Modifications for shared zone gen
This commit is contained in:
parent
333db8717c
commit
9adef243c8
@ -125,7 +125,11 @@ in {
|
|||||||
in nameValuePair "${dom}." {
|
in nameValuePair "${dom}." {
|
||||||
dnssec = dom-cfg.dnssec;
|
dnssec = dom-cfg.dnssec;
|
||||||
|
|
||||||
data = pkgs.lib.dns.networkToZone dom dom-cfg;
|
data =
|
||||||
|
pkgs.lib.dns.zoneToZonefile
|
||||||
|
config.instance.build-timestamp
|
||||||
|
dom
|
||||||
|
dom-cfg.zone-definition;
|
||||||
|
|
||||||
# data = ''
|
# data = ''
|
||||||
# $ORIGIN ${dom}.
|
# $ORIGIN ${dom}.
|
||||||
|
|||||||
@ -78,12 +78,24 @@ let
|
|||||||
default = null;
|
default = null;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
secondary-nameservers = mkOption {
|
||||||
|
type = listOf str;
|
||||||
|
description = "List of hostnames of slave nameservers for this domain.";
|
||||||
|
default = [];
|
||||||
|
};
|
||||||
|
|
||||||
primary-mailserver = mkOption {
|
primary-mailserver = mkOption {
|
||||||
type = nullOr str;
|
type = nullOr str;
|
||||||
description = "Hostname of the primary mail server for this domain.";
|
description = "Hostname of the primary mail server for this domain.";
|
||||||
default = null;
|
default = null;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
xmpp-servers = mkOption {
|
||||||
|
type = listOf str;
|
||||||
|
description = "Hostnames of the domain XMPP servers.";
|
||||||
|
default = [];
|
||||||
|
};
|
||||||
|
|
||||||
zone = mkOption {
|
zone = mkOption {
|
||||||
type = nullOr str;
|
type = nullOr str;
|
||||||
description = "Name of the DNS zone associated with domain.";
|
description = "Name of the DNS zone associated with domain.";
|
||||||
|
|||||||
@ -230,23 +230,6 @@ in {
|
|||||||
target-file = "/run/ejabberd/environment/config-passwords.env";
|
target-file = "/run/ejabberd/environment/config-passwords.env";
|
||||||
user = cfg.user;
|
user = cfg.user;
|
||||||
};
|
};
|
||||||
|
|
||||||
# system = {
|
|
||||||
# services.ejabberd-config-generator = let
|
|
||||||
# config-generator =
|
|
||||||
# enter-secrets config-file-template cfg.secret-files cfg.config-file;
|
|
||||||
# in {
|
|
||||||
# script = "${config-generator}";
|
|
||||||
# readWritePaths = [ config-dir ];
|
|
||||||
# workingDirectory = config-dir;
|
|
||||||
# user = cfg.user;
|
|
||||||
# description = "Generate ejabberd config file with necessary passwords.";
|
|
||||||
# postStart = ''
|
|
||||||
# chown ${cfg.user}:${cfg.group} ${cfg.config-file}
|
|
||||||
# chmod 0400 ${cfg.config-file}
|
|
||||||
# '';
|
|
||||||
# };
|
|
||||||
# };
|
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd = {
|
systemd = {
|
||||||
|
|||||||
@ -46,9 +46,8 @@ let
|
|||||||
};
|
};
|
||||||
|
|
||||||
hostRecords = hostname: nethost-data: let
|
hostRecords = hostname: nethost-data: let
|
||||||
sshfp-records = optionals (hasAttr hosttname config.fudo.hosts)
|
sshfp-records = map (sshfp: "${hostname} IN SSHFP ${sshfp}")
|
||||||
(map (sshfp: "${hostname} IN SSHFP ${sshfp}")
|
nethost-data.sshfp-records;
|
||||||
config.fudo.hosts.${hostname}.ssh-fingerprints);
|
|
||||||
a-record = optional (nethost-data.ipv4-address != null)
|
a-record = optional (nethost-data.ipv4-address != null)
|
||||||
"${hostname} IN A ${nethost-data.ipv4-address}";
|
"${hostname} IN A ${nethost-data.ipv4-address}";
|
||||||
aaaa-record = optional (nethost-data.ipv6-address != null)
|
aaaa-record = optional (nethost-data.ipv6-address != null)
|
||||||
@ -77,7 +76,7 @@ let
|
|||||||
"${host} IN A ${hostOpts.ipv4-address}";
|
"${host} IN A ${hostOpts.ipv4-address}";
|
||||||
aaaa-record = host: hostOpts: optional (hostOpts.ipv6-address != null)
|
aaaa-record = host: hostOpts: optional (hostOpts.ipv6-address != null)
|
||||||
"${host} IN A ${hostOpts.ipv6-address}";
|
"${host} IN A ${hostOpts.ipv6-address}";
|
||||||
description-record = host: hostOpts: (hostOpts.description != null)
|
description-record = host: hostOpts: optional (hostOpts.description != null)
|
||||||
''${host} IN TXT "${hostOpts.description}"'';
|
''${host} IN TXT "${hostOpts.description}"'';
|
||||||
in flatmapAttrsToList
|
in flatmapAttrsToList
|
||||||
(host: hostOpts:
|
(host: hostOpts:
|
||||||
@ -94,34 +93,34 @@ let
|
|||||||
} ${record.host}.";
|
} ${record.host}.";
|
||||||
};
|
};
|
||||||
|
|
||||||
domain-record = dom: domCfg: ''
|
domain-record = dom: zone: ''
|
||||||
$ORIGIN ${dom}.
