jorah: add authoritative dns server #246
@ -87,11 +87,13 @@
|
||||
interfaces = {
|
||||
eth0 = {
|
||||
allowedTCPPorts = lib.mkForce [
|
||||
53 # DNS
|
||||
80 # HTTP 1-2
|
||||
443 # HTTPS 1-2
|
||||
8080 # Unifi (inform)
|
||||
];
|
||||
allowedUDPPorts = lib.mkForce [
|
||||
53 # DNS
|
||||
443 # HTTP 3
|
||||
3478 # Unifi STUN
|
||||
];
|
||||
|
||||
120
modules/dns.nix
120
modules/dns.nix
@ -2,61 +2,22 @@
|
||||
|
||||
let
|
||||
cfg = config.custom.dns;
|
||||
v4Hosts = {
|
||||
uk = {
|
||||
co = {
|
||||
hillion = {
|
||||
ts = {
|
||||
cx = {
|
||||
boron = "100.112.54.25";
|
||||
jorah = "100.96.143.138";
|
||||
};
|
||||
home = {
|
||||
microserver = "100.105.131.47";
|
||||
router = "100.105.71.48";
|
||||
};
|
||||
jakehillion-terminals = { gendry = "100.70.100.77"; };
|
||||
lt = { be = "100.105.166.79"; };
|
||||
pop = { li = "100.106.87.35"; };
|
||||
storage = {
|
||||
theon = "100.104.142.22";
|
||||
tywin = "100.115.31.91";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
v6Hosts = {
|
||||
uk = {
|
||||
co = {
|
||||
hillion = {
|
||||
ts = {
|
||||
cx = {
|
||||
boron = "fd7a:115c:a1e0::2a01:3619";
|
||||
jorah = "fd7a:115c:a1e0:ab12:4843:cd96:6260:8f8a";
|
||||
};
|
||||
home = {
|
||||
microserver = "fd7a:115c:a1e0:ab12:4843:cd96:6269:832f";
|
||||
router = "fd7a:115c:a1e0:ab12:4843:cd96:6269:4730";
|
||||
};
|
||||
jakehillion-terminals = { gendry = "fd7a:115c:a1e0:ab12:4843:cd96:6246:644d"; };
|
||||
lt = { be = "fd7a:115c:a1e0::9001:a64f"; };
|
||||
pop = { li = "fd7a:115c:a1e0::e701:5723"; };
|
||||
storage = {
|
||||
theon = "fd7a:115c:a1e0::4aa8:8e16";
|
||||
tywin = "fd7a:115c:a1e0:ab12:4843:cd96:6273:1f5b";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
in
|
||||
{
|
||||
options.custom.dns = {
|
||||
enable = lib.mkEnableOption "dns";
|
||||
|
||||
authoritative = {
|
||||
ipv4 = lib.mkOption {
|
||||
description = "authoritative ipv4 mappings";
|
||||
readOnly = true;
|
||||
};
|
||||
ipv6 = lib.mkOption {
|
||||
description = "authoritative ipv6 mappings";
|
||||
readOnly = true;
|
||||
};
|
||||
};
|
||||
|
||||
tailscale =
|
||||
{
|
||||
ipv4 = lib.mkOption {
|
||||
@ -71,13 +32,66 @@ in
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
custom.dns.authoritative = {
|
||||
ipv4 = {
|
||||
uk = {
|
||||
co = {
|
||||
hillion = {
|
||||
ts = {
|
||||
cx = {
|
||||
boron = "100.112.54.25";
|
||||
jorah = "100.96.143.138";
|
||||
};
|
||||
home = {
|
||||
microserver = "100.105.131.47";
|
||||
router = "100.105.71.48";
|
||||
};
|
||||
jakehillion-terminals = { gendry = "100.70.100.77"; };
|
||||
lt = { be = "100.105.166.79"; };
|
||||
pop = { li = "100.106.87.35"; };
|
||||
storage = {
|
||||
theon = "100.104.142.22";
|
||||
tywin = "100.115.31.91";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
ipv6 = {
|
||||
uk = {
|
||||
co = {
|
||||
hillion = {
|
||||
ts = {
|
||||
cx = {
|
||||
boron = "fd7a:115c:a1e0::2a01:3619";
|
||||
jorah = "fd7a:115c:a1e0:ab12:4843:cd96:6260:8f8a";
|
||||
};
|
||||
home = {
|
||||
microserver = "fd7a:115c:a1e0:ab12:4843:cd96:6269:832f";
|
||||
router = "fd7a:115c:a1e0:ab12:4843:cd96:6269:4730";
|
||||
};
|
||||
jakehillion-terminals = { gendry = "fd7a:115c:a1e0:ab12:4843:cd96:6246:644d"; };
|
||||
lt = { be = "fd7a:115c:a1e0::9001:a64f"; };
|
||||
pop = { li = "fd7a:115c:a1e0::e701:5723"; };
|
||||
storage = {
|
||||
theon = "fd7a:115c:a1e0::4aa8:8e16";
|
||||
tywin = "fd7a:115c:a1e0:ab12:4843:cd96:6273:1f5b";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
custom.dns.tailscale =
|
||||
let
|
||||
lookupFqdn = lib.attrsets.attrByPath (lib.reverseList (lib.splitString "." config.networking.fqdn)) null;
|
||||
in
|
||||
{
|
||||
ipv4 = lookupFqdn v4Hosts;
|
||||
ipv6 = lookupFqdn v6Hosts;
|
||||
ipv4 = lookupFqdn cfg.authoritative.ipv4;
|
||||
ipv6 = lookupFqdn cfg.authoritative.ipv6;
|
||||
};
|
||||
|
||||
networking.hosts =
