From 04bb06f49deee163cacb495166c63e16b5437201 Mon Sep 17 00:00:00 2001
From: Julien Malka <julien@malka.sh>
Date: Wed, 14 Aug 2024 14:58:06 +0200
Subject: [PATCH] feat: add records from non local machines

---
 machines/gustave/nsd.nix | 85 ++++++++++++++++++++++++++++------------
 1 file changed, 59 insertions(+), 26 deletions(-)

diff --git a/machines/gustave/nsd.nix b/machines/gustave/nsd.nix
index cf98197..032e6f9 100644
--- a/machines/gustave/nsd.nix
+++ b/machines/gustave/nsd.nix
@@ -12,6 +12,34 @@ let
       lib.attrValues nixosConfigurations
     )
   );
+
+  allowedDomains = [
+    "luj.fr"
+    "julienmalka.me"
+    "malka.family"
+    "luj"
+    "luj-static.page"
+  ];
+
+  isVPNDomain = domain: lib.dns.domainToZone [ "luj" ] domain != null;
+
+  zonesFromSnowField = lib.fold (elem: acc: acc // elem) { } (
+    lib.flatten (
+      map (
+        elem:
+        let
+          domains = if builtins.hasAttr "subdomains" elem then elem.subdomains else [ ];
+        in
+        map (domain: {
+          machine.meta.zones.${lib.dns.domainToZone allowedDomains domain}.subdomains =
+            lib.dns.domainToRecords domain elem
+              (isVPNDomain domain);
+        }) domains
+
+      ) (lib.attrValues lib.snowfield)
+    )
+  );
+
   dnsLib = (import inputs.dns).lib;
   evalZones =
     zones:
@@ -35,32 +63,37 @@ let
 
 in
 
-{
-  services.nsd = {
-    enable = true;
-    interfaces = [
-      config.machine.meta.ips.vpn.ipv4
-      config.machine.meta.ips.public.ipv6
-    ];
-    zones = lib.mapAttrs (_: value: {
-      data = builtins.toString value;
-      provideXFR = [ "100.100.45.0/24 NOKEY" ];
-      notify = [ "${lib.snowfield.akhaten.ips.vpn.ipv4} NOKEY" ];
-    }) (evalZones zonesFromConfig);
-  };
+lib.mkMerge [
+  {
+    services.nsd = {
+      enable = true;
+      interfaces = [
+        config.machine.meta.ips.vpn.ipv4
+        config.machine.meta.ips.public.ipv6
+      ];
+      zones = lib.mapAttrs (_: value: {
+        data = builtins.toString value;
+        provideXFR = [ "100.100.45.0/24 NOKEY" ];
+        notify = [ "${lib.snowfield.akhaten.ips.vpn.ipv4} NOKEY" ];
+      }) (evalZones zonesFromConfig);
+    };
 
-  systemd.services.nsd.preStart = lib.mkAfter ''
-    if [ -f ${stateDir}/counter ]; then
-      current_value=$(cat ${stateDir}/counter)
-      new_value=$((current_value + 1))
-      echo "$new_value" > ${stateDir}/counter
-    else
-      echo "0" > ${stateDir}/counter
-      new_value="0"
-    fi
-    sed -i "3s/0/$new_value/" ${stateDir}/zones/julienmalka.me
-  '';
+    systemd.services.nsd.preStart = lib.mkAfter ''
+      if [ -f ${stateDir}/counter ]; then
+        current_value=$(cat ${stateDir}/counter)
+        new_value=$((current_value + 1))
+        echo "$new_value" > ${stateDir}/counter
+      else
+        echo "0" > ${stateDir}/counter
+        new_value="0"
+      fi
+      sed -i "3s/0/$new_value/" ${stateDir}/zones/julienmalka.me
+    '';
 
-  networking.firewall.allowedUDPPorts = [ 53 ];
+    networking.firewall.allowedUDPPorts = [ 53 ];
 
-}
+  }
+
+  # DNS Records from all non local configurations are exported here
+  zonesFromSnowField
+]