feat(dns): Use sniproxy for status.dgnum
This commit is contained in:
sinavir
parent
40b2c848e5
commit
026e79f395
3 changed files with 45 additions and 22 deletions
23
meta/dns.nix
23
meta/dns.nix
|
|
@ -127,10 +127,14 @@ let
|
|||
"s3-admin"
|
||||
];
|
||||
|
||||
rescue01.v6 = [
|
||||
"nb-relay01" # Netbird Relay
|
||||
"status" # Uptime Kuma
|
||||
];
|
||||
rescue01 = {
|
||||
v6 = [
|
||||
"nb-relay01" # Netbird Relay
|
||||
];
|
||||
proxied = [
|
||||
"status" # Uptime Kuma
|
||||
];
|
||||
};
|
||||
|
||||
vault01.dual = [
|
||||
"radius" # FreeRADIUS
|
||||
|
|
@ -261,7 +265,7 @@ in
|
|||
{ site, ... }:
|
||||
let
|
||||
net = meta.network.${host};
|
||||
inherit (net.addresses) A AAAA;
|
||||
inherit (net.addresses) A AAAA proxy;
|
||||
in
|
||||
nameValuePair "${host}.${site}" {
|
||||
inherit A AAAA;
|
||||
|
|
@ -270,11 +274,10 @@ in
|
|||
v4 = { inherit A; };
|
||||
v6 = { inherit AAAA; };
|
||||
private.A = optional (net.netbirdIp != null) net.netbirdIp;
|
||||
proxied = optionalAttrs (net.proxy != null) {
|
||||
# NOTE: We assume that we want to proxy ipv4 to an ipv6-only node
|
||||
# This might change in the future but is not planned yet.
|
||||
inherit (meta.network.${net.proxy}.addresses) A;
|
||||
inherit AAAA;
|
||||
proxied = optionalAttrs (proxy.A != [ ] || proxy.AAAA != [ ]) {
|
||||
A = if (proxy.A != [ ]) then proxy.A else A;
|
||||
AAAA = if (proxy.A != [ ]) then proxy.AAAA else AAAA;
|
||||
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -293,7 +293,7 @@
|
|||
};
|
||||
};
|
||||
|
||||
addresses.ipv4 = [ "82.67.34.230" ];
|
||||
addresses.proxy.A = [ "82.67.34.230" ];
|
||||
|
||||
hostId = "007f0200";
|
||||
netbirdIp = "100.80.97.140";
|
||||
|
|
@ -432,7 +432,6 @@
|
|||
ipv6 = [
|
||||
{
|
||||
address = "2a0e:e701:1120:1000::dead:beef";
|
||||
|
||||
prefixLength = 64;
|
||||
}
|
||||
{
|
||||
|
|
@ -452,7 +451,7 @@
|
|||
netbirdIp = null; # zulip01 is not to be connected on the VPN for now
|
||||
|
||||
# This node does not have ipv4 connectivity
|
||||
proxy = "lab-router01";
|
||||
addresses.proxy.host = "lab-router01";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -13,6 +13,7 @@ let
|
|||
mkDefault
|
||||
mkIf
|
||||
mkOption
|
||||
optionals
|
||||
optionalAttrs
|
||||
unique
|
||||
;
|
||||
|
|
@ -67,7 +68,6 @@ let
|
|||
org = config.organization;
|
||||
nixpkgs = import ./nixpkgs.nix;
|
||||
in
|
||||
|
||||
{
|
||||
options = {
|
||||
organization = {
|
||||
|
|
@ -456,15 +456,33 @@ in
|
|||
List of ipv6 addresses used for the AAAA record.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
proxy = mkOption {
|
||||
type = nullOr str;
|
||||
default = null;
|
||||
description = ''
|
||||
If not `null`, then a SNI proxy will be created to passthrough ipv4 traffic to this node via ipv6.
|
||||
'';
|
||||
};
|
||||
proxy = {
|
||||
host = mkOption {
|
||||
type = nullOr str;
|
||||
default = null;
|
||||
description = ''
|
||||
If not `null`, then a DNS record will be created to allow a SNI proxy to passthrough ipv4 traffic to this node via ipv6.
|
||||
'';
|
||||
};
|
||||
|
||||
A = mkOption {
|
||||
type = listOf str;
|
||||
default = [ ];
|
||||
description = ''
|
||||
List of ipv4 addresses used for the A record of the `proxied` DNS record.
|
||||
'';
|
||||
};
|
||||
|
||||
AAAA = mkOption {
|
||||
type = listOf str;
|
||||
default = [ ];
|
||||
description = ''
|
||||
List of ipv6 addresses used for the AAAA record of the `proxied` DNS record.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
hostId = mkOption {
|
||||
type = str;
|
||||
|
|
@ -509,6 +527,9 @@ in
|
|||
getAddresses "ipv4" (builtins.attrValues config.interfaces)
|
||||
);
|
||||
ipv6 = builtins.filter (_: true) ((getAddresses "ipv6") (builtins.attrValues config.interfaces));
|
||||
proxy.A = optionals (
|
||||
config.addresses.proxy.host != null
|
||||
) args.config.network.${config.addresses.proxy.host}.addresses.A;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue