arch/infra
arch/infra
1
0
Fork 0
Code Actions Packages Activity

Experimental DNS with Nix+octodns
All checks were successful
Lint / lint (push) Successful in 20s
Details

Browse source
This commit is contained in:
Gabriel Simmer 2024-02-08 20:36:26 +00:00
parent 9439acf4d1
commit 4f05052bd5
Signed by: arch
SSH key fingerprint: SHA256:m3OEcdtrnBpMX+2BDGh/byv3hrCekCLzDYMdvGEKPPQ
3 changed files with 185 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

58
dns/dns.nix Normal file
View file

@ -0,0 +1,58 @@
{lib, ...}: {
defaultTTL = 86400;
zones = {
"gmem.ca" =
{
"test" = {
aaaa = {
ttl = 0;
data = ["100::"];
};
};
"cluster" = {
a = {
data = ["100.77.43.133" "100.121.5.8" "100.106.229.20"];
};
aaaa = {
data = [
"fd7a:115c:a1e0:ab12:4843:cd96:624d:2b85"
"fd7a:115c:a1e0:ab12:4843:cd96:626a:e514"
"fd7a:115c:a1e0::ad79:508"
];
};
};
}
// lib.attrsets.genAttrs [
# Internally hosted applications
"atuin"
"dref"
"freshrss"
"hb"
"home"
"hue"
"netboot"
"pipedapi"
"piped"
"request-media"
"tools"
"ytproxy"
] (name: {cname.data = "cluster";})
// lib.attrsets.genAttrs [
# Externally hosted applications with Tunnels
"git"
"authentik"
"games"
"ibiza"
"matrix"
"photos"
"proxmox"
"pw"
"tokyo"
] (name: {
cname = {
ttl = 0;
data = "b325b440-3d49-43e4-a028-be516e8f9bc3.cfargotunnel.com.";
};
});
};
}

40
flake.lock
View file

@ -127,6 +127,22 @@
}
},
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_4": {
"locked": {
"lastModified": 1688025799,
"narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=",
@ -428,6 +444,27 @@
"type": "github"
}
},
"nixos-dns": {
"inputs": {
"flake-compat": "flake-compat_3",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1702487346,
"narHash": "sha256-JmHXcmosac70d9LGYQ7/RNGru2idWC669StnFlxLpdU=",
"owner": "Janik-Haag",
"repo": "nixos-dns",
"rev": "9f311873475479497e33709be826dc47917d3ee3",
"type": "github"
},
"original": {
"owner": "Janik-Haag",
"repo": "nixos-dns",
"type": "github"
}
},
"nixos-generators": {
"inputs": {
"nixlib": "nixlib",
@ -498,7 +535,7 @@
},
"nixpkgs-wayland": {
"inputs": {
"flake-compat": "flake-compat_3",
"flake-compat": "flake-compat_4",
"lib-aggregate": "lib-aggregate",
"nix-eval-jobs": "nix-eval-jobs",
"nixpkgs": [
@ -666,6 +703,7 @@
"kde2nix": "kde2nix",
"kubenix": "kubenix",
"nixinate": "nixinate",
"nixos-dns": "nixos-dns",
"nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs_6",
"nixpkgs-wayland": "nixpkgs-wayland",

88
flake.nix
View file

@ -6,6 +6,8 @@
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
nixinate.url = "github:matthewcroughan/nixinate";
kde2nix.url = "github:nix-community/kde2nix";
nixos-dns.url = "github:Janik-Haag/nixos-dns";
nixos-dns.inputs.nixpkgs.follows = "nixpkgs";
nixpkgs-wayland = {
url = "github:nix-community/nixpkgs-wayland";
inputs.nixpkgs.follows = "nixpkgs";
@ -34,12 +36,43 @@
nixpkgs-wayland,
kubenix,
kde2nix,
nixos-dns,
} @ inputs: let
pkgs = nixpkgs.legacyPackages.x86_64-linux;
tf = terranix.lib.terranixConfiguration {
system = "x86_64-linux";
modules = [./terraform/main.nix];
};
dnsConfig = {
extraConfig = import ./dns/dns.nix;
};
generate = nixos-dns.utils.generate nixpkgs.legacyPackages.x86_64-linux;
octodns-cloudflare = pkgs.python311Packages.buildPythonPackage rec {
pname = "octodns-cloudflare";
version = "0.0.4";
src = pkgs.fetchFromGitHub {
owner = "gmemstr";
repo = pname;
rev = "processor";
sha256 = "sha256-fxJGozeSMXuF9o4JZtGLODE8Di6V4P21wKi7O0i9NDk=";
};
doCheck = false;
propagatedBuildInputs = with pkgs.python3Packages; [
pyyaml
certifi
charset-normalizer
dnspython
fqdn
idna
natsort
pkgs.octodns
requests
python-dateutil
six
urllib3
# Specify dependencies
];
};
in {
devShells.x86_64-linux.default = with pkgs;
mkShell {
@ -56,9 +89,15 @@
terraform-ls
kubernetes-helm
nil
(octodns.withProviders (ps: [
octodns-providers.bind
octodns-cloudflare
]))
];
buildInputs = [];
};
dnsDebugConfig = nixos-dns.utils.debug.config dnsConfig;
packages.aarch64-linux = {
raspberry-pi = nixos-generators.nixosGenerate {
system = "aarch64-linux";
@ -82,11 +121,60 @@
.config
.kubernetes
.result;
dns = generate.octodnsConfig {
inherit dnsConfig;
config = {
processors = {
ownership = {
class = "octodns.processor.ownership.OwnershipProcessor";
};
ttl-to-proxy = {
class = "octodns_cloudflare.processor.ttl.TtlToProxy";
ttl = 0;
};
};
providers = {
config = {
check_origin = false;
};
cloudflare = {
class = "octodns_cloudflare.CloudflareProvider";
token = "env/CLOUDFLARE_API_TOKEN";
min_ttl = 0;
};
};
};
zones = {
"gmem.ca." = {
processors = ["ownership" "ttl-to-proxy"];
sources = ["config"];
targets = ["cloudflare"];
};
};
};
};
apps =
nixinate.nixinate.x86_64-linux self
// {
x86_64-linux = {
dns = {
type = "app";
program = toString (pkgs.writers.writeBash "diff" ''
${pkgs.octodns.withProviders (ps: [
pkgs.octodns-providers.bind
octodns-cloudflare
])}/bin/octodns-sync --config-file ${self.packages.x86_64-linux.dns}
'');
};
dns-do = {
type = "app";
program = toString (pkgs.writers.writeBash "diff" ''
${pkgs.octodns.withProviders (ps: [
pkgs.octodns-providers.bind
octodns-cloudflare
])}/bin/octodns-sync --config-file ${self.packages.x86_64-linux.dns} --doit
'');
};
kube-apply = {
type = "app";
program = toString (pkgs.writers.writeBash "diff" ''