Evolutionariy changes
This commit is contained in:
parent
36dbcb34ef
commit
de56949c14
|
|
@ -7,32 +7,33 @@ let
|
|||
|
||||
join-lines = concatStringsSep "\n";
|
||||
|
||||
domainOpts = { domain, ... }:
|
||||
with types; {
|
||||
options = {
|
||||
dnssec = mkOption {
|
||||
type = bool;
|
||||
description = "Enable DNSSEC security for this zone.";
|
||||
default = true;
|
||||
};
|
||||
domainOpts = { domain, ... }: {
|
||||
options = with types; {
|
||||
dnssec = mkOption {
|
||||
type = bool;
|
||||
description = "Enable DNSSEC security for this zone.";
|
||||
default = true;
|
||||
};
|
||||
|
||||
dmarc-report-address = mkOption {
|
||||
type = nullOr str;
|
||||
description = "The email to use to recieve DMARC reports, if any.";
|
||||
example = "admin-user@domain.com";
|
||||
default = null;
|
||||
};
|
||||
dmarc-report-address = mkOption {
|
||||
type = nullOr str;
|
||||
description = "The email to use to recieve DMARC reports, if any.";
|
||||
example = "admin-user@domain.com";
|
||||
default = null;
|
||||
};
|
||||
|
||||
network-definition = mkOption {
|
||||
type = submodule (import ../types/network-definition.nix);
|
||||
description = "Definition of network to be served by local server.";
|
||||
};
|
||||
network-definition = mkOption {
|
||||
type = submodule (import ../types/network-definition.nix);
|
||||
description = "Definition of network to be served by local server.";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
hostRecords = host: data:
|
||||
join-lines ((map (ip: "${host} IN A ${ip}") data.ip-addresses)
|
||||
++ (map (ip: "${host} IN AAAA ${ip}") data.ipv6-addresses)
|
||||
join-lines
|
||||
((optional (data.ipv4-address != null) "${host} IN A ${data.ipv4-address}")
|
||||
++ (optional (data.ipv6-address != null)
|
||||
"${host} IN AAAA ${data.ipv6-address}")
|
||||
++ (map (sshfp: "${host} IN SSHFP ${sshfp}") data.ssh-fingerprints)
|
||||
++ (optional (data.rp != null) "${host} IN RP ${data.rp}")
|
||||
++ (optional (data.description != null)
|
||||
|
|
@ -55,8 +56,9 @@ let
|
|||
optionalString (dmarc-email != null) ''
|
||||
_dmarc IN TXT "v=DMARC1;p=quarantine;sp=quarantine;rua=mailto:${dmarc-email};"'';
|
||||
|
||||
nsRecords = dom: ns-hosts:
|
||||
join-lines (mapAttrsToList (host: _: "@ IN NS ${host}.${dom}.") ns-hosts);
|
||||
nsRecords = domain: ns-hosts:
|
||||
join-lines
|
||||
(mapAttrsToList (host: _: "@ IN NS ${host}.${domain}.") ns-hosts);
|
||||
|
||||
in {
|
||||
|
||||
|
|
|
|||
|
|
@ -12,6 +12,12 @@ let
|
|||
|
||||
traceout = out: builtins.trace out out;
|
||||
|
||||
hosts = let
|
||||
existingHosts = filterAttrs (host: hostOpts: hasAttr host cfg.fudo.hosts)
|
||||
cfg.network-definition.hosts;
|
||||
in mapAttrs (host: hostAttrs: hostAttrs // cfg.fudo.hosts.${host})
|
||||
existingHosts;
|
||||
|
||||
in {
|
||||
|
||||
options.fudo.local-network = with types; {
|
||||
|
|
@ -25,8 +31,7 @@ in {
|
|||
|
||||
dns-servers = mkOption {
|
||||
type = listOf str;
|
||||
description =
|
||||
"A list of domain name server to use for the local network.";
|
||||
description = "A list of domain name servers to pass to local clients..";
|
||||
};
|
||||
|
||||
dhcp-interfaces = mkOption {
|
||||
|
|
@ -47,6 +52,7 @@ in {
|
|||
network = mkOption {
|
||||
type = str;
|
||||
description = "Network to treat as local.";
|
||||
example = "10.0.0.0/16";
|
||||
};
|
||||
|
||||
dhcp-dynamic-network = mkOption {
|
||||
|
|
@ -56,6 +62,7 @@ in {
|
|||
|
||||
Must be a subnet of <network>.
|
||||
'';
|
||||
example = "10.0.1.0/24";
|
||||
};
|
||||
|
||||
enable-reverse-mappings = mkOption {
|
||||
|
|
@ -67,16 +74,17 @@ in {
|
|||
recursive-resolver = mkOption {
|
||||
type = str;
|
||||
description = "DNS nameserver to use for recursive resolution.";
|
||||
default = "1.1.1.1";
|
||||
};
|
||||
|
||||
server-ip = mkOption {
|
||||
dns-server-ip = mkOption {
|
||||
type = str;
|
||||
description = "IP of the DNS server.";
|
||||
};
|
||||
|
||||
search-domains = mkOption {
|
||||
type = listOf str;
|
||||
description = "A list of domains to search for DNS names.";
|
||||
description = "A list of domains which clients should consider local.";
|
||||
example = [ "my-domain.com" "other-domain.com" ];
|
||||
default = [ ];
|
||||
};
|
||||
|
|
@ -95,8 +103,9 @@ in {
|
|||
machines = mapAttrsToList (hostname: hostOpts: {
|
||||
ethernetAddress = hostOpts.mac-address;
|
||||
hostName = hostname;
|
||||
ipAddress = hostOpts.ip-address;
|
||||
}) (filterAttrs (host: hostOpts: hostOpts.mac-address != null) cfg.hosts);
|
||||
ipAddress = hostOpts.ipv4-address;
|
||||
}) (filterAttrs (host: hostOpts:
|
||||
hostOpts.mac-address != null && hostOpts.ipv4-address != null) hosts);
|
||||
|
||||
interfaces = cfg.dhcp-interfaces;
|
||||
|
||||
|
|
@ -151,7 +160,7 @@ in {
|
|||
ipToBlock = ip:
|
||||
concatStringsSep "." (reverseList (take 3 (splitString "." ip)));
|
||||
compactHosts =
|
||||
mapAttrsToList (host: data: data // { host = host; }) cfg.hosts;
|
||||
mapAttrsToList (host: data: data // { host = host; }) hosts;
|
||||
hostsByBlock =
|
||||
groupBy (host-data: ipToBlock host-data.ip-address) compactHosts;
|
||||
hostPtrRecord = host-data:
|
||||
|
|
@ -171,7 +180,7 @@ in {
|
|||
enable = true;
|
||||
cacheNetworks = [ cfg.network "localhost" "localnets" ];
|
||||
forwarders = [ cfg.recursive-resolver ];
|
||||
listenOn = cfg.dns-serve-ips;
|
||||
listenOn = cfg.dns-listen-ips;
|
||||
extraOptions = concatStringsSep "\n" [
|
||||
"dnssec-enable yes;"
|
||||
"dnssec-validation yes;"
|
||||
|
|
|
|||
Loading…
Reference in New Issue