diff --git a/lib/default.nix b/lib/default.nix index 03d7309..ae2aef0 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -11,6 +11,8 @@ rec { attrsToNVList = mapAttrsToList nameValuePair; inherit (import ./net.nix { inherit lib; }) net; + dns = import ./dns.nix { inherit lib; }; + # Yoinked from nixpkgs/nixos/modules/services/networking/nat.nix isIPv6 = ip: length (lib.splitString ":" ip) > 2; parseIPPort = ipp: diff --git a/lib/dns.nix b/lib/dns.nix new file mode 100644 index 0000000..15ac486 --- /dev/null +++ b/lib/dns.nix @@ -0,0 +1,70 @@ +{ lib }: +let + inherit (builtins) filter; + inherit (lib) + concatStringsSep concatMapStringsSep mapAttrsToList filterAttrs flatten optionalString; +in +rec { + genRecords = + { + allAssignments, + domain, + names, + f, + }: + concatStringsSep + "\n" + (filter + (s: s != "") + (flatten + (map + (name: (mapAttrsToList + (_: as: f as."${name}") + (filterAttrs + (_: as: as ? "${name}" && as."${name}".domain == domain && as."${name}".visible) + allAssignments))) + names))); + + fwdRecords = + { + allAssignments, + domain, + names, + }: + genRecords { + inherit allAssignments domain names; + f = a: '' + ${a.name} IN A ${a.ipv4.address} + ${optionalString (a.ipv6.address != null) "${a.name} IN AAAA ${a.ipv6.address}"} + ${concatMapStringsSep "\n" (alt: "${alt} IN CNAME ${a.name}") a.altNames} + ''; + }; + ptrRecords = + { + allAssignments, + domain, + names, + ndots, + }: + genRecords { + inherit allAssignments domain names; + f = a: + optionalString + a.ipv4.genPTR + ''@@PTR:${a.ipv4.address}:${toString ndots}@@ IN PTR ${a.name}.${domain}.''; + }; + ptr6Records = + { + allAssignments, + domain, + names, + ndots, + }: + genRecords { + inherit allAssignments domain names; + f = a: + optionalString + (a.ipv6.address != null && a.ipv6.genPTR) + ''@@PTR:${a.ipv6.address}:${toString ndots}@@ IN PTR ${a.name}.${domain}.''; + }; +} diff --git a/nixos/boxes/colony/vms/estuary/dns.nix b/nixos/boxes/colony/vms/estuary/dns.nix index f53a9d5..ee27276 100644 --- a/nixos/boxes/colony/vms/estuary/dns.nix +++ b/nixos/boxes/colony/vms/estuary/dns.nix @@ -1,14 +1,6 @@ { lib, pkgs, config, assignments, allAssignments, ... }: let - inherit (builtins) attrNames stringLength genList filter; - inherit (lib) - concatStrings concatStringsSep concatMapStringsSep mapAttrsToList filterAttrs genAttrs optionalString flatten; - - ptrDots = 2; - reverseZone = "100.10.in-addr.arpa"; - ptrDots6 = 20; - reverseZone6 = "2.d.4.0.0.c.7.9.e.0.a.2.ip6.arpa"; - ptr6ValTrim = (stringLength "2a0e:97c0:4d2:") + 1; + inherit (builtins) attrNames; authZones = attrNames config.my.pdns.auth.bind.zones; in @@ -129,66 +121,7 @@ in bind.zones = let - genRecords = assignments: f: - concatStringsSep - "\n" - (filter - (s: s != "") - (flatten - (map - (assignment: (mapAttrsToList - (_: as: f as."${assignment}") - (filterAttrs - (_: as: as ? "${assignment}" && as."