DGNum/infrastructure
9
5
Fork 3
Code Issues 31 Pull requests 19 Projects 1 Releases Packages Wiki Activity Actions

feat(dns): Use sniproxy for status.dgnum

Browse source
This commit is contained in:
sinavir 2025-07-04 15:29:34 +02:00 committed by thubrecht
parent 40b2c848e5
commit 026e79f395
3 changed files with 45 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

23
meta/dns.nix
View file

@ -127,10 +127,14 @@ let
"s3-admin" "s3-admin"
]; ];
rescue01.v6 = [ rescue01 = {
"nb-relay01" # Netbird Relay v6 = [
"status" # Uptime Kuma "nb-relay01" # Netbird Relay
]; ];
proxied = [
"status" # Uptime Kuma
];
};
vault01.dual = [ vault01.dual = [
"radius" # FreeRADIUS "radius" # FreeRADIUS
@ -261,7 +265,7 @@ in
{ site, ... }: { site, ... }:
let let
net = meta.network.${host}; net = meta.network.${host};
inherit (net.addresses) A AAAA; inherit (net.addresses) A AAAA proxy;
in in
nameValuePair "${host}.${site}" { nameValuePair "${host}.${site}" {
inherit A AAAA; inherit A AAAA;
@ -270,11 +274,10 @@ in
v4 = { inherit A; }; v4 = { inherit A; };
v6 = { inherit AAAA; }; v6 = { inherit AAAA; };
private.A = optional (net.netbirdIp != null) net.netbirdIp; private.A = optional (net.netbirdIp != null) net.netbirdIp;
proxied = optionalAttrs (net.proxy != null) { proxied = optionalAttrs (proxy.A != [ ] || proxy.AAAA != [ ]) {
# NOTE: We assume that we want to proxy ipv4 to an ipv6-only node A = if (proxy.A != [ ]) then proxy.A else A;
# This might change in the future but is not planned yet. AAAA = if (proxy.A != [ ]) then proxy.AAAA else AAAA;
inherit (meta.network.${net.proxy}.addresses) A;
inherit AAAA;
}; };
}; };
} }

5
meta/network.nix
View file

@ -293,7 +293,7 @@
}; };
}; };
addresses.ipv4 = [ "82.67.34.230" ]; addresses.proxy.A = [ "82.67.34.230" ];
hostId = "007f0200"; hostId = "007f0200";
netbirdIp = "100.80.97.140"; netbirdIp = "100.80.97.140";
@ -432,7 +432,6 @@
ipv6 = [ ipv6 = [
{ {
address = "2a0e:e701:1120:1000::dead:beef"; address = "2a0e:e701:1120:1000::dead:beef";
prefixLength = 64; prefixLength = 64;
} }
{ {
@ -452,7 +451,7 @@
netbirdIp = null; # zulip01 is not to be connected on the VPN for now netbirdIp = null; # zulip01 is not to be connected on the VPN for now
# This node does not have ipv4 connectivity # This node does not have ipv4 connectivity
proxy = "lab-router01"; addresses.proxy.host = "lab-router01";
}; };
}; };
} }

39
meta/options.nix
View file

@ -13,6 +13,7 @@ let
mkDefault mkDefault
mkIf mkIf
mkOption mkOption
optionals
optionalAttrs optionalAttrs
unique unique
; ;
@ -67,7 +68,6 @@ let
org = config.organization; org = config.organization;
nixpkgs = import ./nixpkgs.nix; nixpkgs = import ./nixpkgs.nix;
in in
{ {
options = { options = {
organization = { organization = {
@ -456,15 +456,33 @@ in
List of ipv6 addresses used for the AAAA record. List of ipv6 addresses used for the AAAA record.
''; '';
}; };
};
proxy = mkOption { proxy = {
type = nullOr str; host = mkOption {
default = null; type = nullOr str;
description = '' default = null;
If not `null`, then a SNI proxy will be created to passthrough ipv4 traffic to this node via ipv6. description = ''
''; If not `null`, then a DNS record will be created to allow a SNI proxy to passthrough ipv4 traffic to this node via ipv6.
}; '';
};
A = mkOption {
type = listOf str;
default = [ ];
description = ''
List of ipv4 addresses used for the A record of the `proxied` DNS record.
'';
};
AAAA = mkOption {
type = listOf str;
default = [ ];
description = ''
List of ipv6 addresses used for the AAAA record of the `proxied` DNS record.
'';
};
};
};
hostId = mkOption { hostId = mkOption {
type = str; type = str;
@ -509,6 +527,9 @@ in
getAddresses "ipv4" (builtins.attrValues config.interfaces) getAddresses "ipv4" (builtins.attrValues config.interfaces)
); );
ipv6 = builtins.filter (_: true) ((getAddresses "ipv6") (builtins.attrValues config.interfaces)); ipv6 = builtins.filter (_: true) ((getAddresses "ipv6") (builtins.attrValues config.interfaces));
proxy.A = optionals (
config.addresses.proxy.host != null
) args.config.network.${config.addresses.proxy.host}.addresses.A;
}; };
}; };
} }