; + }; + + # contains dns entries defined on the local host and on remote hosts, merged together + allZones = mkOption { + type = lib.types.attrsOf pkgs.dns.lib.types.zone; + default = {}; + }; + + # zones not generated by nix-dns, for example secondaries + extraZones = mkOption { + type = lib.types.listOf lib.types.attrs; + default = []; + }; + }; + + config = mkIf cfg.enable { + networking.firewall.allowedTCPPorts = [ 53 ]; + networking.firewall.allowedUDPPorts = [ 53 ]; + + # serve records defined in all host configs + dns.allZones = mkMerge ( + mapAttrsToList ( + name: host: host.config.dns.zones + ) nodes + ); + + systemd.services.bind.preStart = '' + mkdir -p /var/lib/bind + chown named /var/lib/bind + ''; + + services.bind = { + enable = true; + zones = ( + mapAttrsToList ( + name: zone: { + inherit name; + master = true; + slaves = [ "any" ]; + file = pkgs.dns.util."${currentSystem}".writeZone name zone; + } + ) cfg.allZones + ) ++ cfg.extraZones; + }; + }; +}
diff --git a/pkgs/default.nix b/pkgs/default.nix @@ -16,7 +16,7 @@ unstable = inputs.nixpkgsUnstable.legacyPackages.${prev.system}; writePythonScriptBin = (pkgs.callPackage ./writePythonScriptBin.nix {}).writePythonScriptBin; - dns = import <dns.nix>; + dns = inputs.dns; agenix = inputs.agenix.defaultPackage."${currentSystem}";