Drift/PVV-DNS
1
0
Fork 1
Code Issues Pull Requests Actions Releases Activity

Add serial generation. Add deploy action
Some checks failed
Build and test / build (push) Successful in 1m5s
Details
Build and test / test (push) Successful in 21s
Details
Build and test / deploy (push) Failing after 23s
Details

Browse Source
This commit is contained in:
Felix Albrigtsen
2026-02-07 22:35:00 +01:00
parent 39cd332c3b
commit 0806fd023d
9 changed files with 163 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files

157
.gitea/workflows/build-test-deploy.yaml Normal file
View File

@@ -0,0 +1,157 @@
name: Build and test
run-name: Build ${{ gitea.repository }} @ ${{ gitea.sha }} by ${{ gitea.actor }}
on:
push:
branches:
- '**'
pull_request:
branches:
- '**'
jobs:
build:
runs-on: debian-latest
steps:
- name: Debug output
run: |
echo "PVV-DNS build triggered by a ${{ gitea.event_name }} event"
echo "Building ${{ gitea.repository }} on ref ${{ gitea.ref }}"
- name: Install sudo
run: apt-get install --update --assume-yes sudo
- name: Install nix
uses: https://github.com/cachix/install-nix-action@v31
with:
extra_nix_config: |
experimental-features = nix-command flakes
- name: Checkout repository
uses: actions/checkout@v6
- name: Build zonefiles
run: nix build .#zoneFiles
- name: Build nsd-config
run: nix build .#nsdConfig
- name: Build default
run: nix build --out-link /tmp/result .#
- name: Upload artifact
uses: actions/upload-artifact@v3
with:
name: build-output
path: /tmp/result
if-no-files-found: error
test:
runs-on: debian-latest
needs: build
steps:
- name: Download artifact
uses: actions/download-artifact@v3
with:
name: build-output
path: /tmp/result
- name: Install nsd
run: apt-get install --update --assume-yes nsd
- name: Check configuration file
run: |
echo "Checking nsd configuration file"
nsd-checkconf /tmp/result/etc/nsd/nsd.conf && echo "/tmp/result/etc/nsd/nsd.conf is ok"
- name: Check zonefiles
run: |
declare -a domains=(
"128-255.210.241.129.in-addr.arpa"
"210.241.129.in-addr.arpa"
"9.1.0.0.3.0.0.0.7.0.1.0.0.2.ip6.arpa"
"nucc.org"
"pvv.no"
"pvv.ntnu.no"
"pvv.org"
)
for domain in "${domains[@]}"
do
echo "Checking domain '$domain'"
nsd-checkzone "$domain" "/tmp/result/zones/${domain}.zone"
done
deploy:
runs-on: debian-latest
needs: [build, test]
if: github.ref == 'refs/heads/main'
steps:
- name: Download artifact
uses: actions/download-artifact@v3
with:
name: build-output
path: /tmp/result
- name: Install required tools
run: apt-get install --update --assume-yes dnsutils rsync
- name: Replace placeholder serial
run: |
SERIAL_OLD="$(dig +short SOA pvv.ntnu.no | cut -d" " -f3)"
if [[ -z "$SERIAL_OLD" || ! "$SERIAL_OLD" =~ ^[0-9]+$ || $SERIAL_OLD -lt 1970010101 || $SERIAL_OLD -gt 3000000000 ]]; then
echo "Error: SERIAL_OLD='$SERIAL_OLD' does not look reasonable"
exit 1
fi
DATE="$(date "+%Y%m%d")"
if [[ "$SERIAL_OLD" == "$DATE*" ]]
then
SERIAL_NEW="$((SERIAL+1))"
else
SERIAL_NEW="${DATE}01"
fi
SERIAL_PLACEHOLDER=1970010101
echo "Replacing existing zone serial $SERIAL_OLD with new serial $SERIAL_NEW"
find /tmp/result/zones -type f -name "*.zone" -exec sed -i "s/$SERIAL_PLACEHOLDER/$SERIAL_NEW/" {} \;
- name: Prepare SSH for deployment
run: |
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "${{ SSH_KNOWN_HOSTS }}" > ~/.ssh/known_hosts
echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/deploy_key
chmod 600 ~/.ssh/deploy_key
cat <<EOF > ~/.ssh/config
Host targethost
User ${{ SSH_USER }}
Hostname ${{ SSH_HOST }}
IdentityFile ~/.ssh/deploy_key
ForwardAgent no
ForwardX11 no
PasswordAuthentication no
StrictHostKeyChecking yes
EOF
echo "Configured SSH to ${SSH_USER}@${SSH_HOST}"
- name: Deploy files to host
run: |
echo "Deploying zonefiles"
rsync -avz --delete /tmp/result/zones/ targethost:/var/nsd/zones
echo "Deploying nsd config"
rsync -avz /tmp/result/etc/nsd/nsd.conf targethost:/var/nsd/etc/nsd/nsd.conf
echo "Reloading config file"
ssh targethost "doas /usr/sbin/nsd-control reconfig"
echo "Reloading zone files"
ssh targethost "doas /usr/sbin/nsd-control reload"
- name: Verifying operation
run: dig "@$SSH_HOST" SOA pvv.ntnu.no

