authoritative-dns/reverse-zone.nix

{ pkgs, ... }:

{ domain, network, nameservers, notify, ipHostMap, serial, keyFile ? null
, zoneTTL ? 10800, refresh ? 3600, retry ? 1800, expire ? 604800, minimum ? 3600
}:

with pkgs.lib;
let
  inherit (pkgs.lib.fudo.ip)
    networkMinIp networkMaxIp ipv4OnNetwork getNetworkMask getNetworkBase;

  range = base: top:
    assert base < top;
    let
      rangeFun = base: top:
        if base == top then [ base ] else [ base ] ++ (rangeFun (base + 1) top);
    in rangeFun base top;

  getNetworkHosts = network: filterAttrs (ip: _: ipv4OnNetwork ip network);

  getLastIpComponent = ip: head (reverseList (splitString "." ip));

  getNetworkZoneName = network:
    let
      netElems = splitString "/" network;
      netIp = getNetworkBase network;
      netMask = getNetworkMask network;
      reversedNetIp =
        concatStringsSep "." (tail (reverseList (splitString "." netIp)));
    in if netMask == 24 then
      "${reversedNetIp}.in-addr.arpa."
    else
      "${getLastIpComponent netIp}-${
        toString netMask
      }.${reversedNetIp}.in-addr.arpa.";

  generateReverseZoneEntries = network: domain: ipHostMap:
    let
      networkHostsByComponent =
        mapAttrs' (ip: hostname: nameValuePair (getLastIpComponent ip) hostname)
        (getNetworkHosts network ipHostMap);
      ptrEntry = ip: hostname: "${toString ip} IN PTR ${hostname}.";
      getHostname = n:
        if hasAttr n networkHostsByComponent then
          networkHostsByComponent."${n}"
        else
          "unassigned-${n}.${domain}";
      minIp = toInt (getLastIpComponent (networkMinIp network));
      maxIp = toInt (getLastIpComponent (networkMaxIp network));
    in map (n: ptrEntry n (getHostname (toString n))) (range minIp maxIp);

  nameserverEntries = map (nameserver: "@ IN NS ${nameserver}") nameservers;

in nameValuePair "${getNetworkZoneName network}" {
  dnssec = keyFile != null;
  ksk.keyFile = keyFile;
  provideXFR = (map (ns: "${ns}/32 NOKEY") notify.ipv4)
    ++ (map (ns: "${ns}/64 NOKEY") notify.ipv6);
  notify = map (ns: "${ns} NOKEY") (notify.ipv4 ++ notify.ipv6);
  data = ''
    $ORIGIN ${getNetworkZoneName network}
    $TTL ${toString zoneTTL}
    @ IN SOA ${head nameservers} hostmaster.${domain}. (
      ${serial}
      ${toString refresh}
      ${toString retry}
      ${toString expire}
      ${toString minimum}
    )
    ${concatStringsSep "\n" nameserverEntries}
    ${concatStringsSep "\n"
    (generateReverseZoneEntries network domain ipHostMap)}
  '';
}
Initial attempt at reverse zones 2023-11-01 10:13:33 -07:00			`{ pkgs, ... }:`

Split notify IPs by v4/6 2023-11-09 10:08:32 -08:00			`{ domain, network, nameservers, notify, ipHostMap, serial, keyFile ? null`
Add dnssec for reverse zones 2023-11-03 13:10:50 -07:00			`, zoneTTL ? 10800, refresh ? 3600, retry ? 1800, expire ? 604800, minimum ? 3600`
			`}:`
Initial attempt at reverse zones 2023-11-01 10:13:33 -07:00
			`with pkgs.lib;`
			`let`
lib.ip -> lib.fudo.ip? 2023-11-17 09:19:30 -08:00			`inherit (pkgs.lib.fudo.ip)`
Include extra IP 2023-11-03 18:15:24 -07:00			`networkMinIp networkMaxIp ipv4OnNetwork getNetworkMask getNetworkBase;`
Inherit needed functions 2023-11-03 11:01:14 -07:00
Initial attempt at reverse zones 2023-11-01 10:13:33 -07:00			`range = base: top:`
			`assert base < top;`
			`let`
			`rangeFun = base: top:`
Include the last number in the range 2023-11-04 14:29:41 -07:00			`if base == top then [ base ] else [ base ] ++ (rangeFun (base + 1) top);`
Initial attempt at reverse zones 2023-11-01 10:13:33 -07:00			`in rangeFun base top;`

hasAttr expects attr first 2023-11-03 12:53:57 -07:00			`getNetworkHosts = network: filterAttrs (ip: _: ipv4OnNetwork ip network);`
Initial attempt at reverse zones 2023-11-01 10:13:33 -07:00
			`getLastIpComponent = ip: head (reverseList (splitString "." ip));`

