JakeHillion/nixos
1
0
Fork 0
Code Issues 10 Pull Requests 6 Actions Packages Projects Releases Wiki Activity

jorah: add authoritative dns server
All checks were successful
flake / flake (push) Successful in 1m44s
Details

Browse Source
This commit is contained in:
Jake Hillion 2024-04-27 17:06:20 +01:00
parent 0ef24c14e7
commit 348bca745b
5 changed files with 136 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
hosts/jorah.cx.ts.hillion.co.uk/default.nix
View File

@ -87,11 +87,13 @@
interfaces = { interfaces = {
eth0 = { eth0 = {
allowedTCPPorts = lib.mkForce [ allowedTCPPorts = lib.mkForce [
53 # DNS
80 # HTTP 1-2 80 # HTTP 1-2
443 # HTTPS 1-2 443 # HTTPS 1-2
8080 # Unifi (inform) 8080 # Unifi (inform)
]; ];
allowedUDPPorts = lib.mkForce [ allowedUDPPorts = lib.mkForce [
53 # DNS
443 # HTTP 3 443 # HTTP 3
3478 # Unifi STUN 3478 # Unifi STUN
]; ];

120
modules/dns.nix
View File

@ -2,61 +2,22 @@
let let
cfg = config.custom.dns; cfg = config.custom.dns;
v4Hosts = {
uk = {
co = {
hillion = {
ts = {
cx = {
boron = "100.112.54.25";
jorah = "100.96.143.138";
};
home = {
microserver = "100.105.131.47";
router = "100.105.71.48";
};
jakehillion-terminals = { gendry = "100.70.100.77"; };
lt = { be = "100.105.166.79"; };
pop = { li = "100.106.87.35"; };
storage = {
theon = "100.104.142.22";
tywin = "100.115.31.91";
};
};
};
};
};
};
v6Hosts = {
uk = {
co = {
hillion = {
ts = {
cx = {
boron = "fd7a:115c:a1e0::2a01:3619";
jorah = "fd7a:115c:a1e0:ab12:4843:cd96:6260:8f8a";
};
home = {
microserver = "fd7a:115c:a1e0:ab12:4843:cd96:6269:832f";
router = "fd7a:115c:a1e0:ab12:4843:cd96:6269:4730";
};
jakehillion-terminals = { gendry = "fd7a:115c:a1e0:ab12:4843:cd96:6246:644d"; };
lt = { be = "fd7a:115c:a1e0::9001:a64f"; };
pop = { li = "fd7a:115c:a1e0::e701:5723"; };
storage = {
theon = "fd7a:115c:a1e0::4aa8:8e16";
tywin = "fd7a:115c:a1e0:ab12:4843:cd96:6273:1f5b";
};
};
};
};
};
};
in in
{ {
options.custom.dns = { options.custom.dns = {
enable = lib.mkEnableOption "dns"; enable = lib.mkEnableOption "dns";
authoritative = {
ipv4 = lib.mkOption {
description = "authoritative ipv4 mappings";
readOnly = true;
};
ipv6 = lib.mkOption {
description = "authoritative ipv6 mappings";
readOnly = true;
};
};
tailscale = tailscale =
{ {
ipv4 = lib.mkOption { ipv4 = lib.mkOption {
@ -71,13 +32,66 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
custom.dns.authoritative = {
ipv4 = {
uk = {
co = {
hillion = {
ts = {
cx = {
boron = "100.112.54.25";
jorah = "100.96.143.138";
};
home = {
microserver = "100.105.131.47";
router = "100.105.71.48";
};
jakehillion-terminals = { gendry = "100.70.100.77"; };
lt = { be = "100.105.166.79"; };
pop = { li = "100.106.87.35"; };
storage = {
theon = "100.104.142.22";
tywin = "100.115.31.91";
};
};
};
};
};
};
ipv6 = {
uk = {
co = {
hillion = {
ts = {
cx = {
boron = "fd7a:115c:a1e0::2a01:3619";
jorah = "fd7a:115c:a1e0:ab12:4843:cd96:6260:8f8a";
};
home = {
microserver = "fd7a:115c:a1e0:ab12:4843:cd96:6269:832f";
router = "fd7a:115c:a1e0:ab12:4843:cd96:6269:4730";
};
jakehillion-terminals = { gendry = "fd7a:115c:a1e0:ab12:4843:cd96:6246:644d"; };
lt = { be = "fd7a:115c:a1e0::9001:a64f"; };
pop = { li = "fd7a:115c:a1e0::e701:5723"; };
storage = {
theon = "fd7a:115c:a1e0::4aa8:8e16";
tywin = "fd7a:115c:a1e0:ab12:4843:cd96:6273:1f5b";
};
};
};
};
};
};
};
custom.dns.tailscale = custom.dns.tailscale =
let let
lookupFqdn = lib.attrsets.attrByPath (lib.reverseList (lib.splitString "." config.networking.fqdn)) null; lookupFqdn = lib.attrsets.attrByPath (lib.reverseList (lib.splitString "." config.networking.fqdn)) null;
in in
{ {
ipv4 = lookupFqdn v4Hosts; ipv4 = lookupFqdn cfg.authoritative.ipv4;
ipv6 = lookupFqdn v6Hosts; ipv6 = lookupFqdn cfg.authoritative.ipv6;
}; };
networking.hosts = networking.hosts =
@ -89,6 +103,6 @@ in
lib.nameValuePair value [ (lib.concatStringsSep "." (lib.reverseList path)) ]) lib.nameValuePair value [ (lib.concatStringsSep "." (lib.reverseList path)) ])
hosts)); hosts));
in in
builtins.listToAttrs (mkHosts v4Hosts ++ mkHosts v6Hosts); builtins.listToAttrs (mkHosts cfg.authoritative.ipv4 ++ mkHosts cfg.authoritative.ipv6);
}; };
} }

