Add pvv.org zone. Init basic reverse ipv4 support.

2025-03-08 23:56:12 +01:00
parent 7a1c12a0fb
commit e41a63d0fd
5 changed files with 104 additions and 40 deletions
--- a/pvv-subdomains.nix
+++ b/pvv-subdomains.nix
@@ -0,0 +1,42 @@
+# Generate forwards records from the ./hosts.nix file, intended to be used in the pvv.ntnu.no and pvv.org zones
+{ dns, lib, ... }:
+
+with dns.lib.combinators;
+let
+  hosts = import ./hosts.nix;
+
+  # Normal host forward records
+  hostRecords =
+    (lib.mapAttrs (
+      name: host:
+      lib.filterAttrs (_: value: !builtins.isNull value) {
+
+        A = if !builtins.hasAttr "ipv4" host then null
+            else if builtins.elem (builtins.typeOf host.ipv4) [ "list" "set" ] then host.ipv4
+            else [ host.ipv4 ];
+
+        AAAA = if !builtins.hasAttr "ipv6" host then null
+               else if builtins.elem (builtins.typeOf host.ipv6) [ "list" "set" ] then host.ipv6
+               else [ host.ipv6 ];
+      }
+    ) hosts);
+    # Above can be replaced using dns.nix helpers, without support for roundrobin, custom TTL, etc;
+    # (lib.mapAttrs (name: host: dns.lib.host (host.ipv4 or null) (host.ipv6 or null)) hosts)
+
+
+    # CNAMEs
+  aliasRecords = builtins.listToAttrs (
+      lib.concatLists (
+        lib.mapAttrsToList (
+          target: host:
+          if (!builtins.hasAttr "aliases" host) then [ ]
+          else
+            lib.map (source: {
+              name = source;
+              value.CNAME = [ target ];
+            }) host.aliases
+        ) hosts
+      ) );
+in
+  # TODO: Merge such that an error is raised if a label exists in more than one of these sets:
+  ( hostRecords // aliasRecords )
--- a/zoneConfig.nix
+++ b/zoneConfig.nix
@@ -12,9 +12,9 @@ let
      (name: path: writeText "${name}.zone" (dns.lib.toString name (import path { inherit dns lib; })))
      {
        "pvv.ntnu.no" = ./zones/pvv.ntnu.no.nix;
-        #"pvv.org" = ./zones/pvv.ntnu.no.nix;
-        #"reverse-ipv4" = /zones/reverse-ipv4.nix
-        #"reverse-ipv6" = /zones/reverse-ipv6.nix
+        "pvv.org" = ./zones/pvv.org.nix;
+        "reverse-ipv4" = ./zones/reverse-ipv4.nix;
+        #"reverse-ipv6" = ./zones/reverse-ipv6.nix;
      };
 in
 stdenvNoCC.mkDerivation {
--- a/zones/pvv.ntnu.no.nix
+++ b/zones/pvv.ntnu.no.nix
@@ -2,9 +2,11 @@

 with dns.lib.combinators;
 let
-  hosts = import ../hosts.nix;
+  pvvHostRecords = import ../pvv-subdomains.nix { inherit dns lib; };
 in
 {
+  useOrigin = true; # Don't output fully qualified names
+
  SOA = {
    nameServer = "dvask.pvv.ntnu.no";
    adminEmail = "drift@pvv.ntnu.no";
@@ -18,42 +20,8 @@ in
  CNAME = [ "www.pvv.ntnu.no" ];

  subdomains =
-    # Normal host forward records
-    (lib.mapAttrs (
-      name: host:
-      lib.filterAttrs (_: value: !builtins.isNull value) {
-
-        A = if !builtins.hasAttr "ipv4" host then null
-            else if builtins.elem (builtins.typeOf host.ipv4) [ "list" "set" ] then host.ipv4
-            else [ host.ipv4 ];
-
-        AAAA = if !builtins.hasAttr "ipv6" host then null
-               else if builtins.elem (builtins.typeOf host.ipv6) [ "list" "set" ] then host.ipv6
-               else [ host.ipv6 ];
-      }
-    ) hosts)
-
-    # Above can be replaced using dns.nix helpers, without support for roundrobin, custom TTL, etc;
-    # (lib.mapAttrs (name: host: dns.lib.host (host.ipv4 or null) (host.ipv6 or null)) hosts)
-
-
-    # CNAMEs
-    // builtins.listToAttrs (
-      lib.concatLists (
-        lib.mapAttrsToList (
-          target: host:
-          if (!builtins.hasAttr "aliases" host) then [ ]
-          else
-            lib.map (source: {
-              name = source;
-              value.CNAME = [ target ];
-            }) host.aliases
-        ) hosts
-      )
-      )
-
-    # Custom DNS subdomains
-    // {
+    pvvHostRecords
+    // { # Override with custom / additional subdomains
      "_dmarc".TXT = [ "v=DMARC1; p=quarantine; fo=1;" ]; # TODO: Better example, as dns.nix has the DMARC type
    };
 }
--- a/zones/pvv.org.nix
+++ b/zones/pvv.org.nix
@@ -0,0 +1,27 @@
+{ dns, lib, ... }:
+
+with dns.lib.combinators;
+let
+  pvvHostRecords = import ../pvv-subdomains.nix { inherit dns lib; };
+in
+{
+  useOrigin = true; # Don't output fully qualified names
+
+  SOA = {
+    nameServer = "dvask.pvv.ntnu.no";
+    adminEmail = "drift@pvv.ntnu.no";
+    serial = 2025021701; # TODO: Automate
+  };
+  NS = [
+    "dvask.pvv.ntnu.no"
+    "nn.unintett.no"
+  ];
+
+  CNAME = [ "www.pvv.org" ];
+
+  subdomains =
+    pvvHostRecords
+    // { # Override with custom / additional subdomains
+
+    };
+}
--- a/zones/reverse-ipv4.nix
+++ b/zones/reverse-ipv4.nix
@@ -0,0 +1,27 @@
+{ dns, lib, ... }:
+
+with dns.lib.combinators;
+let
+  hosts = import ../hosts.nix;
+  ptrdnameSuffix = ".pvv.ntnu.no.";
+in
+{
+  useOrigin = true; # Don't output fully qualified names
+
+  SOA = {
+    nameServer = "dvask.pvv.ntnu.no";
+    adminEmail = "drift@pvv.ntnu.no";
+    serial = 2025021701; # TODO: Automate
+  };
+  NS = [
+    "dvask.pvv.ntnu.no"
+    "nn.unintett.no"
+  ];
+
+  subdomains = let
+    ptr = ptrdname: { PTR = [ ptrdname ]; };
+    pvvptr = ptrdname: ptr (ptrdname + ptrdnameSuffix);
+  in {
+    "129" = ptr "el-swd.nettel.ntnu.no."; # Gateway router/switch
+  };
+}