2023-11-19 14:32:23 +00:00
|
|
|
index: { lib, pkgs, config, assignments, allAssignments, ... }:
|
|
|
|
|
let
|
2023-11-25 15:07:58 +00:00
|
|
|
inherit (builtins) attrNames elemAt;
|
2023-11-19 14:32:23 +00:00
|
|
|
inherit (lib.my) net;
|
2023-11-25 15:07:58 +00:00
|
|
|
inherit (lib.my.c.home) prefixes vips routers;
|
|
|
|
|
|
|
|
|
|
name = elemAt routers index;
|
|
|
|
|
otherIndex = 1 - index;
|
|
|
|
|
otherName = elemAt routers otherIndex;
|
2023-11-19 14:32:23 +00:00
|
|
|
|
|
|
|
|
authZones = attrNames config.my.pdns.auth.bind.zones;
|
|
|
|
|
in
|
|
|
|
|
{
|
|
|
|
|
config = {
|
|
|
|
|
my = {
|
|
|
|
|
secrets.files = {
|
|
|
|
|
"home/pdns/auth.conf" = {
|
|
|
|
|
owner = "pdns";
|
|
|
|
|
group = "pdns";
|
|
|
|
|
};
|
|
|
|
|
"home/pdns/recursor.conf" = {
|
|
|
|
|
owner = "pdns-recursor";
|
|
|
|
|
group = "pdns-recursor";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
pdns.recursor = {
|
|
|
|
|
enable = true;
|
|
|
|
|
extraSettingsFile = config.age.secrets."home/pdns/recursor.conf".path;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
services = {
|
|
|
|
|
pdns-recursor = {
|
|
|
|
|
dns = {
|
|
|
|
|
address = [
|
|
|
|
|
"127.0.0.1" "::1"
|
|
|
|
|
assignments.hi.ipv4.address assignments.hi.ipv6.address
|
|
|
|
|
assignments.lo.ipv4.address assignments.lo.ipv6.address
|
|
|
|
|
];
|
|
|
|
|
allowFrom = [
|
|
|
|
|
"127.0.0.0/8" "::1/128"
|
|
|
|
|
prefixes.hi.v4 prefixes.hi.v6
|
|
|
|
|
prefixes.lo.v4 prefixes.lo.v6
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
settings = {
|
|
|
|
|
query-local-address = [
|
2023-11-19 23:50:24 +00:00
|
|
|
"0.0.0.0"
|
2023-11-26 01:29:44 +00:00
|
|
|
"::"
|
2023-11-19 14:32:23 +00:00
|
|
|
];
|
|
|
|
|
forward-zones = map (z: "${z}=127.0.0.1:5353") authZones;
|
|
|
|
|
|
|
|
|
|
# DNS NOTIFY messages override TTL
|
|
|
|
|
allow-notify-for = authZones;
|
|
|
|
|
allow-notify-from = [ "127.0.0.0/8" "::1/128" ];
|
|
|
|
|
|
|
|
|
|
webserver = true;
|
|
|
|
|
webserver-address = "::";
|
|
|
|
|
webserver-allow-from = [ "127.0.0.1" "::1" ];
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2023-11-25 15:07:58 +00:00
|
|
|
systemd.services = {
|
|
|
|
|
# Add AF_NETLINK to allow pulling IP from network interfaces
|
|
|
|
|
pdns.serviceConfig.RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6 AF_NETLINK";
|
|
|
|
|
};
|
|
|
|
|
|
2023-11-19 14:32:23 +00:00
|
|
|
environment.systemPackages = with pkgs; [
|
2023-12-16 18:50:51 +00:00
|
|
|
# For rec_control
|
2023-11-19 14:32:23 +00:00
|
|
|
pdns-recursor
|
2023-12-16 18:50:51 +00:00