19
modules/locations.nix
View File

@ -11,8 +11,12 @@ in
}; };
locations = lib.mkOption { locations = lib.mkOption {
readOnly = true;
default = { default = {
services = { services = {
authoritative_dns = [
"jorah.cx.ts.hillion.co.uk"
];
downloads = "tywin.storage.ts.hillion.co.uk"; downloads = "tywin.storage.ts.hillion.co.uk";
gitea = "jorah.cx.ts.hillion.co.uk"; gitea = "jorah.cx.ts.hillion.co.uk";
homeassistant = "microserver.home.ts.hillion.co.uk"; homeassistant = "microserver.home.ts.hillion.co.uk";
@ -29,12 +33,13 @@ in
}; };
config = lib.mkIf cfg.autoServe { config = lib.mkIf cfg.autoServe {
custom.services.downloads.enable = cfg.locations.services.downloads == config.networking.fqdn; custom.services = lib.mapAttrsRecursive
custom.services.gitea.enable = cfg.locations.services.gitea == config.networking.fqdn; (path: value: {
custom.services.homeassistant.enable = cfg.locations.services.homeassistant == config.networking.fqdn; enable =
custom.services.mastodon.enable = cfg.locations.services.mastodon == config.networking.fqdn; if builtins.isList value
custom.services.matrix.enable = cfg.locations.services.matrix == config.networking.fqdn; then builtins.elem config.networking.fqdn value
custom.services.tang.enable = builtins.elem config.networking.fqdn cfg.locations.services.tang; else config.networking.fqdn == value;
custom.services.unifi.enable = cfg.locations.services.unifi == config.networking.fqdn; })
cfg.locations.services;
}; };
} }

54
modules/services/authoritative_dns.nix Normal file
View File

@ -0,0 +1,54 @@
{ pkgs, lib, config, ... }:
let
cfg = config.custom.services.authoritative_dns;
in
{
options.custom.services.authoritative_dns = {
enable = lib.mkEnableOption "authoritative_dns";
};
config = lib.mkIf cfg.enable {
services.nsd = {
enable = true;
interfaces = [
"95.217.229.104"
"2a01:4f9:4b:3953::2"
];
zones = {
"ts.hillion.co.uk" = {
data =
let
makeRecords = type: s: (lib.concatStringsSep "\n" (lib.collect builtins.isString (lib.mapAttrsRecursive (path: value: "${lib.concatStringsSep "." (lib.reverseList path)} 86400 ${type} ${value}") s)));
in
''
$ORIGIN ts.hillion.co.uk.
$TTL 86400
ts.hillion.co.uk. IN SOA ns1.hillion.co.uk. hostmaster.hillion.co.uk. (
1 ;Serial
7200 ;Refresh
3600 ;Retry
1209600 ;Expire
3600 ;Negative response caching TTL
)
86400 NS ns1.hillion.co.uk.
deluge.downloads 21600 CNAME tywin.storage.ts.hillion.co.uk.
graphs.router.home 21600 CNAME router.home.ts.hillion.co.uk.
prowlarr.downloads 21600 CNAME tywin.storage.ts.hillion.co.uk.
radarr.downloads 21600 CNAME tywin.storage.ts.hillion.co.uk.
restic.tywin.storage 21600 CNAME tywin.storage.ts.hillion.co.uk.
sonarr.downloads 21600 CNAME tywin.storage.ts.hillion.co.uk.
zigbee2mqtt.home 21600 CNAME router.home.ts.hillion.co.uk.
'' + (makeRecords "A" config.custom.dns.authoritative.ipv4.uk.co.hillion.ts) + "\n\n" + (makeRecords "AAAA" config.custom.dns.authoritative.ipv6.uk.co.hillion.ts);
};
};
};
};
}

1
modules/services/default.nix
View File

@ -2,6 +2,7 @@
{ {
imports = [ imports = [
./authoritative_dns.nix
./downloads.nix ./downloads.nix
./gitea/default.nix ./gitea/default.nix
./homeassistant.nix ./homeassistant.nix