|
||||
@ -89,6 +103,6 @@ in
|
||||
lib.nameValuePair value [ (lib.concatStringsSep "." (lib.reverseList path)) ])
|
||||
hosts));
|
||||
in
|
||||
builtins.listToAttrs (mkHosts v4Hosts ++ mkHosts v6Hosts);
|
||||
builtins.listToAttrs (mkHosts cfg.authoritative.ipv4 ++ mkHosts cfg.authoritative.ipv6);
|
||||
};
|
||||
}
|
||||
|
||||
@ -11,8 +11,12 @@ in
|
||||
};
|
||||
|
||||
locations = lib.mkOption {
|
||||
readOnly = true;
|
||||
default = {
|
||||
services = {
|
||||
authoritative_dns = [
|
||||
"jorah.cx.ts.hillion.co.uk"
|
||||
];
|
||||
downloads = "tywin.storage.ts.hillion.co.uk";
|
||||
gitea = "jorah.cx.ts.hillion.co.uk";
|
||||
homeassistant = "microserver.home.ts.hillion.co.uk";
|
||||
@ -29,12 +33,13 @@ in
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.autoServe {
|
||||
custom.services.downloads.enable = cfg.locations.services.downloads == config.networking.fqdn;
|
||||
custom.services.gitea.enable = cfg.locations.services.gitea == config.networking.fqdn;
|
||||
custom.services.homeassistant.enable = cfg.locations.services.homeassistant == config.networking.fqdn;
|
||||
custom.services.mastodon.enable = cfg.locations.services.mastodon == config.networking.fqdn;
|
||||
custom.services.matrix.enable = cfg.locations.services.matrix == config.networking.fqdn;
|
||||
custom.services.tang.enable = builtins.elem config.networking.fqdn cfg.locations.services.tang;
|
||||
custom.services.unifi.enable = cfg.locations.services.unifi == config.networking.fqdn;
|
||||
custom.services = lib.mapAttrsRecursive
|
||||
(path: value: {
|
||||
enable =
|
||||
if builtins.isList value
|
||||
then builtins.elem config.networking.fqdn value
|
||||
else config.networking.fqdn == value;
|
||||
})
|
||||
cfg.locations.services;
|
||||
};
|
||||
}
|
||||
|
||||
54
modules/services/authoritative_dns.nix
Normal file
54
modules/services/authoritative_dns.nix
Normal file
@ -0,0 +1,54 @@
|
||||
{ pkgs, lib, config, ... }:
|
||||
|
||||
let
|
||||
cfg = config.custom.services.authoritative_dns;
|
||||
in
|
||||
{
|
||||
options.custom.services.authoritative_dns = {
|
||||
enable = lib.mkEnableOption "authoritative_dns";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
services.nsd = {
|
||||
enable = true;
|
||||
|
||||
interfaces = [
|
||||
"95.217.229.104"
|
||||
"2a01:4f9:4b:3953::2"
|
||||
];
|
||||
|
||||
zones = {
|
||||
"ts.hillion.co.uk" = {
|
||||
data =
|
||||
let
|
||||
makeRecords = type: s: (lib.concatStringsSep "\n" (lib.collect builtins.isString (lib.mapAttrsRecursive (path: value: "${lib.concatStringsSep "." (lib.reverseList path)} 86400 ${type} ${value}") s)));
|
||||
in
|
||||
''
|
||||
$ORIGIN ts.hillion.co.uk.
|
||||
$TTL 86400
|
||||
|
||||
ts.hillion.co.uk. IN SOA ns1.hillion.co.uk. hostmaster.hillion.co.uk. (
|
||||
1 ;Serial
|
||||
7200 ;Refresh
|
||||
3600 ;Retry
|
||||
1209600 ;Expire
|
||||
3600 ;Negative response caching TTL
|
||||
)
|
||||
|
||||
86400 NS ns1.hillion.co.uk.
|
||||
|
||||
deluge.downloads 21600 CNAME tywin.storage.ts.hillion.co.uk.
|
||||
graphs.router.home 21600 CNAME router.home.ts.hillion.co.uk.
|
||||
prowlarr.downloads 21600 CNAME tywin.storage.ts.hillion.co.uk.
|
||||
radarr.downloads 21600 CNAME tywin.storage.ts.hillion.co.uk.
|
||||
restic.tywin.storage 21600 CNAME tywin.storage.ts.hillion.co.uk.
|
||||
sonarr.downloads 21600 CNAME tywin.storage.ts.hillion.co.uk.
|
||||
zigbee2mqtt.home 21600 CNAME router.home.ts.hillion.co.uk.
|
||||
|
||||
'' + (makeRecords "A" config.custom.dns.authoritative.ipv4.uk.co.hillion.ts) + "\n\n" + (makeRecords "AAAA" config.custom.dns.authoritative.ipv6.uk.co.hillion.ts);
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@ -2,6 +2,7 @@
|
||||
|
||||
{
|
||||
imports = [
|
||||
./authoritative_dns.nix
|
||||
./downloads.nix
|
||||
./gitea/default.nix
|
||||
./homeassistant.nix
|
||||
|
||||
Loading…
Reference in New Issue
Block a user