Drift/PVV-DNS
1
0
Fork 1
Code Issues Pull Requests Actions Activity

nixfmt

Browse Source
This commit is contained in:
Felix Albrigtsen
2026-01-18 17:29:12 +01:00
parent 3ab3077096
commit 7636fbcb58
7 changed files with 110 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
hosts.nix
View File

@@ -1,7 +1,8 @@
let
pvvv4 = hostPart: "129.241.210.${toString hostPart}";
pvvv6 = hostPart: "2001:700:300:1900::${toString hostPart}";
in {
in
{
# Terminaler
demiurgen = {
@@ -29,7 +30,13 @@ in {
};
roundrobin = {
ipv4 = [ (pvvv4 201) (pvvv4 202) ];
ipv6 = [ (pvvv6 201) (pvvv6 202) ];
ipv4 = [
(pvvv4 201)
(pvvv4 202)
];
ipv6 = [
(pvvv6 201)
(pvvv6 202)
];
};
}

78
pvv-subdomains.nix
View File

@@ -6,37 +6,57 @@ let
hosts = import ./hosts.nix;
# Normal host forward records
hostRecords =
(lib.mapAttrs (
hostRecords = (
lib.mapAttrs (
name: host:
lib.filterAttrs (_: value: !builtins.isNull value) {
A = if !builtins.hasAttr "ipv4" host then null
else if builtins.elem (builtins.typeOf host.ipv4) [ "list" "set" ] then host.ipv4
else [ host.ipv4 ];
AAAA = if !builtins.hasAttr "ipv6" host then null
else if builtins.elem (builtins.typeOf host.ipv6) [ "list" "set" ] then host.ipv6
else [ host.ipv6 ];
}
) hosts);
# Above can be replaced using dns.nix helpers, without support for roundrobin, custom TTL, etc;
# (lib.mapAttrs (name: host: dns.lib.host (host.ipv4 or null) (host.ipv6 or null)) hosts)
# CNAMEs
aliasRecords = builtins.listToAttrs (
lib.concatLists (
lib.mapAttrsToList (
target: host:
if (!builtins.hasAttr "aliases" host) then [ ]
A =
if !builtins.hasAttr "ipv4" host then
null
else if
builtins.elem (builtins.typeOf host.ipv4) [
"list"
"set"
]
then
host.ipv4
else
lib.map (source: {
name = source;
value.CNAME = [ target ];
}) host.aliases
) hosts
) );
[ host.ipv4 ];
AAAA =
if !builtins.hasAttr "ipv6" host then
null
else if
builtins.elem (builtins.typeOf host.ipv6) [
"list"
"set"
]
then
host.ipv6
else
[ host.ipv6 ];
}
) hosts
);
# Above can be replaced using dns.nix helpers, without support for roundrobin, custom TTL, etc;
# (lib.mapAttrs (name: host: dns.lib.host (host.ipv4 or null) (host.ipv6 or null)) hosts)
# CNAMEs
aliasRecords = builtins.listToAttrs (
lib.concatLists (
lib.mapAttrsToList (
target: host:
if (!builtins.hasAttr "aliases" host) then
[ ]
else
lib.map (source: {
name = source;
value.CNAME = [ target ];
}) host.aliases
) hosts
)
);
in
# TODO: Merge such that an error is raised if a label exists in more than one of these sets:
( hostRecords // aliasRecords )
# TODO: Merge such that an error is raised if a label exists in more than one of these sets:
(hostRecords // aliasRecords)

9
zoneConfig.nix
View File

@@ -22,12 +22,11 @@ stdenvNoCC.mkDerivation {
name = "zoneConfig";
dontUnpack = true;
installPhase =
''
mkdir -p $out/zones
installPhase = ''
mkdir -p $out/zones
''
+ (lib.concatMapAttrsStringSep "\n" (name: path: "cp ${path} $out/zones/${name}.zone") zoneConfigs);
''
+ (lib.concatMapAttrsStringSep "\n" (name: path: "cp ${path} $out/zones/${name}.zone") zoneConfigs);
# TODO: Write named.conf to include the zones, set allow-transfer, etc.
}

