From c5d1d111375447083e68a0aca739ea14e3508e25 Mon Sep 17 00:00:00 2001 From: niten Date: Tue, 30 Jan 2024 22:19:50 -0800 Subject: [PATCH] Handle IPv6 networks in SPF. And remove localhost. --- lib/fudo/zones.nix | 37 +++++++++++++++++++++---------------- 1 file changed, 21 insertions(+), 16 deletions(-) diff --git a/lib/fudo/zones.nix b/lib/fudo/zones.nix index e690d1a..dd3f036 100644 --- a/lib/fudo/zones.nix +++ b/lib/fudo/zones.nix @@ -1,27 +1,32 @@ { config, lib, pkgs, ... }: with lib; -let - zoneOpts = - import ../types/zone-definition.nix { inherit lib; }; +let zoneOpts = import ../types/zone-definition.nix { inherit lib; }; in { - options.fudo.zones = with types; mkOption { - type = attrsOf (submodule zoneOpts); - description = "A map of network zone to zone definition."; - default = { }; - }; + options.fudo.zones = with types; + mkOption { + type = attrsOf (submodule zoneOpts); + description = "A map of network zone to zone definition."; + default = { }; + }; config = let - domain-name = config.instance.local-domain; + domainName = config.instance.local-domain; + zoneName = config.domains."${domainName}".zone; + isLocal = ip: ip == "::1" || hasPrefix "127."; # FIXME: ipv6? - local-networks = config.instance.local-networks; - net-names = map (network: "ipv4:${network}") - local-networks; - local-net-string = concatStringsSep " " net-names; + localNetworks = filter (ip: !isLocal ip) config.instance.local-networks; + makeName = network: + if !isNull (builtins.match ":" ip) then + "ip6:${network}" + else + "ip4:${network}"; + netNames = map makeName localNetworks; + localNetString = concatStringsSep " " netNames; in { - fudo.zones.${domain-name}.verbatim-dns-records = [ - ''@ IN TXT "v=spf1 mx ${local-net-string} -all"'' - ''@ IN SPF "v=spf1 mx ${local-net-string} -all"'' + fudo.zones."${zoneName}".verbatim-dns-records = [ + ''@ IN TXT "v=spf1 mx ${localNetString} -all"'' + ''@ IN SPF "v=spf1 mx ${localNetString} -all"'' ]; }; }