diff --git a/README.md b/README.md index 62e53f4..5978265 100644 --- a/README.md +++ b/README.md @@ -60,3 +60,4 @@ roundrobin.pvv.ntnu.no. IN AAAA 2001:700:300:1900::202 - Build and verify with CI/CD - Automatically push updated configurations to the DNS server - Replace dns.nix with homemade zonefile generators to make them more human readable +- Host-customizable TTL (e.g. for moving a CNAME around when replacing a service/server) diff --git a/hosts.nix b/hosts.nix index 0ff4f44..27687f0 100644 --- a/hosts.nix +++ b/hosts.nix @@ -1,6 +1,27 @@ let pvvv4 = hostPart: "129.241.210.${toString hostPart}"; - pvvv6 = hostPart: "2001:700:300:1900::${toString hostPart}"; + + pvvv6 = + hostPart: + let + fieldCount = builtins.length (builtins.split "(:)" (toString hostPart)); + partSep = if (fieldCount < 4) then "::" else ":"; + in + "2001:700:300:1900${partSep}${toString hostPart}"; + + pvvHost = hostPart: { + ipv4 = pvvv4 hostPart; + ipv6 = pvvv6 hostPart; + }; + + dhcpStart = 136; + dhcpEnd = 160; + dhcpHosts = builtins.listToAttrs ( + builtins.genList (n: { + name = "dhcp-${builtins.substring 2 2 (toString (n + 1001))}"; + value.ipv4 = pvvv4 (n + dhcpStart); + }) (dhcpEnd - dhcpStart) + ); in { # Note: See ./README.md for usage @@ -11,14 +32,15 @@ in # - 9.1.0.0.3.0.0.0.7.0.1.0.0.2.ip6.arpa. (reverse-ipv6, where applicable) # Servere - bekkalokk = { - ipv4 = pvvv4 168; - ipv6 = pvvv6 168; + temmie = pvvHost 167; + bekkalokk = pvvHost 168 // { aliases = [ + "alps" "idp" "idp2" "pw" + "snappymail" "webmail" "wiki" "www" @@ -26,52 +48,225 @@ in ]; }; - innovation = { - ipv4 = pvvv4 214; + isvegg = pvvHost 175 // { + ipv6 = pvvv6 "1:a"; + + aliases = [ "gopher" ]; + }; + + hildring = pvvHost 176 // { + ipv6 = pvvv6 "1:9"; + + aliases = [ + "login" + "fwlogin" + ]; + }; + + microbel = pvvHost 179 // { + ipv6 = pvvv6 "1:2"; # TODO - Change + + aliases = [ + "homepvv" + "homepvva" + "homepvvb" + "homepvvc" + "homepvvd" + "homepvvh" + "homepvvi" + "homepvvj" + "homepvvk" + "homepvvl" + "homepvvm" + "homepvvt" + "homepvvz" + "list" # MX/A record handled in ./zones/pvv.ntnu.no.nix + "mail" + "samba" # TODO: Remove? + "sambapvv" # TODO: Remove? + ]; + }; + + mail.aliases = [ + "drift" + "imap" + "mailhost" + "pop" + "smtp" + ]; + + tom = pvvHost 180; + + knutsen.ipv4 = pvvv4 190; + + knutsen-vpn.ipv4 = pvvv4 191; + + balduzius = { + ipv4 = pvvv4 192; + # TODO: Add IPv6. Note present in ye olde zone file: + # ; Kommentert ut IPv6 foreloepig -- maskinen klarer ikke naa default gw paa v6 + # ipv6 = pvvv6 "1:42"; + + aliases = [ + "kdc" + "kerberos" + ]; + }; + + sleipner = pvvHost 193 // { + ipv6 = pvvv6 "fab:cab:dab:7ab"; # TODO - Change + + aliases = [ + "lommel" + "puppet" # TODO - Remove? + "rdist" # TODO - Remove? + "salt" + ]; + }; + + demiurgen = pvvHost 201 // { + aliases = [ + "demirurgen" + "rurgen" + ]; + }; + + georg = pvvHost 204 // { + ipv6 = pvvv6 "1:4f"; # TODO - Change + + aliases = [ + "georg-backend" + "georg-old" + ]; + }; + + brzeczyszczykiewicz = pvvHost 205 // { + ipv6 = pvvv6 "1:50"; # TODO - Change + + aliases = [ + "bokhylle" + "brzeczyszczykiewicz-backend" + "brzeczyszczykiewicz-old" + ]; + }; + + kvernberg = pvvHost 206 // { + ipv6 = pvvv6 "1:206"; # TODO - Change + + aliases = [ + "bank.kvernberg" + "exchange.kvernberg" + ]; + }; + + bicep = pvvHost 209 // { + aliases = [ + "chat" + "hookshot" + "matrix" + "mirrors" + "mysql" + "ooye" + "postgres" + "slidingsync" # TODO - Remove? + ]; + }; + + orchid = pvvHost 210; + + dvask.ipv4 = pvvv4 211; + + turn = pvvHost 213; + + innovation = pvvHost 214 // { ipv6 = pvvv6 "1:56"; # TODO - Change }; - drolsum = { - ipv4 = pvvv4 217; - ipv6 = pvvv6 217; - # hinfo = ["Login-boks" "Debian-konteiner"]; + drolsum = pvvHost 217 // { aliases = [ "login2" ]; }; - # Terminaler - demiurgen = { - ipv4 = pvvv4 201; - ipv6 = pvvv6 201; - # hinfo = ["Terminal" "Debian"]; - aliases = [ "rurgen" ]; + wegonke = pvvHost 218 // { + ipv6 = pvvv6 "1:218"; # TODO - Change }; + kana = pvvHost 219 // { + aliases = [ + "ap" + ]; + }; - # PVV-DNS code stress-testing: - # utenipv4 = { - # ipv6 = [ - # (pvvv6 1337) - # (pvvv6 "cafe:babe") - # ]; - # }; + blossom = pvvHost 220; - # utenipv6 = { - # ipv4 = pvvv4 137; - # }; + bubbles = pvvHost 221; - # roundrobin = { - # ipv4 = [ - # (pvvv4 201) - # (pvvv4 202) - # ]; - # ipv6 = [ - # (pvvv6 201) - # (pvvv6 202) - # ]; - # }; + buttercup = pvvHost 222; + + kommode = pvvHost 223 // { + aliases = [ + "git" + "gitea" + "pages" + ]; + }; + + lupine-1 = pvvHost 224; + lupine-2 = pvvHost 225; + lupine-3 = pvvHost 226; + lupine-4 = pvvHost 227; + lupine-5 = pvvHost 228; + + homeassistant = pvvHost 229 // { + ipv6 = pvvv6 "4:229"; # TODO - Change + }; + + ameno = pvvHost 230 // { + ipv6 = pvvv6 "4:230"; # TODO - Change + }; + + buskerud = pvvHost 231; + + principal = pvvHost 233 // { + ipv6 = pvvv6 "4:233"; + + aliases = [ + "loghost" + ]; + }; + + ustetind = pvvHost 234; + + skrott.ipv4 = pvvv4 235; # TODO - IPv6? + + tallulah = pvvHost 236 // { + ipv6 = pvvv6 "ca60:ff:fe5f:c5e0"; # TODO - Change + }; + + wenche = pvvHost 240; + + guest1 = pvvHost 248; # Temporary hosts + guest2 = pvvHost 249; + guest3 = pvvHost 250; + + knutsen-tap.ipv4 = pvvv4 253; + + ludvisen-tap.ipv4 = pvvv4 254; + + # Outside 129.241.210.128/25: + + ildkule = { + ipv4 = "129.241.153.213"; + ipv6 = "2001:700:300:6026:f816:3eff:fe58:f1e8"; + + aliases = [ + "grafana" + "journald" + "status" + ]; + }; + + # TODO - Make less quirky syntax for this + "ircnet.underworld.no.".aliases = [ "irc" ]; - # ildkule = { - # ipv4 = "129.241.153.213"; - # ipv6 = "2001:700:300:6026:f816:3eff:fe58:f1e8"; - # }; } +// dhcpHosts diff --git a/zones/pvv.ntnu.no.nix b/zones/pvv.ntnu.no.nix index ba7adf8..7db57f0 100644 --- a/zones/pvv.ntnu.no.nix +++ b/zones/pvv.ntnu.no.nix @@ -8,44 +8,79 @@ in useOrigin = true; # Don't output fully qualified names SOA = { - nameServer = "dvask.pvv.ntnu.no"; + nameServer = "dvask.pvv.ntnu.no."; adminEmail = "drift@pvv.ntnu.no"; serial = 2025021701; # TODO: Automate }; + NS = [ - "dvask.pvv.ntnu.no" - "nn.unintett.no" + "dvask.pvv.ntnu.no." + "nn.unintett.no." + ]; + + MX = [ + { + preference = 10; + exchange = "microbel.pvv.ntnu.no."; + } ]; SRV = [ - # TODO: Find out if this is a bug in dns.nix - # I would think this should be - # _minecraft._tcp IN SRV 0 1 25565 innovation - # but actually becomes - # @ IN SRV 0 100 25565 innovation - # with no mention of "minecraft" or "tcp" - { - service = "minecraft"; - proto = "tcp"; - port = 25565; - target = "innovation"; - } + # TODO: Find out if this is a bug in dns.nix + # I would think this should be + # _minecraft._tcp IN SRV 0 1 25565 innovation + # (as specified in https://github.com/nix-community/dns.nix/blob/a97cf4156e9f044fe4bed5be531061000dfabb07/dns/types/records/SRV.nix#L55), but actually becomes + # @ IN SRV 0 100 25565 innovation + # with no mention of "minecraft" or "tcp" + { + service = "minecraft"; + proto = "tcp"; + port = 25565; + target = "innovation"; + priority = 0; + weight = 1; + } + # TODO: + # _minecraft._tcp 3600 IN SRV 0 1 25565 innovation + # _kerberos._udp IN SRV 0 0 88 balduzius.pvv.ntnu.no. + # _kerberos._tcp IN SRV 0 0 88 balduzius.pvv.ntnu.no. + # _kpasswd._udp IN SRV 0 0 464 balduzius.pvv.ntnu.no. + # _kerberos-adm._udp IN SRV 0 0 749 balduzius.pvv.ntnu.no. + # _kerberos-adm._tcp IN SRV 0 0 749 balduzius.pvv.ntnu.no. + # _http._tcp IN SRV 10 10 80 bekkalokk.pvv.ntnu.no. + # _https._tcp IN SRV 10 10 443 bekkalokk.pvv.ntnu.no. + ]; + + A = pvvHostRecords.bekkalokk.A; + AAAA = pvvHostRecords.bekkalokk.AAAA; + TXT = [ + "v=spf1 mx ~all" ]; subdomains = pvvHostRecords // { - stackit.NS = [ "ns1.stack.it.ntnu.no" "ns2.stack.it.ntnu.no" ]; + # *.stackit.pvv.ntnu.no handled by openstack-designate + stackit.NS = [ + "ns1.stack.it.ntnu.no." + "ns2.stack.it.ntnu.no." + ]; - "@" = { - TXT = [ - "v=spf1 mx ~all" - ]; - - A = pvvHostRecords.bekkalokk.A; - AAAA = pvvHostRecords.bekkalokk.AAAA; - }; + "mail._domainkey".TXT = [ + "v=DKIM1; h=sha256; k=rsa; " + "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsLAI4Fj8lGS1gQbumMCftoynu9G5LCOrs8G/EzbXysKuV5EtCCS3ioJVdt3Bbu5RoTZq0lv0KbIClzW7qPa3u0spt9skOQswkSOhzoraPIwPacEUBRMyc2NYSmnIPthKyb6BTAYB1qcKpRswrNzZ6zbsG8DFD8zEJsbpPGjYSxbluLm+FsQXiX21Biha+psCpDTAGcQODri+Fh5UChYi7MnT7UGd8rvNIYlVPAYPeU0xoUcRRZxHfxLNyOU6TrFQ3MhjSKq06p35y3nN2z/6hjbkxQ8aKc30GB+y2SPrTE8TAXKmIMlWbmhaReFHhOS25XGWfzNVhUfNxa21b5UY7wIDAQAB" + ]; _dmarc.TXT = [ "v=DMARC1; p=quarantine; fo=1;" ]; + list = { + A = pvvHostRecords.microbel.A; + MX = [ + { + preference = 10; + exchange = "microbel.pvv.ntnu.no."; + } + ]; + }; + minecraft.SRV = [ { service = "minecraft"; @@ -54,5 +89,7 @@ in target = "innovation"; } ]; + + _kerberos.TXT = [ "PVV.NTNU.NO" ]; }; } diff --git a/zones/reverse-ipv6.nix b/zones/reverse-ipv6.nix index 19e6900..3756637 100644 --- a/zones/reverse-ipv6.nix +++ b/zones/reverse-ipv6.nix @@ -2,7 +2,7 @@ with dns.lib.combinators; let - pvvv6Prefix = builtins.substring 0 14 (normalizev6 "2001:700:300:1900::"); + pvvv6Prefix = builtins.substring 0 14 (normalizev6 "2001:700:300:1900::"); # /58 is 14 nibbles domainSuffix = ".pvv.ntnu.no."; # Takes an IPv6 address on the format nnnnXXXXnnnn (literal XXXX) and replaces XXXX with enough zeroes to make a full 128 bit address