diff --git a/lib/fudo/dns.nix b/lib/fudo/dns.nix index de3ffa6..fda7e41 100644 --- a/lib/fudo/dns.nix +++ b/lib/fudo/dns.nix @@ -7,32 +7,33 @@ let join-lines = concatStringsSep "\n"; - domainOpts = { domain, ... }: - with types; { - options = { - dnssec = mkOption { - type = bool; - description = "Enable DNSSEC security for this zone."; - default = true; - }; + domainOpts = { domain, ... }: { + options = with types; { + dnssec = mkOption { + type = bool; + description = "Enable DNSSEC security for this zone."; + default = true; + }; - dmarc-report-address = mkOption { - type = nullOr str; - description = "The email to use to recieve DMARC reports, if any."; - example = "admin-user@domain.com"; - default = null; - }; + dmarc-report-address = mkOption { + type = nullOr str; + description = "The email to use to recieve DMARC reports, if any."; + example = "admin-user@domain.com"; + default = null; + }; - network-definition = mkOption { - type = submodule (import ../types/network-definition.nix); - description = "Definition of network to be served by local server."; - }; + network-definition = mkOption { + type = submodule (import ../types/network-definition.nix); + description = "Definition of network to be served by local server."; }; }; + }; hostRecords = host: data: - join-lines ((map (ip: "${host} IN A ${ip}") data.ip-addresses) - ++ (map (ip: "${host} IN AAAA ${ip}") data.ipv6-addresses) + join-lines + ((optional (data.ipv4-address != null) "${host} IN A ${data.ipv4-address}") + ++ (optional (data.ipv6-address != null) + "${host} IN AAAA ${data.ipv6-address}") ++ (map (sshfp: "${host} IN SSHFP ${sshfp}") data.ssh-fingerprints) ++ (optional (data.rp != null) "${host} IN RP ${data.rp}") ++ (optional (data.description != null) @@ -55,8 +56,9 @@ let optionalString (dmarc-email != null) '' _dmarc IN TXT "v=DMARC1;p=quarantine;sp=quarantine;rua=mailto:${dmarc-email};"''; - nsRecords = dom: ns-hosts: - join-lines (mapAttrsToList (host: _: "@ IN NS ${host}.${dom}.") ns-hosts); + nsRecords = domain: ns-hosts: + join-lines + (mapAttrsToList (host: _: "@ IN NS ${host}.${domain}.") ns-hosts); in { diff --git a/lib/fudo/local-network.nix b/lib/fudo/local-network.nix index c7c64c6..203ae80 100644 --- a/lib/fudo/local-network.nix +++ b/lib/fudo/local-network.nix @@ -12,6 +12,12 @@ let traceout = out: builtins.trace out out; + hosts = let + existingHosts = filterAttrs (host: hostOpts: hasAttr host cfg.fudo.hosts) + cfg.network-definition.hosts; + in mapAttrs (host: hostAttrs: hostAttrs // cfg.fudo.hosts.${host}) + existingHosts; + in { options.fudo.local-network = with types; { @@ -25,8 +31,7 @@ in { dns-servers = mkOption { type = listOf str; - description = - "A list of domain name server to use for the local network."; + description = "A list of domain name servers to pass to local clients.."; }; dhcp-interfaces = mkOption { @@ -47,6 +52,7 @@ in { network = mkOption { type = str; description = "Network to treat as local."; + example = "10.0.0.0/16"; }; dhcp-dynamic-network = mkOption { @@ -56,6 +62,7 @@ in { Must be a subnet of . ''; + example = "10.0.1.0/24"; }; enable-reverse-mappings = mkOption { @@ -67,16 +74,17 @@ in { recursive-resolver = mkOption { type = str; description = "DNS nameserver to use for recursive resolution."; + default = "1.1.1.1"; }; - server-ip = mkOption { + dns-server-ip = mkOption { type = str; description = "IP of the DNS server."; }; search-domains = mkOption { type = listOf str; - description = "A list of domains to search for DNS names."; + description = "A list of domains which clients should consider local."; example = [ "my-domain.com" "other-domain.com" ]; default = [ ]; }; @@ -95,8 +103,9 @@ in { machines = mapAttrsToList (hostname: hostOpts: { ethernetAddress = hostOpts.mac-address; hostName = hostname; - ipAddress = hostOpts.ip-address; - }) (filterAttrs (host: hostOpts: hostOpts.mac-address != null) cfg.hosts); + ipAddress = hostOpts.ipv4-address; + }) (filterAttrs (host: hostOpts: + hostOpts.mac-address != null && hostOpts.ipv4-address != null) hosts); interfaces = cfg.dhcp-interfaces; @@ -151,7 +160,7 @@ in { ipToBlock = ip: concatStringsSep "." (reverseList (take 3 (splitString "." ip))); compactHosts = - mapAttrsToList (host: data: data // { host = host; }) cfg.hosts; + mapAttrsToList (host: data: data // { host = host; }) hosts; hostsByBlock = groupBy (host-data: ipToBlock host-data.ip-address) compactHosts; hostPtrRecord = host-data: @@ -171,7 +180,7 @@ in { enable = true; cacheNetworks = [ cfg.network "localhost" "localnets" ]; forwarders = [ cfg.recursive-resolver ]; - listenOn = cfg.dns-serve-ips; + listenOn = cfg.dns-listen-ips; extraOptions = concatStringsSep "\n" [ "dnssec-enable yes;" "dnssec-validation yes;"