Evolutionariy changes

lib/fudo/dns.nix

@@ -7,32 +7,33 @@ let
 
   join-lines = concatStringsSep "\n";
 
-  domainOpts = { domain, ... }:
+  domainOpts = { domain, ... }: {
-    with types; {
+    options = with types; {
-      options = {
+      dnssec = mkOption {
-        dnssec = mkOption {
+        type = bool;
-          type = bool;
+        description = "Enable DNSSEC security for this zone.";
-          description = "Enable DNSSEC security for this zone.";
+        default = true;
-          default = true;
+      };
-        };
 
-        dmarc-report-address = mkOption {
+      dmarc-report-address = mkOption {
-          type = nullOr str;
+        type = nullOr str;
-          description = "The email to use to recieve DMARC reports, if any.";
+        description = "The email to use to recieve DMARC reports, if any.";
-          example = "admin-user@domain.com";
+        example = "admin-user@domain.com";
-          default = null;
+        default = null;
-        };
+      };
 
-        network-definition = mkOption {
+      network-definition = mkOption {
-          type = submodule (import ../types/network-definition.nix);
+        type = submodule (import ../types/network-definition.nix);
-          description = "Definition of network to be served by local server.";
+        description = "Definition of network to be served by local server.";
-        };
       };
     };
+  };
 
   hostRecords = host: data:
-    join-lines ((map (ip: "${host} IN A ${ip}") data.ip-addresses)
+    join-lines
-      ++ (map (ip: "${host} IN AAAA ${ip}") data.ipv6-addresses)
+    ((optional (data.ipv4-address != null) "${host} IN A ${data.ipv4-address}")
+      ++ (optional (data.ipv6-address != null)
+        "${host} IN AAAA ${data.ipv6-address}")
       ++ (map (sshfp: "${host} IN SSHFP ${sshfp}") data.ssh-fingerprints)
       ++ (optional (data.rp != null) "${host} IN RP ${data.rp}")
       ++ (optional (data.description != null)
@@ -55,8 +56,9 @@ let
     optionalString (dmarc-email != null) ''
       _dmarc IN TXT "v=DMARC1;p=quarantine;sp=quarantine;rua=mailto:${dmarc-email};"'';
 
-  nsRecords = dom: ns-hosts:
+  nsRecords = domain: ns-hosts:
-    join-lines (mapAttrsToList (host: _: "@ IN NS ${host}.${dom}.") ns-hosts);
+    join-lines
+    (mapAttrsToList (host: _: "@ IN NS ${host}.${domain}.") ns-hosts);
 
 in {
 

lib/fudo/local-network.nix

@@ -12,6 +12,12 @@ let
 
   traceout = out: builtins.trace out out;
 
+  hosts = let
+    existingHosts = filterAttrs (host: hostOpts: hasAttr host cfg.fudo.hosts)
+      cfg.network-definition.hosts;
+  in mapAttrs (host: hostAttrs: hostAttrs // cfg.fudo.hosts.${host})
+  existingHosts;
+
 in {
 
   options.fudo.local-network = with types; {
@@ -25,8 +31,7 @@ in {
 
     dns-servers = mkOption {
       type = listOf str;
-      description =
+      description = "A list of domain name servers to pass to local clients..";
-        "A list of domain name server to use for the local network.";
     };
 
     dhcp-interfaces = mkOption {
@@ -47,6 +52,7 @@ in {
     network = mkOption {
       type = str;
       description = "Network to treat as local.";
+      example = "10.0.0.0/16";
     };
 
     dhcp-dynamic-network = mkOption {
@@ -56,6 +62,7 @@ in {
 
         Must be a subnet of <network>.
       '';
+      example = "10.0.1.0/24";
     };
 
     enable-reverse-mappings = mkOption {
@@ -67,16 +74,17 @@ in {
     recursive-resolver = mkOption {
       type = str;
       description = "DNS nameserver to use for recursive resolution.";
+      default = "1.1.1.1";
     };
 
-    server-ip = mkOption {
+    dns-server-ip = mkOption {
       type = str;
       description = "IP of the DNS server.";
     };
 
     search-domains = mkOption {
       type = listOf str;
-      description = "A list of domains to search for DNS names.";
+      description = "A list of domains which clients should consider local.";
       example = [ "my-domain.com" "other-domain.com" ];
       default = [ ];
     };
@@ -95,8 +103,9 @@ in {
       machines = mapAttrsToList (hostname: hostOpts: {
         ethernetAddress = hostOpts.mac-address;
         hostName = hostname;
-        ipAddress = hostOpts.ip-address;
+        ipAddress = hostOpts.ipv4-address;
-      }) (filterAttrs (host: hostOpts: hostOpts.mac-address != null) cfg.hosts);
+      }) (filterAttrs (host: hostOpts:
+        hostOpts.mac-address != null && hostOpts.ipv4-address != null) hosts);
 
       interfaces = cfg.dhcp-interfaces;
 
@@ -151,7 +160,7 @@ in {
       ipToBlock = ip:
         concatStringsSep "." (reverseList (take 3 (splitString "." ip)));
       compactHosts =
-        mapAttrsToList (host: data: data // { host = host; }) cfg.hosts;
+        mapAttrsToList (host: data: data // { host = host; }) hosts;
       hostsByBlock =
         groupBy (host-data: ipToBlock host-data.ip-address) compactHosts;
       hostPtrRecord = host-data:
@@ -171,7 +180,7 @@ in {
       enable = true;
       cacheNetworks = [ cfg.network "localhost" "localnets" ];
       forwarders = [ cfg.recursive-resolver ];
-      listenOn = cfg.dns-serve-ips;
+      listenOn = cfg.dns-listen-ips;
       extraOptions = concatStringsSep "\n" [
         "dnssec-enable yes;"
         "dnssec-validation yes;"