Import more data

README.md

@@ -60,3 +60,4 @@ roundrobin.pvv.ntnu.no. IN AAAA 2001:700:300:1900::202
 - Build and verify with CI/CD
 - Automatically push updated configurations to the DNS server
 - Replace dns.nix with homemade zonefile generators to make them more human readable
+- Host-customizable TTL (e.g. for moving a CNAME around when replacing a service/server)

hosts.nix

@@ -1,6 +1,27 @@
 let
   pvvv4 = hostPart: "129.241.210.${toString hostPart}";
-  pvvv6 = hostPart: "2001:700:300:1900::${toString hostPart}";
+
+  pvvv6 =
+    hostPart:
+    let
+      fieldCount = builtins.length (builtins.split "(:)" (toString hostPart));
+      partSep = if (fieldCount < 4) then "::" else ":";
+    in
+    "2001:700:300:1900${partSep}${toString hostPart}";
+
+  pvvHost = hostPart: {
+    ipv4 = pvvv4 hostPart;
+    ipv6 = pvvv6 hostPart;
+  };
+
+  dhcpStart = 136;
+  dhcpEnd = 160;
+  dhcpHosts = builtins.listToAttrs (
+    builtins.genList (n: {
+      name = "dhcp-${builtins.substring 2 2 (toString (n + 1001))}";
+      value.ipv4 = pvvv4 (n + dhcpStart);
+    }) (dhcpEnd - dhcpStart)
+  );
 in
 {
   # Note: See ./README.md for usage
@@ -11,14 +32,15 @@ in
   # - 9.1.0.0.3.0.0.0.7.0.1.0.0.2.ip6.arpa. (reverse-ipv6, where applicable)
 
   # Servere
-  bekkalokk = {
-    ipv4 = pvvv4 168;
-    ipv6 = pvvv6 168;
+  temmie = pvvHost 167;
 
+  bekkalokk = pvvHost 168 // {
     aliases = [
+      "alps"
       "idp"
       "idp2"
       "pw"
+      "snappymail"
       "webmail"
       "wiki"
       "www"
@@ -26,52 +48,225 @@ in
     ];
   };
 
-  innovation = {
-    ipv4 = pvvv4 214;
+  isvegg = pvvHost 175 // {
+    ipv6 = pvvv6 "1:a";
+
+    aliases = [ "gopher" ];
+  };
+
+  hildring = pvvHost 176 // {
+    ipv6 = pvvv6 "1:9";
+
+    aliases = [
+      "login"
+      "fwlogin"
+    ];
+  };
+
+  microbel = pvvHost 179 // {
+    ipv6 = pvvv6 "1:2"; # TODO - Change
+
+    aliases = [
+      "homepvv"
+      "homepvva"
+      "homepvvb"
+      "homepvvc"
+      "homepvvd"
+      "homepvvh"
+      "homepvvi"
+      "homepvvj"
+      "homepvvk"
+      "homepvvl"
+      "homepvvm"
+      "homepvvt"
+      "homepvvz"
+      "list" # MX/A record handled in ./zones/pvv.ntnu.no.nix
+      "mail"
+      "samba" # TODO: Remove?
+      "sambapvv" # TODO: Remove?
+    ];
+  };
+
+  mail.aliases = [
+    "drift"
+    "imap"
+    "mailhost"
+    "pop"
+    "smtp"
+  ];
+
+  tom = pvvHost 180;
+
+  knutsen.ipv4 = pvvv4 190;
+
+  knutsen-vpn.ipv4 = pvvv4 191;
+
+  balduzius = {
+    ipv4 = pvvv4 192;
+    # TODO: Add IPv6. Note present in ye olde zone file:
+    # ; Kommentert ut IPv6 foreloepig -- maskinen klarer ikke naa default gw paa v6
+    # ipv6 = pvvv6 "1:42";
+
+    aliases = [
+      "kdc"
+      "kerberos"
+    ];
+  };
+
+  sleipner = pvvHost 193 // {
+    ipv6 = pvvv6 "fab:cab:dab:7ab"; # TODO - Change
+
+    aliases = [
+      "lommel"
+      "puppet" # TODO - Remove?
+      "rdist" # TODO - Remove?
+      "salt"
+    ];
+  };
+
+  demiurgen = pvvHost 201 // {
+    aliases = [
+      "demirurgen"
+      "rurgen"
+    ];
+  };
+
+  georg = pvvHost 204 // {
+    ipv6 = pvvv6 "1:4f"; # TODO - Change
+
+    aliases = [
+      "georg-backend"
+      "georg-old"
+    ];
+  };
+
+  brzeczyszczykiewicz = pvvHost 205 // {
+    ipv6 = pvvv6 "1:50"; # TODO - Change
+
+    aliases = [
+      "bokhylle"
+      "brzeczyszczykiewicz-backend"
+      "brzeczyszczykiewicz-old"
+    ];
+  };
+
+  kvernberg = pvvHost 206 // {
+    ipv6 = pvvv6 "1:206"; # TODO - Change
+
+    aliases = [
+      "bank.kvernberg"
+      "exchange.kvernberg"
+    ];
+  };
+
+  bicep = pvvHost 209 // {
+    aliases = [
+      "chat"
+      "hookshot"
+      "matrix"
+      "mirrors"
+      "mysql"
+      "ooye"
+      "postgres"
+      "slidingsync" # TODO - Remove?
+    ];
+  };
+
+  orchid = pvvHost 210;
+
+  dvask.ipv4 = pvvv4 211;
+
+  turn = pvvHost 213;
+
+  innovation = pvvHost 214 // {
     ipv6 = pvvv6 "1:56"; # TODO - Change
   };
 
