authoritative-dns/reverse-zone.nix

{ pkgs, ... }:

{ domain, network, nameservers, ipHostMap, serial, keyFile ? null
, zoneTTL ? 10800, refresh ? 3600, retry ? 1800, expire ? 604800, minimum ? 3600
}:

with pkgs.lib;
let
  inherit (pkgs.lib.ip)
    networkMinIp networkMaxButOneIp ipv4OnNetwork getNetworkMask getNetworkBase;

  range = base: top:
    assert base < top;
    let
      rangeFun = base: top:
        if base == top then [ ] else [ base ] ++ (rangeFun (base + 1) top);
    in rangeFun base top;

  getNetworkHosts = network: filterAttrs (ip: _: ipv4OnNetwork ip network);

  getLastIpComponent = ip: head (reverseList (splitString "." ip));

  getNetworkZoneName = network:
    let
      netElems = splitString "/" network;
      netIp = getNetworkBase network;
      netMask = getNetworkMask network;
      reversedNetIp =
        concatStringsSep "." (tail (reverseList (splitString "." netIp)));
    in if netMask == 24 then
      "${reversedNetIp}.in-addr.arpa."
    else
      "${getLastIpComponent netIp}-${
        toString netMask
      }.${reversedNetIp}.in-addr.arpa.";

  generateReverseZoneEntries = network: domain: ipHostMap:
    let
      networkHostsByComponent =
        mapAttrs' (ip: hostname: nameValuePair (getLastIpComponent ip) hostname)
        (getNetworkHosts network ipHostMap);
      ptrEntry = ip: hostname: "${toString ip} IN PTR ${hostname}.";
      getHostname = n:
        if hasAttr n networkHostsByComponent then
          networkHostsByComponent."${n}"
        else
          "unassigned-${n}.${domain}";
      minIp = toInt (getLastIpComponent (networkMinIp network));
      maxIp = toInt (getLastIpComponent (networkMaxButOneIp network));
    in map (n: ptrEntry n (getHostname (toString n))) (range minIp maxIp);

  nameserverEntries = map (nameserver: "@ IN NS ${nameserver}") nameservers;

in nameValuePair "${getNetworkZoneName network}" {
  dnssec = keyFile != null;
  ksk.keyFile = keyFile;
  data = ''
    $ORIGIN ${getNetworkZoneName network}
    $TTL ${toString zoneTTL}
    @ IN SOA ${head nameservers} hostmaster.${domain}. (
      ${serial}
      ${toString refresh}
      ${toString retry}
      ${toString expire}
      ${toString minimum}
    )
    ${concatStringsSep "\n" nameserverEntries}
    ${concatStringsSep "\n"
    (generateReverseZoneEntries network domain ipHostMap)}
  '';
}
Initial attempt at reverse zones 2023-11-01 10:13:33 -07:00			`{ pkgs, ... }:`

Add dnssec for reverse zones 2023-11-03 13:10:50 -07:00			`{ domain, network, nameservers, ipHostMap, serial, keyFile ? null`
			`, zoneTTL ? 10800, refresh ? 3600, retry ? 1800, expire ? 604800, minimum ? 3600`
			`}:`
Initial attempt at reverse zones 2023-11-01 10:13:33 -07:00
			`with pkgs.lib;`
			`let`
Use lib for getNetworkBase/Mask 2023-11-03 13:35:36 -07:00			`inherit (pkgs.lib.ip)`
			`networkMinIp networkMaxButOneIp ipv4OnNetwork getNetworkMask getNetworkBase;`
Inherit needed functions 2023-11-03 11:01:14 -07:00
Initial attempt at reverse zones 2023-11-01 10:13:33 -07:00			`range = base: top:`
			`assert base < top;`
			`let`
			`rangeFun = base: top:`
			`if base == top then [ ] else [ base ] ++ (rangeFun (base + 1) top);`
			`in rangeFun base top;`

hasAttr expects attr first 2023-11-03 12:53:57 -07:00			`getNetworkHosts = network: filterAttrs (ip: _: ipv4OnNetwork ip network);`
Initial attempt at reverse zones 2023-11-01 10:13:33 -07:00
			`getLastIpComponent = ip: head (reverseList (splitString "." ip));`

			`getNetworkZoneName = network:`
			`let`
			`netElems = splitString "/" network;`
Use lib for getNetworkBase/Mask 2023-11-03 13:35:36 -07:00			`netIp = getNetworkBase network;`
			`netMask = getNetworkMask network;`
Initial attempt at reverse zones 2023-11-01 10:13:33 -07:00			`reversedNetIp =`
			`concatStringsSep "." (tail (reverseList (splitString "." netIp)));`
Convert netmask to string 2023-11-03 13:37:05 -07:00			`in if netMask == 24 then`
Initial attempt at reverse zones 2023-11-01 10:13:33 -07:00			`"${reversedNetIp}.in-addr.arpa."`
			`else`
Convert netmask to string 2023-11-03 13:37:05 -07:00			`"${getLastIpComponent netIp}-${`
			`toString netMask`
			`}.${reversedNetIp}.in-addr.arpa.";`
Initial attempt at reverse zones 2023-11-01 10:13:33 -07:00
			`generateReverseZoneEntries = network: domain: ipHostMap:`
			`let`
			`networkHostsByComponent =`
			`mapAttrs' (ip: hostname: nameValuePair (getLastIpComponent ip) hostname)`
Fix function name 2023-11-03 11:03:48 -07:00			`(getNetworkHosts network ipHostMap);`
toString ip component 2023-11-03 13:24:08 -07:00			`ptrEntry = ip: hostname: "${toString ip} IN PTR ${hostname}.";`
Initial attempt at reverse zones 2023-11-01 10:13:33 -07:00			`getHostname = n:`
hasAttr expects attr first 2023-11-03 12:53:57 -07:00			`if hasAttr n networkHostsByComponent then`
It's not a fuction... 2023-11-03 12:55:52 -07:00			`networkHostsByComponent."${n}"`
Initial attempt at reverse zones 2023-11-01 10:13:33 -07:00			`else`
			`"unassigned-${n}.${domain}";`
			`minIp = toInt (getLastIpComponent (networkMinIp network));`
			`maxIp = toInt (getLastIpComponent (networkMaxButOneIp network));`
			`in map (n: ptrEntry n (getHostname (toString n))) (range minIp maxIp);`

Ugh, to dot or not to dot 2023-11-03 13:33:38 -07:00			`nameserverEntries = map (nameserver: "@ IN NS ${nameserver}") nameservers;`
Initial attempt at reverse zones 2023-11-01 10:13:33 -07:00
Add dnssec for reverse zones 2023-11-03 13:10:50 -07:00			`in nameValuePair "${getNetworkZoneName network}" {`
			`dnssec = keyFile != null;`
			`ksk.keyFile = keyFile;`
			`data = ''`
			`$ORIGIN ${getNetworkZoneName network}`
			`$TTL ${toString zoneTTL}`
Ugh, to dot or not to dot 2023-11-03 13:33:38 -07:00			`@ IN SOA ${head nameservers} hostmaster.${domain}. (`
Add dnssec for reverse zones 2023-11-03 13:10:50 -07:00			`${serial}`
			`${toString refresh}`
			`${toString retry}`
			`${toString expire}`
			`${toString minimum}`
			`)`
			`${concatStringsSep "\n" nameserverEntries}`
			`${concatStringsSep "\n"`
			`(generateReverseZoneEntries network domain ipHostMap)}`
			`'';`
			`}`