v/infrastructure
1
0
Fork 0
Code Issues 13 Pull requests 1 Actions Packages Projects Releases Activity

make dns multi-location aware
All checks were successful
continuous-integration/drone/pr Build is passing
Details
continuous-integration/drone/push Build is passing
Details

Browse source
This commit is contained in:
Vivian 2022-07-30 23:17:06 +02:00
parent 378e3831e4
commit 1e3192f865
2 changed files with 14 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
flake.nix
View file

@ -95,6 +95,7 @@
# This only support bash so just execute zsh in bash as a workaround :/
shellHook = "zsh; exit $?";
buildInputs = with pkgs; [
colmena.packages.x86_64-linux.colmena
fluxcd
k9s
kubectl
@ -103,8 +104,8 @@
nixfmt
nixUnstable
vault
(vault-push-approle-envs self)
(vault-push-approle-approles self)
# (vault-push-approle-envs self)
# (vault-push-approle-approles self)
];
};
};

21
nixos/hosts/olympus/dns/configuration.nix
View file

@ -1,15 +1,15 @@
{ config, pkgs, hosts, ... }:
{ config, pkgs, hosts, flat_hosts, ... }:
let
inherit (builtins) filter hasAttr;
localdomain = "olympus";
# TODO: use location attr in hosts
hosts' = hosts.${localdomain};
inherit (builtins) filter hasAttr attrNames;
hosts' = flat_hosts;
domains = attrNames hosts;
ipv6Hosts = filter (hasAttr "ip6") hosts';
localData = { hostname, ip, ... }: ''"${hostname}.${localdomain}. A ${ip}"'';
local6Data = { hostname, ip6, ... }: ''"${hostname}.${localdomain}. AAAA ${ip6}"'';
ptrData = { hostname, ip, ... }: ''"${ip} ${hostname}.${localdomain}"'';
ptr6Data = { hostname, ip6, ... }: ''"${ip6} ${hostname}.${localdomain}"'';
localData = { hostname, location, ip, ... }: ''"${hostname}.${location}. A ${ip}"'';
local6Data = { hostname, location, ip6, ... }: ''"${hostname}.${location}. AAAA ${ip6}"'';
ptrData = { hostname, location, ip, ... }: ''"${ip} ${hostname}.${location}"'';
ptr6Data = { hostname, location, ip6, ... }: ''"${ip6} ${hostname}.${location}"'';
in {
imports = [ ];
@ -37,7 +37,7 @@ in {
interface-automatic = "yes";
interface = [ "0.0.0.0" "::0" ];
local-zone = ''"${localdomain}." transparent'';
local-zone = map (localdomain: ''"${localdomain}}." transparent'') domains;
local-data = (map localData hosts') ++ (map local6Data ipv6Hosts);
local-data-ptr = (map ptrData hosts') ++ (map ptr6Data ipv6Hosts);
@ -46,6 +46,7 @@ in {
"::1 allow_snoop"
"10.42.0.0/16 allow"
"127.0.0.0/8 allow"
"192.168.0.0/23 allow"
"192.168.2.0/24 allow"
"::1/128 allow"
];