${assignment}".visible) - allAssignments))) - assignments))); - - genFor = [ "internal" "base" "vms" "ctrs" "routing" ]; - intRecords = - genRecords genFor (a: '' - ${a.name} IN A ${a.ipv4.address} - ${optionalString (a.ipv6.address != null) "${a.name} IN AAAA ${a.ipv6.address}"} - ${concatMapStringsSep "\n" (alt: "${alt} IN CNAME ${a.name}") a.altNames} - ''); - intPtrRecords = - genRecords - genFor - (a: - optionalString - a.ipv4.genPTR - ''@@PTR:${a.ipv4.address}:${toString ptrDots}@@ IN PTR ${a.name}.${config.networking.domain}.''); - intPtr6Records = - genRecords - genFor - (a: - optionalString - (a.ipv6.address != null && a.ipv6.genPTR) - ''@@PTR:${a.ipv6.address}:${toString ptrDots6}@@ IN PTR ${a.name}.${config.networking.domain}.''); - - wildcardPtrDef = ''IN LUA PTR "createReverse('ip-%3%-%4%.${config.networking.domain}')"''; - - reverse6Script = - let - len = toString ptr6ValTrim; - in - pkgs.writeText "reverse6.lua" '' - local root = newDN("ip6.arpa.") - local ptr = qname:makeRelative(root):toStringNoDot() - local nibbles = string.gsub(string.reverse(ptr), "%.", "") - - local ip6 = string.sub(nibbles, 1, 4) - for i = 1, 7 do - ip6 = ip6 .. ":" .. string.sub(nibbles, (i*4)+1, (i+1)*4) - end - - local addr = newCA(ip6) - return "ip6-" .. string.sub(string.gsub(addr:toString(), ":", "-"), ${len}) .. ".${config.networking.domain}." - ''; - wildcardPtr6Def = ''IN LUA PTR "dofile('${reverse6Script}')"''; - wildcardPtr6Zeroes = n: concatStrings (genList (_: "0.") n); - wildcardPtr6' = n: root: ''*.${wildcardPtr6Zeroes n}${root} ${wildcardPtr6Def}''; - wildcardPtr6 = n: root: concatStringsSep "\n" (genList (i: wildcardPtr6' i root) (n - 1)); - wildcardPtr6Z = wildcardPtr6 ptrDots6; + names = [ "internal" "base" "vms" "ctrs" "routing" ]; in { "${config.networking.domain}" = { @@ -223,10 +156,13 @@ in _acme-challenge IN LUA TXT @@FILE@@ $TTL 60 - ${intRecords} + ${lib.my.dns.fwdRecords { + inherit allAssignments names; + domain = config.networking.domain; + }} ''; }; - "${reverseZone}" = { + "100.10.in-addr.arpa" = { type = "master"; text = '' $TTL 60 @@ -240,16 +176,14 @@ in @ IN NS ns.${config.networking.domain}. - ${intPtrRecords} - - * ${wildcardPtrDef} - ; Have to add a specific wildcard for each of the explicitly set subnets... - *.0 ${wildcardPtrDef} - *.1 ${wildcardPtrDef} - *.2 ${wildcardPtrDef} + ${lib.my.dns.ptrRecords { + inherit allAssignments names; + domain = config.networking.domain; + ndots = 2; + }} ''; }; - "${reverseZone6}" = { + "2.d.4.0.0.c.7.9.e.0.a.2.ip6.arpa" = { type = "master"; text = '' $TTL 60 @@ -266,17 +200,11 @@ in 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2 IN PTR mail.nul.ie. - ${intPtr6Records} - - * ${wildcardPtr6Def} - ; Have to add a specific wildcard for each of the explicitly set subnets... this is disgusting for IPv6 - *.0 ${wildcardPtr6Def} - *.0.0 ${wildcardPtr6Def} - *.1.0.0 ${wildcardPtr6Def} - - ${wildcardPtr6Z "0.1.0.0"} - ${wildcardPtr6Z "1.1.0.0"} - ${wildcardPtr6Z "2.1.0.0"} + ${lib.my.dns.ptr6Records { + inherit allAssignments names; + domain = config.networking.domain; + ndots = 20; + }} ''; }; };