-  drolsum = {
-    ipv4 = pvvv4 217;
-    ipv6 = pvvv6 217;
-    # hinfo = ["Login-boks" "Debian-konteiner"];
+  drolsum = pvvHost 217 // {
     aliases = [ "login2" ];
   };
 
-  # Terminaler
-  demiurgen = {
-    ipv4 = pvvv4 201;
-    ipv6 = pvvv6 201;
-    # hinfo = ["Terminal" "Debian"];
-    aliases = [ "rurgen" ];
+  wegonke = pvvHost 218 // {
+    ipv6 = pvvv6 "1:218"; # TODO - Change
   };
 
+  kana = pvvHost 219 // {
+    aliases = [
+      "ap"
+    ];
+  };
 
-  # PVV-DNS code stress-testing:
-  # utenipv4 = {
-  #   ipv6 = [
-  #     (pvvv6 1337)
-  #     (pvvv6 "cafe:babe")
-  #   ];
-  # };
+  blossom = pvvHost 220;
 
-  # utenipv6 = {
-  #   ipv4 = pvvv4 137;
-  # };
+  bubbles = pvvHost 221;
 
-  # roundrobin = {
-  #   ipv4 = [
-  #     (pvvv4 201)
-  #     (pvvv4 202)
-  #   ];
-  #   ipv6 = [
-  #     (pvvv6 201)
-  #     (pvvv6 202)
-  #   ];
-  # };
+  buttercup = pvvHost 222;
+
+  kommode = pvvHost 223 // {
+    aliases = [
+      "git"
+      "gitea"
+      "pages"
+    ];
+  };
+
+  lupine-1 = pvvHost 224;
+  lupine-2 = pvvHost 225;
+  lupine-3 = pvvHost 226;
+  lupine-4 = pvvHost 227;
+  lupine-5 = pvvHost 228;
+
+  homeassistant = pvvHost 229 // {
+    ipv6 = pvvv6 "4:229"; # TODO - Change
+  };
+
+  ameno = pvvHost 230 // {
+    ipv6 = pvvv6 "4:230"; # TODO - Change
+  };
+
+  buskerud = pvvHost 231;
+
+  principal = pvvHost 233 // {
+    ipv6 = pvvv6 "4:233";
+
+    aliases = [
+      "loghost"
+    ];
+  };
+
+  ustetind = pvvHost 234;
+
+  skrott.ipv4 = pvvv4 235; # TODO - IPv6?
+
+  tallulah = pvvHost 236 // {
+    ipv6 = pvvv6 "ca60:ff:fe5f:c5e0"; # TODO - Change
+  };
+
+  wenche = pvvHost 240;
+
+  guest1 = pvvHost 248; # Temporary hosts
+  guest2 = pvvHost 249;
+  guest3 = pvvHost 250;
+
+  knutsen-tap.ipv4 = pvvv4 253;
+
+  ludvisen-tap.ipv4 = pvvv4 254;
+
+  # Outside 129.241.210.128/25:
+
+  ildkule = {
+    ipv4 = "129.241.153.213";
+    ipv6 = "2001:700:300:6026:f816:3eff:fe58:f1e8";
+
+    aliases = [
+      "grafana"
+      "journald"
+      "status"
+    ];
+  };
+
+  # TODO - Make less quirky syntax for this
+  "ircnet.underworld.no.".aliases = [ "irc" ];
 
-  # ildkule = {
-  #   ipv4 = "129.241.153.213";
-  #   ipv6 = "2001:700:300:6026:f816:3eff:fe58:f1e8";
-  # };
 }
+// dhcpHosts

zones/pvv.ntnu.no.nix

@@ -8,44 +8,79 @@ in
   useOrigin = true; # Don't output fully qualified names
 
   SOA = {
-    nameServer = "dvask.pvv.ntnu.no";
+    nameServer = "dvask.pvv.ntnu.no.";
     adminEmail = "drift@pvv.ntnu.no";
     serial = 2025021701; # TODO: Automate
   };
+
   NS = [
-    "dvask.pvv.ntnu.no"
-    "nn.unintett.no"
+    "dvask.pvv.ntnu.no."
+    "nn.unintett.no."
+  ];
+
+  MX = [
+    {
+      preference = 10;
+      exchange = "microbel.pvv.ntnu.no.";
+    }
   ];
 