			`getNetworkZoneName = network:`
			`let`
			`netElems = splitString "/" network;`
Use lib for getNetworkBase/Mask 2023-11-03 13:35:36 -07:00			`netIp = getNetworkBase network;`
			`netMask = getNetworkMask network;`
Initial attempt at reverse zones 2023-11-01 10:13:33 -07:00			`reversedNetIp =`
			`concatStringsSep "." (tail (reverseList (splitString "." netIp)));`
Convert netmask to string 2023-11-03 13:37:05 -07:00			`in if netMask == 24 then`
Initial attempt at reverse zones 2023-11-01 10:13:33 -07:00			`"${reversedNetIp}.in-addr.arpa."`
			`else`
Convert netmask to string 2023-11-03 13:37:05 -07:00			`"${getLastIpComponent netIp}-${`
			`toString netMask`
			`}.${reversedNetIp}.in-addr.arpa.";`
Initial attempt at reverse zones 2023-11-01 10:13:33 -07:00
			`generateReverseZoneEntries = network: domain: ipHostMap:`
			`let`
			`networkHostsByComponent =`
			`mapAttrs' (ip: hostname: nameValuePair (getLastIpComponent ip) hostname)`
Fix function name 2023-11-03 11:03:48 -07:00			`(getNetworkHosts network ipHostMap);`
toString ip component 2023-11-03 13:24:08 -07:00			`ptrEntry = ip: hostname: "${toString ip} IN PTR ${hostname}.";`
Initial attempt at reverse zones 2023-11-01 10:13:33 -07:00			`getHostname = n:`
hasAttr expects attr first 2023-11-03 12:53:57 -07:00			`if hasAttr n networkHostsByComponent then`
It's not a fuction... 2023-11-03 12:55:52 -07:00			`networkHostsByComponent."${n}"`
Initial attempt at reverse zones 2023-11-01 10:13:33 -07:00			`else`
			`"unassigned-${n}.${domain}";`
			`minIp = toInt (getLastIpComponent (networkMinIp network));`
Include extra IP 2023-11-03 18:15:24 -07:00			`maxIp = toInt (getLastIpComponent (networkMaxIp network));`
Initial attempt at reverse zones 2023-11-01 10:13:33 -07:00			`in map (n: ptrEntry n (getHostname (toString n))) (range minIp maxIp);`

Ugh, to dot or not to dot 2023-11-03 13:33:38 -07:00			`nameserverEntries = map (nameserver: "@ IN NS ${nameserver}") nameservers;`
Initial attempt at reverse zones 2023-11-01 10:13:33 -07:00
Add dnssec for reverse zones 2023-11-03 13:10:50 -07:00			`in nameValuePair "${getNetworkZoneName network}" {`
			`dnssec = keyFile != null;`
			`ksk.keyFile = keyFile;`
Split notify IPs by v4/6 2023-11-09 10:08:32 -08:00			`provideXFR = (map (ns: "${ns}/32 NOKEY") notify.ipv4)`
			`++ (map (ns: "${ns}/64 NOKEY") notify.ipv6);`
			`notify = map (ns: "${ns} NOKEY") (notify.ipv4 ++ notify.ipv6);`
Add dnssec for reverse zones 2023-11-03 13:10:50 -07:00			`data = ''`
			`$ORIGIN ${getNetworkZoneName network}`
			`$TTL ${toString zoneTTL}`
Ugh, to dot or not to dot 2023-11-03 13:33:38 -07:00			`@ IN SOA ${head nameservers} hostmaster.${domain}. (`
Add dnssec for reverse zones 2023-11-03 13:10:50 -07:00			`${serial}`
			`${toString refresh}`
			`${toString retry}`
			`${toString expire}`
			`${toString minimum}`
			`)`
			`${concatStringsSep "\n" nameserverEntries}`
			`${concatStringsSep "\n"`
			`(generateReverseZoneEntries network domain ipHostMap)}`
			`'';`
			`}`