78
.gitea/workflows/build-test.yaml
View File

@@ -1,78 +0,0 @@
name: Build and test
run-name: Build and test ${{ gitea.repository }} @ ${{ gitea.sha }} by ${{ gitea.actor }}
on:
push:
branches:
- main
jobs:
build:
runs-on: debian-latest
steps:
- name: Debug output
run: |
echo "PVV-DNS build triggered by a ${{ gitea.event_name }} event"
echo "Building ${{ gitea.repository }} on ref ${{ gitea.ref }}"
- name: Install sudo
run: apt-get install --update --assume-yes sudo
- name: Install nix
uses: https://github.com/cachix/install-nix-action@v31
with:
extra_nix_config: |
experimental-features = nix-command flakes
- name: Checkout repository
uses: actions/checkout@v6
- name: Build zonefiles
run: nix build .#zoneFiles
- name: Build nsd-config
run: nix build .#nsdConfig
- name: Build default
run: nix build --out-link /tmp/result .#
- name: Upload artifact
uses: actions/upload-artifact@v3
with:
name: build-output
path: /tmp/result
if-no-files-found: error
test:
runs-on: debian-latest
needs: build
steps:
- name: Download artifact
uses: actions/download-artifact@v3
with:
name: build-output
path: /tmp/result
- name: Install nsd
run: apt-get install --update --assume-yes nsd
- name: Check configuration file
run: |
echo "Checking nsd configuration file"
nsd-checkconf /tmp/result/etc/nsd/nsd.conf && echo "/tmp/result/etc/nsd/nsd.conf is ok"
- name: Check zonefiles
run: |
declare -a domains=(
"128-255.210.241.129.in-addr.arpa"
"210.241.129.in-addr.arpa"
"9.1.0.0.3.0.0.0.7.0.1.0.0.2.ip6.arpa"
"nucc.org"
"pvv.no"
"pvv.ntnu.no"
"pvv.org"
)
for domain in "${domains[@]}"
do
echo "Checking domain '$domain'"
nsd-checkzone "$domain" "/tmp/result/zones/${domain}.zone"
done

2
README.md
View File

@@ -93,7 +93,6 @@ result
(**TLDR: Files in /var/nsd, run `nsd-control reload`**)
- If applicable, make changes to `./hosts.nix` or the appropriate file in `./zones/`
- ... and update the corresponding serial number(s)
- Build this project (anywhere, on any host with nix)
- `nix build .#`
- Install the contents of `./result` into `/var/nsd`
@@ -112,7 +111,6 @@ result
## Future plans
- Automate serial generation
- Build and verify with CI/CD
- Automatically push updated configurations to the DNS server
- Also generate DNS server configuration files

2
pvv-domain.nix
View File

@@ -15,7 +15,7 @@ in
SOA = {
nameServer = "dvask.pvv.ntnu.no.";
adminEmail = "drift@pvv.ntnu.no";
serial = 2026012301; # TODO: Automate
serial = 1970010101; # Placeholder, replaced in deploy step
};
NS = [

2
zones/nucc.org.nix
View File

@@ -7,7 +7,7 @@ with dns.lib.combinators;
SOA = {
nameServer = "dvask.pvv.ntnu.no";
adminEmail = "drift@pvv.ntnu.no";
serial = 2026012301; # TODO: Automate
serial = 1970010101; # Placeholder, replaced in deploy step
};
NS = [

2
zones/pvv.no.nix
View File

@@ -7,7 +7,7 @@ with dns.lib.combinators;
SOA = {
nameServer = "dvask.pvv.ntnu.no";
adminEmail = "drift@pvv.ntnu.no";
serial = 2026012301; # TODO: Automate
serial = 1970010101; # Placeholder, replaced in deploy step
};
NS = [
"dvask.pvv.ntnu.no"

2
zones/reverse-ipv4-parent.nix
View File

@@ -7,7 +7,7 @@ with dns.lib.combinators;
SOA = {
nameServer = "dvask.pvv.ntnu.no";
adminEmail = "drift@pvv.ntnu.no";
serial = 2026012301; # TODO: Automate
serial = 1970010101; # Placeholder, replaced in deploy step
};
NS = [
"dvask.pvv.ntnu.no"

2
zones/reverse-ipv4.nix
View File

@@ -31,7 +31,7 @@ in
SOA = {
nameServer = "dvask.pvv.ntnu.no";
adminEmail = "drift@pvv.ntnu.no";
serial = 2026012301; # TODO: Automate
serial = 1970010101; # Placeholder, replaced in deploy step
};
NS = [
"dvask.pvv.ntnu.no"

2
zones/reverse-ipv6.nix
View File

@@ -68,7 +68,7 @@ in
SOA = {
nameServer = "dvask.pvv.ntnu.no";
adminEmail = "drift@pvv.ntnu.no";
serial = 2026012301; # TODO: Automate
serial = 1970010101; # Placeholder, replaced in deploy step
};
NS = [
"dvask.pvv.ntnu.no"