diff --git a/meta/dns.nix b/meta/dns.nix index ecd3a1f..46bed2f 100644 --- a/meta/dns.nix +++ b/meta/dns.nix @@ -127,10 +127,14 @@ let "s3-admin" ]; - rescue01.v6 = [ - "nb-relay01" # Netbird Relay - "status" # Uptime Kuma - ]; + rescue01 = { + v6 = [ + "nb-relay01" # Netbird Relay + ]; + proxied = [ + "status" # Uptime Kuma + ]; + }; vault01.dual = [ "radius" # FreeRADIUS @@ -261,7 +265,7 @@ in { site, ... }: let net = meta.network.${host}; - inherit (net.addresses) A AAAA; + inherit (net.addresses) A AAAA proxy; in nameValuePair "${host}.${site}" { inherit A AAAA; @@ -270,11 +274,10 @@ in v4 = { inherit A; }; v6 = { inherit AAAA; }; private.A = optional (net.netbirdIp != null) net.netbirdIp; - proxied = optionalAttrs (net.proxy != null) { - # NOTE: We assume that we want to proxy ipv4 to an ipv6-only node - # This might change in the future but is not planned yet. - inherit (meta.network.${net.proxy}.addresses) A; - inherit AAAA; + proxied = optionalAttrs (proxy.A != [ ] || proxy.AAAA != [ ]) { + A = if (proxy.A != [ ]) then proxy.A else A; + AAAA = if (proxy.A != [ ]) then proxy.AAAA else AAAA; + }; }; } diff --git a/meta/network.nix b/meta/network.nix index 513e93b..80773a4 100644 --- a/meta/network.nix +++ b/meta/network.nix @@ -293,7 +293,7 @@ }; }; - addresses.ipv4 = [ "82.67.34.230" ]; + addresses.proxy.A = [ "82.67.34.230" ]; hostId = "007f0200"; netbirdIp = "100.80.97.140"; @@ -432,7 +432,6 @@ ipv6 = [ { address = "2a0e:e701:1120:1000::dead:beef"; - prefixLength = 64; } { @@ -452,7 +451,7 @@ netbirdIp = null; # zulip01 is not to be connected on the VPN for now # This node does not have ipv4 connectivity - proxy = "lab-router01"; + addresses.proxy.host = "lab-router01"; }; }; } diff --git a/meta/options.nix b/meta/options.nix index 8949b0e..32ed971 100644 --- a/meta/options.nix +++ b/meta/options.nix @@ -13,6 +13,7 @@ let mkDefault mkIf mkOption + optionals optionalAttrs unique ; @@ -67,7 +68,6 @@ let org = config.organization; nixpkgs = import ./nixpkgs.nix; in - { options = { organization = { @@ -456,15 +456,33 @@ in List of ipv6 addresses used for the AAAA record. ''; }; - }; - proxy = mkOption { - type = nullOr str; - default = null; - description = '' - If not `null`, then a SNI proxy will be created to passthrough ipv4 traffic to this node via ipv6. - ''; - }; + proxy = { + host = mkOption { + type = nullOr str; + default = null; + description = '' + If not `null`, then a DNS record will be created to allow a SNI proxy to passthrough ipv4 traffic to this node via ipv6. + ''; + }; + + A = mkOption { + type = listOf str; + default = [ ]; + description = '' + List of ipv4 addresses used for the A record of the `proxied` DNS record. + ''; + }; + + AAAA = mkOption { + type = listOf str; + default = [ ]; + description = '' + List of ipv6 addresses used for the AAAA record of the `proxied` DNS record. + ''; + }; + }; + }; hostId = mkOption { type = str; @@ -509,6 +527,9 @@ in getAddresses "ipv4" (builtins.attrValues config.interfaces) ); ipv6 = builtins.filter (_: true) ((getAddresses "ipv6") (builtins.attrValues config.interfaces)); + proxy.A = optionals ( + config.addresses.proxy.host != null + ) args.config.network.${config.addresses.proxy.host}.addresses.A; }; }; }