arch/infra
arch
/
infra
1
0
Fork 0
Code Actions Packages

Render and add NextDNS rewrites with Nix

This commit is contained in:
Gabriel Simmer 2024-04-20 19:37:05 +01:00
parent 2722326271
commit 78bc717e9e
Signed by: arch
SSH Key Fingerprint: SHA256:m3OEcdtrnBpMX+2BDGh/byv3hrCekCLzDYMdvGEKPPQ
3 changed files with 114 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
dns/dns.nix
View File

@ -17,6 +17,14 @@
data = ["2a01:4f8:c012:5ec6::"];
};
};
"docs" = {
a = {
data = ["100.116.48.47"];
};
aaaa = {
data = ["fd7a:115c:a1e0:ab12:4843:cd96:6274:302f"];
};
};
"cluster" = {
a = {
data = ["100.77.43.133" "100.121.5.8" "100.106.229.20"];
@ -29,6 +37,18 @@
];
};
};
"homelab" = {
a = {
data = ["192.168.50.146" "192.168.50.134" "192.168.50.144"];
};
aaaa = {
data = [
"2a02:1648:6709:0:da3a:ddff:fe18:f4ca"
"2a02:1648:6709:0:a5ab:461a:52b:f6c5"
"2a02:1648:6709:0:dea6:32ff:fea0:b84e"
];
};
};
"_acme-challenge.router" = {
txt = {
data = ["CJKnxKczldLEAy6zPkST0xeJ5Cy-xdT_ElzqMxhNh5E"];

52
dns/nextdns.nix Normal file
View File

@ -0,0 +1,52 @@
{lib, ...}: let
tailscale =
lib.lists.forEach [
"git"
"authentik"
"games"
"ibiza"
"matrix"
"photos"
"proxmox"
"pw"
"tokyo"
"nitter"
] (name: {
name = name + ".gmem.ca";
content = "cluster.gmem.ca";
});
home =
lib.lists.forEach [
"git"
"authentik"
"games"
"ibiza"
"matrix"
"photos"
"proxmox"
"pw"
"tokyo"
"nitter"
"atuin"
"dref"
"freshrss"
"hb"
"home"
"hue"
"netboot"
"pipedapi"
"piped"
"request-media"
"tools"
"ytproxy"
"changedetect"
] (name: {
name = name + ".gmem.ca";
content = "homelab.gmem.ca";
});
in {
data = {
"xxxxxx" = home;
"xxxxxx" = tailscale;
};
}

49
flake.nix
View File

@ -76,11 +76,6 @@
in {
devShells.x86_64-linux.default = with pkgs;
mkShell {
shellHook = ''
set -o allexport
source .env set
set +o allexport
'';
nativeBuildInputs = [
jq
opentofu
@ -109,6 +104,11 @@
};
};
packages.x86_64-linux = {
nextdns-rewrites = pkgs.writeText "$out" (
builtins.toJSON (
((pkgs.callPackage ./dns/nextdns.nix) {}).data
)
);
kubernetes =
(kubenix.evalModules.x86_64-linux {
module = {kubenix, ...}: {
@ -157,10 +157,42 @@
nixinate.nixinate.x86_64-linux self
// {
x86_64-linux = {
nextdns = {
type = "app";
program = toString (pkgs.writers.writePython3 "nextdns" {
libraries = [
pkgs.python3Packages.requests
];
flakeIgnore = [ "E501" ];
}
''
import json
import requests
import os
auth = os.getenv("NEXTDNS_API_KEY")
g
with open('${self.packages.x86_64-linux.nextdns-rewrites}', 'r') as file:
rewrites = json.load(file)
for profile in rewrites:
for rewrite in rewrites[profile]:
print(json.dumps(rewrite))
req = requests.post(
f'https://api.nextdns.io/profiles/{profile}/rewrites', data=json.dumps(rewrite),
headers={'X-Api-Key': auth, 'Content-Type': 'application/json'}
)
print(req.text)
'');
};
dns = {
type = "app";
program = toString (pkgs.writers.writeBash "diff" ''
${pkgs.octodns.withProviders (ps: [
set -o allexport
source .env.tf set
set +o allexport
${pkgs.octodns.withProviders (ps: [
pkgs.octodns-providers.bind
octodns-cloudflare
])}/bin/octodns-sync --config-file ${self.packages.x86_64-linux.dns}
@ -169,7 +201,10 @@
dns-do = {
type = "app";
program = toString (pkgs.writers.writeBash "diff" ''
${pkgs.octodns.withProviders (ps: [
set -o allexport
source .env.tf set
set +o allexport
${pkgs.octodns.withProviders (ps: [
pkgs.octodns-providers.bind
octodns-cloudflare
])}/bin/octodns-sync --config-file ${self.packages.x86_64-linux.dns} --doit