|
|
|
sqlite
|
2023-11-19 14:32:23 +00:00
|
|
|
];
|
|
|
|
|
|
|
|
|
|
my.pdns.auth = {
|
|
|
|
|
enable = true;
|
|
|
|
|
extraSettingsFile = config.age.secrets."home/pdns/auth.conf".path;
|
|
|
|
|
settings = {
|
|
|
|
|
primary = true;
|
|
|
|
|
resolver = "127.0.0.1";
|
|
|
|
|
expand-alias = true;
|
|
|
|
|
local-address = [
|
|
|
|
|
"0.0.0.0:5353" "[::]:5353"
|
|
|
|
|
];
|
|
|
|
|
also-notify = [ "127.0.0.1" ];
|
|
|
|
|
enable-lua-records = true;
|
2023-11-25 15:07:58 +00:00
|
|
|
# loglevel = 7;
|
|
|
|
|
# log-dns-queries = true;
|
|
|
|
|
# log-dns-details = true;
|
2023-11-19 14:32:23 +00:00
|
|
|
|
|
|
|
|
api = true;
|
|
|
|
|
webserver = true;
|
|
|
|
|
webserver-address = "::";
|
|
|
|
|
webserver-allow-from = [ "127.0.0.1" "::1" ];
|
2023-12-16 18:50:51 +00:00
|
|
|
|
|
|
|
|
dnsupdate = true;
|
|
|
|
|
launch = [ "gsqlite3" ];
|
|
|
|
|
gsqlite3-database = "/var/lib/pdns/dynamic.sqlite3";
|
2023-11-19 14:32:23 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
bind.zones =
|
|
|
|
|
let
|
2023-12-16 15:59:33 +00:00
|
|
|
names = [ "core" "hi" "lo" "untrusted" ];
|
2023-11-19 14:32:23 +00:00
|
|
|
i = toString (index + 1);
|
|
|
|
|
in
|
|
|
|
|
{
|
|
|
|
|
"${config.networking.domain}" = {
|
|
|
|
|
type = "master";
|
|
|
|
|
text = ''
|
|
|
|
|
$TTL 60
|
|
|
|
|
@ IN SOA ns${i}.${config.networking.domain}. dev.nul.ie. (
|
|
|
|
|
@@SERIAL@@ ; serial
|
|
|
|
|
3h ; refresh
|
|
|
|
|
1h ; retry
|
|
|
|
|
1w ; expire
|
|
|
|
|
1h ; minimum
|
|
|
|
|
)
|
|
|
|
|
|
2023-11-25 15:07:58 +00:00
|
|
|
${name} IN LUA ${lib.my.dns.ifaceA {
|
|
|
|
|
inherit pkgs;
|
|
|
|
|
iface = "wan";
|
|
|
|
|
skipBroadcasts = [ (lib.my.netBroadcast prefixes.modem.v4) ];
|
|
|
|
|
}}
|
|
|
|
|
${otherName} IN LUA ${lib.my.dns.lookupIP {
|
|
|
|
|
inherit pkgs;
|
|
|
|
|
hostname = "${otherName}.${config.networking.domain}";
|
|
|
|
|
server = net.cidr.host (otherIndex + 1) prefixes.hi.v4;
|
|
|
|
|
}}
|
|
|
|
|
${elemAt routers 0} IN AAAA ${net.cidr.host 1 prefixes.hi.v6}
|
|
|
|
|
${elemAt routers 1} IN AAAA ${net.cidr.host 2 prefixes.hi.v6}
|
|
|
|
|
|
2023-11-19 14:32:23 +00:00
|
|
|
@ IN NS ns1
|
|
|
|
|
@ IN NS ns2
|
2023-11-25 15:07:58 +00:00
|
|
|
ns1 IN ALIAS ${elemAt routers 0}.${config.networking.domain}.
|
|
|
|
|
ns2 IN ALIAS ${elemAt routers 1}.${config.networking.domain}.
|
2023-11-19 14:32:23 +00:00
|
|
|
|
2023-12-16 18:50:51 +00:00
|
|
|
dyn IN NS ns1.dyn.h.nul.ie.
|
|
|
|
|
dyn IN NS ns2.dyn.h.nul.ie.
|
|
|
|
|
ns1.dyn.h.nul.ie. IN ALIAS ${elemAt routers 0}.${config.networking.domain}.