   SRV = [
-      # TODO: Find out if this is a bug in dns.nix
-      # I would think this should be
-      #    _minecraft._tcp IN SRV     0 1 25565 innovation
-      # but actually becomes
-      #    @ IN SRV 0 100 25565 innovation
-      # with no mention of "minecraft" or "tcp"
-      {
-        service = "minecraft";
-        proto = "tcp";
-        port = 25565;
-        target = "innovation";
-      }
+    # TODO: Find out if this is a bug in dns.nix
+    # I would think this should be
+    #    _minecraft._tcp IN SRV     0 1 25565 innovation
+    # (as specified in https://github.com/nix-community/dns.nix/blob/a97cf4156e9f044fe4bed5be531061000dfabb07/dns/types/records/SRV.nix#L55), but actually becomes
+    #    @ IN SRV 0 100 25565 innovation
+    # with no mention of "minecraft" or "tcp"
+    {
+      service = "minecraft";
+      proto = "tcp";
+      port = 25565;
+      target = "innovation";
+      priority = 0;
+      weight = 1;
+    }
+    # TODO:
+    # _minecraft._tcp 3600 IN SRV     0 1 25565 innovation
+    # _kerberos._udp  IN      SRV     0 0 88 balduzius.pvv.ntnu.no.
+    # _kerberos._tcp  IN      SRV     0 0 88 balduzius.pvv.ntnu.no.
+    # _kpasswd._udp   IN      SRV     0 0 464 balduzius.pvv.ntnu.no.
+    # _kerberos-adm._udp      IN      SRV     0 0 749 balduzius.pvv.ntnu.no.
+    # _kerberos-adm._tcp      IN      SRV     0 0 749 balduzius.pvv.ntnu.no.
+    # _http._tcp      IN      SRV     10 10 80 bekkalokk.pvv.ntnu.no.
+    # _https._tcp     IN      SRV     10 10 443 bekkalokk.pvv.ntnu.no.
+  ];
+
+  A = pvvHostRecords.bekkalokk.A;
+  AAAA = pvvHostRecords.bekkalokk.AAAA;
+  TXT = [
+    "v=spf1 mx ~all"
   ];
 
   subdomains = pvvHostRecords // {
-    stackit.NS = [ "ns1.stack.it.ntnu.no" "ns2.stack.it.ntnu.no" ];
+    # *.stackit.pvv.ntnu.no handled by openstack-designate
+    stackit.NS = [
+      "ns1.stack.it.ntnu.no."
+      "ns2.stack.it.ntnu.no."
+    ];
 
-    "@" = {
-      TXT = [
-        "v=spf1 mx ~all"
-      ];
-
-      A = pvvHostRecords.bekkalokk.A;
-      AAAA = pvvHostRecords.bekkalokk.AAAA;
-    };
+    "mail._domainkey".TXT = [
+      "v=DKIM1; h=sha256; k=rsa; "
+      "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsLAI4Fj8lGS1gQbumMCftoynu9G5LCOrs8G/EzbXysKuV5EtCCS3ioJVdt3Bbu5RoTZq0lv0KbIClzW7qPa3u0spt9skOQswkSOhzoraPIwPacEUBRMyc2NYSmnIPthKyb6BTAYB1qcKpRswrNzZ6zbsG8DFD8zEJsbpPGjYSxbluLm+FsQXiX21Biha+psCpDTAGcQODri+Fh5UChYi7MnT7UGd8rvNIYlVPAYPeU0xoUcRRZxHfxLNyOU6TrFQ3MhjSKq06p35y3nN2z/6hjbkxQ8aKc30GB+y2SPrTE8TAXKmIMlWbmhaReFHhOS25XGWfzNVhUfNxa21b5UY7wIDAQAB"
+    ];
 
     _dmarc.TXT = [ "v=DMARC1; p=quarantine; fo=1;" ];
 
+    list = {
+      A = pvvHostRecords.microbel.A;
+      MX = [
+        {
+          preference = 10;
+          exchange = "microbel.pvv.ntnu.no.";
+        }
+      ];
+    };
+
     minecraft.SRV = [
       {
         service = "minecraft";
@@ -54,5 +89,7 @@ in
         target = "innovation";
       }
     ];
+
+    _kerberos.TXT = [ "PVV.NTNU.NO" ];
   };
 }

zones/reverse-ipv6.nix

@@ -2,7 +2,7 @@
 
 with dns.lib.combinators;
 let
-  pvvv6Prefix = builtins.substring 0 14 (normalizev6 "2001:700:300:1900::");
+  pvvv6Prefix = builtins.substring 0 14 (normalizev6 "2001:700:300:1900::"); # /58 is 14 nibbles
   domainSuffix = ".pvv.ntnu.no.";
 
   # Takes an IPv6 address on the format nnnnXXXXnnnn (literal XXXX) and replaces XXXX with enough zeroes to make a full 128 bit address