Luj/snowfield
1
0
Fork 0
mirror of https://github.com/JulienMalka/snowfield.git synced 2025-03-28 14:50:55 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: add records from non local machines

Browse source
This commit is contained in:
Julien Malka 2024-08-14 14:58:06 +02:00
parent 58a3dd5088
commit 04bb06f49d
Signed by: Luj
GPG key ID: 6FC74C847011FD83
1 changed files with 59 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

85
machines/gustave/nsd.nix
View file

@ -12,6 +12,34 @@ let
lib.attrValues nixosConfigurations lib.attrValues nixosConfigurations
) )
); );
allowedDomains = [
"luj.fr"
"julienmalka.me"
"malka.family"
"luj"
"luj-static.page"
];
isVPNDomain = domain: lib.dns.domainToZone [ "luj" ] domain != null;
zonesFromSnowField = lib.fold (elem: acc: acc // elem) { } (
lib.flatten (
map (
elem:
let
domains = if builtins.hasAttr "subdomains" elem then elem.subdomains else [ ];
in
map (domain: {
machine.meta.zones.${lib.dns.domainToZone allowedDomains domain}.subdomains =
lib.dns.domainToRecords domain elem
(isVPNDomain domain);
}) domains
) (lib.attrValues lib.snowfield)
)
);
dnsLib = (import inputs.dns).lib; dnsLib = (import inputs.dns).lib;
evalZones = evalZones =
zones: zones:
@ -35,32 +63,37 @@ let
in in
{ lib.mkMerge [
services.nsd = { {
enable = true; services.nsd = {
interfaces = [ enable = true;
config.machine.meta.ips.vpn.ipv4 interfaces = [
config.machine.meta.ips.public.ipv6 config.machine.meta.ips.vpn.ipv4
]; config.machine.meta.ips.public.ipv6
zones = lib.mapAttrs (_: value: { ];
data = builtins.toString value; zones = lib.mapAttrs (_: value: {
provideXFR = [ "100.100.45.0/24 NOKEY" ]; data = builtins.toString value;
notify = [ "${lib.snowfield.akhaten.ips.vpn.ipv4} NOKEY" ]; provideXFR = [ "100.100.45.0/24 NOKEY" ];
}) (evalZones zonesFromConfig); notify = [ "${lib.snowfield.akhaten.ips.vpn.ipv4} NOKEY" ];
}; }) (evalZones zonesFromConfig);
};
systemd.services.nsd.preStart = lib.mkAfter '' systemd.services.nsd.preStart = lib.mkAfter ''
if [ -f ${stateDir}/counter ]; then if [ -f ${stateDir}/counter ]; then
current_value=$(cat ${stateDir}/counter) current_value=$(cat ${stateDir}/counter)
new_value=$((current_value + 1)) new_value=$((current_value + 1))
echo "$new_value" > ${stateDir}/counter echo "$new_value" > ${stateDir}/counter
else else
echo "0" > ${stateDir}/counter echo "0" > ${stateDir}/counter
new_value="0" new_value="0"
fi fi
sed -i "3s/0/$new_value/" ${stateDir}/zones/julienmalka.me sed -i "3s/0/$new_value/" ${stateDir}/zones/julienmalka.me
''; '';
networking.firewall.allowedUDPPorts = [ 53 ]; networking.firewall.allowedUDPPorts = [ 53 ];
} }
# DNS Records from all non local configurations are exported here
zonesFromSnowField
]