|
|
|
|
|
ns2.dyn.h.nul.ie. IN ALIAS ${elemAt routers 1}.${config.networking.domain}.
|
|
|
|
|
|
2023-11-19 22:05:24 +00:00
|
|
|
jim-core IN A ${net.cidr.host 10 prefixes.core.v4}
|
|
|
|
|
jim IN A ${net.cidr.host 10 prefixes.hi.v4}
|
2023-12-16 15:59:33 +00:00
|
|
|
jim IN AAAA ${net.cidr.host (65536+1) prefixes.hi.v6}
|
2023-11-19 22:05:24 +00:00
|
|
|
jim-lo IN A ${net.cidr.host 10 prefixes.lo.v4}
|
2023-12-16 15:59:33 +00:00
|
|
|
jim-lo IN AAAA ${net.cidr.host (65536+1) prefixes.lo.v6}
|
2023-11-19 22:05:24 +00:00
|
|
|
|
|
|
|
|
dave-core IN A ${net.cidr.host 11 prefixes.core.v4}
|
|
|
|
|
dave IN A ${net.cidr.host 11 prefixes.hi.v4}
|
2023-12-16 15:59:33 +00:00
|
|
|
dave IN AAAA ${net.cidr.host (65536+2) prefixes.hi.v6}
|
2023-11-19 22:05:24 +00:00
|
|
|
dave-lo IN A ${net.cidr.host 11 prefixes.lo.v4}
|
2023-12-16 15:59:33 +00:00
|
|
|
dave-lo IN AAAA ${net.cidr.host (65536+2) prefixes.lo.v6}
|
2023-11-19 22:05:24 +00:00
|
|
|
|
|
|
|
|
ups IN A ${net.cidr.host 20 prefixes.lo.v4}
|
2023-12-03 22:58:28 +00:00
|
|
|
palace-kvm IN A ${net.cidr.host 21 prefixes.lo.v4}
|
2023-11-19 22:05:24 +00:00
|
|
|
|
2023-11-19 14:32:23 +00:00
|
|
|
${lib.my.dns.fwdRecords {
|
|
|
|
|
inherit allAssignments names;
|
|
|
|
|
domain = config.networking.domain;
|
|
|
|
|
}}
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
"168.192.in-addr.arpa" = {
|
|
|
|
|
type = "master";
|
|
|
|
|
text = ''
|
|
|
|
|
$TTL 60
|
|
|
|
|
@ IN SOA ns${i}.${config.networking.domain}. dev.nul.ie. (
|
|
|
|
|
@@SERIAL@@ ; serial
|
|
|
|
|
3h ; refresh
|
|
|
|
|
1h ; retry
|
|
|
|
|
1w ; expire
|
|
|
|
|
1h ; minimum
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
@ IN NS ns1.${config.networking.domain}.
|
|
|
|
|
@ IN NS ns2.${config.networking.domain}.
|
|
|
|
|
|
|
|
|
|
${lib.my.dns.ptrRecords {
|
|
|
|
|
inherit allAssignments names;
|
|
|
|
|
domain = config.networking.domain;
|
|
|
|
|
ndots = 2;
|
|
|
|
|
}}
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
"0.d.4.0.0.c.7.9.e.0.a.2.ip6.arpa" = {
|
|
|
|
|
type = "master";
|
|
|
|
|
text = ''
|
|
|
|
|
$TTL 60
|
|
|
|
|
@ IN SOA ns${i}.${config.networking.domain}. dev.nul.ie. (
|
|
|
|
|
@@SERIAL@@ ; serial
|
|
|
|
|
3h ; refresh
|
|
|
|
|
1h ; retry
|
|
|
|
|
1w ; expire
|
|
|
|
|
1h ; minimum
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
@ IN NS ns1.${config.networking.domain}.
|
|
|
|
|
@ IN NS ns2.${config.networking.domain}.
|
|
|
|
|
|
|
|
|
|
${lib.my.dns.ptr6Records {
|
|
|
|
|
inherit allAssignments names;
|
|
|
|
|
domain = config.networking.domain;
|
|
|
|
|
ndots = 20;
|
|
|
|
|
}}
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
}
|
