From 8ac5d2e4ab74400cc17de631be13049d02d9e875 Mon Sep 17 00:00:00 2001
From: Raito Bezarius <masterancpp@gmail.com>
Date: Sun, 19 Dec 2021 14:51:12 +0100
Subject: [PATCH] core-services: adjust to our changes in IPv4 network for
 MWAN/local net

---
 machines/core-services-01/dns.nix     |  4 +--
 machines/core-services-01/my.nix      | 25 +++++++++++++++++--
 machines/core-services-01/rz.nix      |  3 ++-
 machines/core-services-01/subZone.nix | 35 +++++++++++++++------------
 4 files changed, 46 insertions(+), 21 deletions(-)

diff --git a/machines/core-services-01/dns.nix b/machines/core-services-01/dns.nix
index 6473038..5b01499 100644
--- a/machines/core-services-01/dns.nix
+++ b/machines/core-services-01/dns.nix
@@ -12,13 +12,13 @@ in
     settings = {
       server = {
         access-control = [ "127.0.0.0/8 allow" "::1/128 allow" ] ++ map (v: "${v} allow") my.privateRanges;
-        interface = [ "127.0.0.1" ] ++ my.ipv4;
+        interface = [ "127.0.0.1" ] ++ my.ipv4Internal;
       };
     };
   };
   services.nsd = {
     enable = true;
-    interfaces = my.ipv6.standard;
+    interfaces = my.ipv6.standard ++ my.ipv4;
     zones = {
       ${my.subZone} = {
         data = dns.lib.toString my.subZone (import ./subZone.nix { inherit dns config lib; });
diff --git a/machines/core-services-01/my.nix b/machines/core-services-01/my.nix
index 5a83031..bdc2aa4 100644
--- a/machines/core-services-01/my.nix
+++ b/machines/core-services-01/my.nix
@@ -46,6 +46,20 @@ in
       default = map (v: (mkAddress v).address) cfg.ipv4Full;
     };
 
+    ipv4Internal = mkOption {
+      description = "Private IPv4 addresses without prefix";
+      type = listOf str;
+      example = [ "192.186.1.153" ];
+      default = map (v: (mkAddress v).address) cfg.ipv4InternalFull;
+    };
+
+    ipv4InternalFull = mkOption {
+      description = "Private IPv4 addresses with prefix";
+      type = listOf str;
+      default = [];
+      example = [ "192.168.1.153/24" ];
+    };
+
      ipv4Full = mkOption {
       description = "Public IPv4 addresses with prefix";
       type = listOf str;
@@ -67,7 +81,7 @@ in
     };
 
     ipv6.acme = mkOption {
-      description = "Public IPv6 address for ACME services (acme-dns) without prefi";
+      description = "Public IPv6 address for ACME services (acme-dns) without prefix";
       type = str;
       default = (mkAddress cfg.ipv6.acmeFull).address;
       example = "2001:470:1f13:21d:f515:b348:cd48:e064/64";
@@ -87,9 +101,16 @@ in
   };
 
   config = {
+    networking.interfaces.ens20 = {
+      ipv4.addresses = map mkAddress cfg.ipv4InternalFull;
+    };
+
     networking.interfaces.ens19 = {
-      ipv4.addresses = map mkAddress cfg.ipv4Full;
       ipv6.addresses = map mkAddress (cfg.ipv6.standardFull ++ [ cfg.ipv6.acmeFull ]);
     };
+
+    networking.interfaces.ens18 = {
+      ipv4.addresses = map mkAddress cfg.ipv4Full;
+    };
   };
 }
diff --git a/machines/core-services-01/rz.nix b/machines/core-services-01/rz.nix
index 4f096e4..e76a9c5 100644
--- a/machines/core-services-01/rz.nix
+++ b/machines/core-services-01/rz.nix
@@ -11,7 +11,8 @@
       "2001:470:1f13:187:fd34:80c3:a761:ff2/64"
     ];
     ipv6.acmeFull = "2001:470:1f13:187:a039:c3ff:fe4f:8661/64";
-    ipv4Full = [ "10.1.1.20/24" ];
+    ipv4InternalFull = [ "10.1.1.20/22" ];
+    ipv4Full = [ "45.13.104.26/32" ];
 
     privateRanges = [ "10.1.0.0/22 "];
   };
diff --git a/machines/core-services-01/subZone.nix b/machines/core-services-01/subZone.nix
index 309556d..6c2d4dc 100644
--- a/machines/core-services-01/subZone.nix
+++ b/machines/core-services-01/subZone.nix
@@ -1,7 +1,6 @@
 { config, lib, dns, ... }:
 
 with dns.lib.combinators;
-
 let
   my = config.my;
   upstream-v4-proxies = [ "51.15.7.181" ]; # kurisu.dual.lahfa.xyz
@@ -11,9 +10,12 @@ let
   remoteBuilders = {
     nix01 = [ "2001:470:1f13:187:1e07:c670:3958:f8f1" ];
   };
+  dualstack = {
+    A = my.ipv4;
+    AAAA = my.ipv6.standard;
+  };
 in
-with my.ipv6; # contains { standard, acme }
-{
+dualstack // {
   SOA = {
     nameServer = "ns1.${my.subZone}.";
     adminEmail = my.email;
@@ -24,20 +26,17 @@ with my.ipv6; # contains { standard, acme }
     "ns1.${my.subZone}."
   ];
 
-  AAAA = standard;
-
   CAA = letsEncrypt my.email;
 
   subdomains = {
-    git.AAAA = standard;
-    drone.AAAA = standard;
-    wiki.AAAA = standard;
-    monitoring.AAAA = standard;
-    auth.AAAA = standard;
-    push.AAAA = standard;
-    ns1.AAAA = standard;
-    beta.A = upstream-v4-proxies;
-    beta.AAAA = public-cof-ips;
+    git = dualstack;
+    drone = dualstack;
+    wiki = dualstack;
+    monitoring = dualstack;
+    auth = dualstack;
+    push = dualstack;
+    core01 = dualstack;
+    ns1 = dualstack;
 
     builders.subdomains = lib.mapAttrs (n: AAAA: { inherit AAAA; }) remoteBuilders;
 
@@ -49,10 +48,12 @@ with my.ipv6; # contains { standard, acme }
 
     acme = {
       NS = [ "acme.${my.subZone}." ];
-      AAAA = [ acme ];
+      AAAA = [ my.ipv6.acme ];
     };
 
-    beta.subdomains = {
+    beta = {
+      AAAA = public-cof-ips;
+      subdomains = {
       nuage.A = upstream-v4-proxies;
       nuage.AAAA = public-cof-ips;
       minecraft.AAAA = public-cof-ips;
@@ -66,11 +67,13 @@ with my.ipv6; # contains { standard, acme }
         sandbox.AAAA = public-cof-ips;
       };
       docs.AAAA = public-cof-ips;
+      docs.A = upstream-v4-proxies;
       jurisprudens = {
         AAAA = public-cof-ips;
         A = upstream-v4-proxies;
       };
     };
+  };
 
 
     internal.subdomains = {