From 862168b2bc1bbeefd07fb44c8ef57429a4ce3e96 Mon Sep 17 00:00:00 2001 From: Constantin Gierczak--Galle Date: Sat, 7 Dec 2024 12:53:31 +0100 Subject: [PATCH] feat(dns01): init DNS config (#9) Reviewed-on: https://git.dgnum.eu/DGNum/lab-infra/pulls/9 Co-authored-by: Constantin Gierczak--Galle Co-committed-by: Constantin Gierczak--Galle --- machines/dns01/_configuration.nix | 12 +++++++- machines/dns01/beta.dgnum.eu.nix | 22 ------------- machines/dns01/lab.dgnum.eu.nix | 51 +++++++++++++++++++++++++++++++ machines/dns01/nsd.nix | 13 +++----- 4 files changed, 67 insertions(+), 31 deletions(-) delete mode 100644 machines/dns01/beta.dgnum.eu.nix create mode 100644 machines/dns01/lab.dgnum.eu.nix diff --git a/machines/dns01/_configuration.nix b/machines/dns01/_configuration.nix index a0a1de7..2c5066d 100644 --- a/machines/dns01/_configuration.nix +++ b/machines/dns01/_configuration.nix @@ -10,7 +10,17 @@ lib.extra.mkConfig { "nsd" ]; - extraConfig = { }; + extraConfig = { + # TODO : retrieve this address from meta/network.nix + deployment.targetHost = "45.13.104.26"; + networking.firewall = { + enable = true; + logRefusedConnections = lib.mkForce true; + logRefusedPackets = lib.mkForce true; + allowedTCPPorts = [ 53 ]; + allowedUDPPorts = [ 53 ]; + }; + }; root = ./.; } diff --git a/machines/dns01/beta.dgnum.eu.nix b/machines/dns01/beta.dgnum.eu.nix deleted file mode 100644 index 44d903d..0000000 --- a/machines/dns01/beta.dgnum.eu.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ dns, ... }: - -with dns.lib.combinators; -{ - SOA = { - nameServer = "ns1"; - adminEmail = "webmaster@dgnum.eu"; - serial = 2019030800; - }; - - NS = [ - # TODO: add nameservers with GLUE and everything - ]; - - #A = [ "203.0.113.1" ]; - #AAAA = [ "4321:0:1:2:3:4:567:89ab" ]; - - subdomains = { - photoprism = host "129.199.146.101" null; - immich = host "129.199.146.101" null; - }; -} diff --git a/machines/dns01/lab.dgnum.eu.nix b/machines/dns01/lab.dgnum.eu.nix new file mode 100644 index 0000000..054ae9d --- /dev/null +++ b/machines/dns01/lab.dgnum.eu.nix @@ -0,0 +1,51 @@ +{ dns, lib, ... }: + +let + inherit (lib) mapAttrs' nameValuePair; + meta = (import ./../../meta) lib; +in +with dns.lib.combinators; +{ + SOA = { + nameServer = "ns01.lab.dgnum.eu"; + adminEmail = "dns@dgnum.eu"; + serial = 2019030800; + retry = 3600; + minimum = 300; + }; + + NS = [ "ns01.lab.dgnum.eu." ]; + + #A = [ "203.0.113.1" ]; + #AAAA = [ "4321:0:1:2:3:4:567:89ab" ]; + + subdomains = { + # Hosted services + # NOTE: for now manually supplied, in the future automatically filled in + photoprism = host "129.199.146.101" null; + immich = host "129.199.146.101" null; + + # Nameservers + ns01 = host "45.13.104.26" "2a0e:e701:1120:1000:ffff::45.13.104.26"; + + # *.infra.beta.dgnum.eu + infra = { + subdomains = mapAttrs' ( + host: + { site, ... }: + nameValuePair "${host}.${site}" ( + with meta.network.${host}.addresses; + { + A = ipv4; + AAAA = ipv6; + + subdomains = { + v4.A = ipv4; + v6.AAAA = ipv6; + }; + } + ) + ) meta.nodes; + }; + }; +} diff --git a/machines/dns01/nsd.nix b/machines/dns01/nsd.nix index 41f4ec8..4ec0a00 100644 --- a/machines/dns01/nsd.nix +++ b/machines/dns01/nsd.nix @@ -1,4 +1,4 @@ -{ sources, ... }: +{ sources, lib, ... }: let dns = import sources.dns-nix { }; @@ -6,17 +6,14 @@ in { services.nsd = { enable = true; + verbosity = 1000; + interfaces = [ "2a0e:e701:1120:1000:ffff::45.13.104.26" ]; zones = { - "beta.dgnum.eu" = { + "lab.dgnum.eu" = { # provideXFR = [ ... ]; # notify = [ ... ]; - data = dns.lib.toString "beta.dgnum.eu" (import ./beta.dgnum.eu.nix { inherit dns; }); + data = dns.lib.toString "lab.dgnum.eu" (import ./lab.dgnum.eu.nix { inherit dns lib; }); }; }; }; - networking = { - firewall = { - allowedUDPPorts = [ 53 ]; - }; - }; }