|
$ORIGIN ${dom}.
|
||||||
$TTL ${domCfg.default-ttl}
|
$TTL ${zone.default-ttl}
|
||||||
|
|
||||||
${optionalString (domCfg.default-host != null)
|
${optionalString (zone.default-host != null)
|
||||||
"@ IN A ${domCfg.default-host}"}
|
"@ IN A ${zone.default-host}"}
|
||||||
|
|
||||||
${mxRecords domCfg.mx}
|
${join-lines (mxRecords zone.mx)}
|
||||||
|
|
||||||
${optionalString (domCfg.gssapi-realm != null)
|
${optionalString (zone.gssapi-realm != null)
|
||||||
''_kerberos IN TXT "${domCfg.gssapi-realm}"''}
|
''_kerberos IN TXT "${zone.gssapi-realm}"''}
|
||||||
|
|
||||||
$TTL ${domCfg.host-record-ttl}
|
$TTL ${zone.host-record-ttl}
|
||||||
|
|
||||||
${nsRecords dom domCfg.nameservers}
|
${join-lines (nsRecords dom zone.nameservers)}
|
||||||
|
|
||||||
${nsARecords dom domCfg.nameservers}
|
${join-lines (nsARecords dom zone.nameservers)}
|
||||||
|
|
||||||
${dmarcRecord domCfg.dmarc-report-address}
|
${dmarcRecord zone.dmarc-report-address}
|
||||||
|
|
||||||
${join-lines (mapAttrsToList makeSrvProtocolRecords domCfg.srv-records)}
|
${join-lines (mapAttrsToList makeSrvProtocolRecords zone.srv-records)}
|
||||||
${join-lines (mapAttrsToList hostRecords domCfg.hosts)}
|
${join-lines (mapAttrsToList hostRecords zone.hosts)}
|
||||||
${join-lines (mapAttrsToList cnameRecord domCfg.aliases)}
|
${join-lines (mapAttrsToList cnameRecord zone.aliases)}
|
||||||
${join-lines domCfg.verbatim-dns-records}
|
${join-lines zone.verbatim-dns-records}
|
||||||
|
|
||||||
${join-lines (mapAttrsToList
|
${join-lines (mapAttrsToList
|
||||||
(subdom: subdomCfg: subdomain-record "${subdom}.${dom}" subdomCfg)
|
(subdom: subdomCfg: subdomain-record "${subdom}.${dom}" subdomCfg)
|
||||||
domCfg.subdomains)}
|
zone.subdomains)}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
in rec {
|
in rec {
|
||||||
@ -140,17 +139,17 @@ in rec {
|
|||||||
(service: records: map (srvRecordPair domain protocol service) records) services)
|
(service: records: map (srvRecordPair domain protocol service) records) services)
|
||||||
srvRecords);
|
srvRecords);
|
||||||
|
|
||||||
networkToZone = dom: domCfg: pkgs.writeText "zone-${dom}" ''
|
zoneToZonefile = timestamp: dom: zone: ''
|
||||||
$ORIGIN ${dom}
|
$ORIGIN ${dom}.
|
||||||
$TTL ${domCfg.default-ttl}
|
$TTL ${zone.default-ttl}
|
||||||
|
|
||||||
@ IN SOA ns1.${dom}. hostmaster.${dom}. (
|
@ IN SOA ns1.${dom}. hostmaster.${dom}. (
|
||||||
${toString config.instance.build-timestamp}
|
${toString timestamp}
|
||||||
30m
|
30m
|
||||||
2m
|
2m
|
||||||
3w
|
3w
|
||||||
5m)
|
5m)
|
||||||
|
|
||||||
${domain-record dom domCfg}
|
${domain-record dom zone}
|
||||||
'';
|
'';
|
||||||
}
|
}
|
||||||
|
|||||||
@ -28,5 +28,11 @@ with lib;
|
|||||||
description = "Description of the host.";
|
description = "Description of the host.";
|
||||||
default = null;
|
default = null;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
sshfp-records = mkOption {
|
||||||
|
type = listOf str;
|
||||||
|
description = "List of SSHFP records for this host.";
|
||||||
|
default = [];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user