9
zones/pvv.ntnu.no.nix
View File

@@ -19,9 +19,8 @@ in
CNAME = [ "www.pvv.ntnu.no" ];
subdomains =
pvvHostRecords
// { # Override with custom / additional subdomains
"_dmarc".TXT = [ "v=DMARC1; p=quarantine; fo=1;" ]; # TODO: Better example, as dns.nix has the DMARC type
};
subdomains = pvvHostRecords // {
# Override with custom / additional subdomains
"_dmarc".TXT = [ "v=DMARC1; p=quarantine; fo=1;" ]; # TODO: Better example, as dns.nix has the DMARC type
};
}

7
zones/pvv.org.nix
View File

@@ -19,9 +19,8 @@ in
CNAME = [ "www.pvv.org" ];
subdomains =
pvvHostRecords
// { # Override with custom / additional subdomains
subdomains = pvvHostRecords // {
# Override with custom / additional subdomains
};
};
}

44
zones/reverse-ipv4-parent.nix
View File

@@ -15,31 +15,37 @@ with dns.lib.combinators;
"nn.unintett.no"
];
subdomains = let
# $GENERATE 0-127 $ CNAME $.0-127
nvgRedirects = builtins.listToAttrs ( builtins.genList (n:
{ name = toString n; value.CNAME = [ "${toString n}.0-127" ]; }
) 127);
subdomains =
let
# $GENERATE 0-127 $ CNAME $.0-127
nvgRedirects = builtins.listToAttrs (
builtins.genList (n: {
name = toString n;
value.CNAME = [ "${toString n}.0-127" ];
}) 127
);
# $GENERATE 128-255 $ CNAME $.128-255
pvvRedirects = builtins.listToAttrs ( builtins.genList (n:
{ name = toString (n+128); value.CNAME = [ "${toString (n+128)}.128-255" ]; }
) 127);
in {
# 129.241.210.0/25 delegated to NVGs NS
"0-127" = {
NS = [
# $GENERATE 128-255 $ CNAME $.128-255
pvvRedirects = builtins.listToAttrs (
builtins.genList (n: {
name = toString (n + 128);
value.CNAME = [ "${toString (n + 128)}.128-255" ];
}) 127
);
in
{
# 129.241.210.0/25 delegated to NVGs NS
"0-127".NS = [
"swix.nvg.ntnu.no"
"nn.uninett.no"
];
};
# 129.241.210.128/25 delegated to PVVs NS
"128-255" = {
NS = [
# 129.241.210.128/25 delegated to PVVs NS
"128-255".NS = [
"dvask.pvv.ntnu.no"
"nn.uninett.no"
];
};
} // nvgRedirects // pvvRedirects;
}
// nvgRedirects
// pvvRedirects;
}

24
zones/reverse-ipv4.nix
View File

@@ -9,16 +9,22 @@ let
# Find all the A-records pointing into the PVV-network, and generate the opposing PTR records
# TODO: Handle duplicates? Avoid NVG-IPs?
pvvHostReverseRecords = builtins.listToAttrs (
lib.concatLists (
lib.mapAttrsToList ( target: host:
lib.map
(aRecordKey: let
lib.concatLists (
lib.mapAttrsToList (
target: host:
lib.map (
aRecordKey:
let
hostOctet = builtins.elemAt (lib.splitString "." aRecordKey) 3;
in { name = hostOctet; value.PTR = [ (target + domainSuffix) ]; })
(lib.filter (e: lib.hasPrefix pvvv4Prefix e) (host.A or []))
) pvvHostRecords
)
);
in
{
name = hostOctet;
value.PTR = [ (target + domainSuffix) ];
}
) (lib.filter (e: lib.hasPrefix pvvv4Prefix e) (host.A or [ ]))
) pvvHostRecords
)
);
additionalReverseRecords = {
"129".PTR = [ "el-swd.nettel.ntnu.no." ]; # Gateway router/switch