dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

nixos/home/routing-common: Dynamically return WAN IP DNS
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 17m8s
Details

Browse Source
This commit is contained in:
Jack O'Sullivan 2023-11-25 15:07:58 +00:00
parent d347234e82
commit c8b65092be
4 changed files with 75 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
lib/default.nix
View File

@ -8,6 +8,18 @@ let
inherit (lib.flake) defaultSystems; inherit (lib.flake) defaultSystems;
in in
rec { rec {
pow =
let
pow' = base: exponent: value:
# FIXME: It will silently overflow on values > 2**62 :(
# The value will become negative or zero in this case
if exponent == 0
then 1
else if exponent <= 1
then value
else (pow' base (exponent - 1) (value * base));
in base: exponent: pow' base exponent base;
attrsToNVList = mapAttrsToList nameValuePair; attrsToNVList = mapAttrsToList nameValuePair;
inherit (import ./net.nix { inherit lib; }) net; inherit (import ./net.nix { inherit lib; }) net;
@ -29,6 +41,8 @@ rec {
ports = checked (elemAt m 1); ports = checked (elemAt m 1);
}; };
netBroadcast = net': net.cidr.host ((pow 2 (net.cidr.size net')) - 1) net';
mkDefaultSystemsPkgs = path: args': genAttrs defaultSystems (system: import path ((args' system) // { inherit system; })); mkDefaultSystemsPkgs = path: args': genAttrs defaultSystems (system: import path ((args' system) // { inherit system; }));
mkApp = program: { type = "app"; inherit program; }; mkApp = program: { type = "app"; inherit program; };
mkShellApp = pkgs: name: text: mkApp (pkgs.writeShellScript name text).outPath; mkShellApp = pkgs: name: text: mkApp (pkgs.writeShellScript name text).outPath;

31
lib/dns.nix
View File

@ -67,4 +67,35 @@ rec {
(a.ipv6.address != null && a.ipv6.genPTR) (a.ipv6.address != null && a.ipv6.genPTR)
''@@PTR:${a.ipv6.address}:${toString ndots}@@ IN PTR ${a.name}.${domain}.''; ''@@PTR:${a.ipv6.address}:${toString ndots}@@ IN PTR ${a.name}.${domain}.'';
}; };
ifaceA = { pkgs, iface, skipBroadcasts ? [] }:
let
extraFilters = concatMapStringsSep " " (b: ''and .broadcast != \"${b}\"'') skipBroadcasts;
script = pkgs.writeText "if-${iface}-a.lua" ''
local proc = io.popen("${pkgs.iproute2}/bin/ip -j addr show dev ${iface} | ${pkgs.jq}/bin/jq -r '.[0].addr_info[] | select(.family == \"inet\" and .scope == \"global\" ${extraFilters}).local'", "r")
assert(proc, "failed to popen")
local addr_line = proc:read("*l")
assert(proc:close(), "command failed")
assert(addr_line, "no output from command")
return addr_line
'';
in
''A "dofile('${script}')"'';
lookupIP = { pkgs, hostname, server, type ? "A" }:
let
script = pkgs.writeScript "drill-${hostname}-${server}.lua" ''
local proc = io.popen("${pkgs.ldns}/bin/drill -Q @${server} ${hostname} ${type}", "r")
assert(proc, "failed to popen")
local addr_line = proc:read("*l")
assert(proc:close(), "command failed")
assert(addr_line, "no output from command")
return addr_line
'';
in
''${type} "dofile('${script}')"'';
} }

1
nixos/boxes/home/routing-common/default.nix
View File

@ -26,6 +26,7 @@ in
}; };
hi = { hi = {
inherit domain; inherit domain;
name = "${name}-hi";
ipv4 = { ipv4 = {
address = net.cidr.host (index + 1) prefixes.hi.v4; address = net.cidr.host (index + 1) prefixes.hi.v4;
mask = 22; mask = 22;

39
nixos/boxes/home/routing-common/dns.nix
View File

@ -1,8 +1,12 @@
index: { lib, pkgs, config, assignments, allAssignments, ... }: index: { lib, pkgs, config, assignments, allAssignments, ... }:
let let
inherit (builtins) attrNames; inherit (builtins) attrNames elemAt;
inherit (lib.my) net; inherit (lib.my) net;
inherit (lib.my.c.home) prefixes vips; inherit (lib.my.c.home) prefixes vips routers;
name = elemAt routers index;
otherIndex = 1 - index;
otherName = elemAt routers otherIndex;
authZones = attrNames config.my.pdns.auth.bind.zones; authZones = attrNames config.my.pdns.auth.bind.zones;
in in
@ -63,6 +67,11 @@ in
}; };
}; };
systemd.services = {
# Add AF_NETLINK to allow pulling IP from network interfaces
pdns.serviceConfig.RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6 AF_NETLINK";
};
# For rec_control # For rec_control
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
pdns-recursor pdns-recursor
@ -80,9 +89,9 @@ in
]; ];
also-notify = [ "127.0.0.1" ]; also-notify = [ "127.0.0.1" ];
enable-lua-records = true; enable-lua-records = true;
#loglevel = 7; # loglevel = 7;
#log-dns-queries = true; # log-dns-queries = true;
#log-dns-details = true; # log-dns-details = true;
api = true; api = true;
webserver = true; webserver = true;
@ -108,13 +117,23 @@ in
1h ; minimum 1h ; minimum
) )
${name} IN LUA ${lib.my.dns.ifaceA {
inherit pkgs;
iface = "wan";
skipBroadcasts = [ (lib.my.netBroadcast prefixes.modem.v4) ];
}}
${otherName} IN LUA ${lib.my.dns.lookupIP {
inherit pkgs;
hostname = "${otherName}.${config.networking.domain}";
server = net.cidr.host (otherIndex + 1) prefixes.hi.v4;
}}
${elemAt routers 0} IN AAAA ${net.cidr.host 1 prefixes.hi.v6}
${elemAt routers 1} IN AAAA ${net.cidr.host 2 prefixes.hi.v6}
@ IN NS ns1 @ IN NS ns1
@ IN NS ns2 @ IN NS ns2
; TODO: WAN? ns1 IN ALIAS ${elemAt routers 0}.${config.networking.domain}.
ns1 IN A ${net.cidr.host 1 prefixes.hi.v4} ns2 IN ALIAS ${elemAt routers 1}.${config.networking.domain}.
ns2 IN A ${net.cidr.host 2 prefixes.hi.v4}
ns1 IN AAAA ${net.cidr.host 1 prefixes.hi.v6}
ns2 IN AAAA ${net.cidr.host 2 prefixes.hi.v6}
jim-core IN A ${net.cidr.host 10 prefixes.core.v4} jim-core IN A ${net.cidr.host 10 prefixes.core.v4}
jim IN A ${net.cidr.host 10 prefixes.hi.v4} jim IN A ${net.cidr.host 10 prefixes.hi.v4}