make dns multi-location aware
This commit is contained in:
parent
378e3831e4
commit
1e3192f865
|
@ -95,6 +95,7 @@
|
||||||
# This only support bash so just execute zsh in bash as a workaround :/
|
# This only support bash so just execute zsh in bash as a workaround :/
|
||||||
shellHook = "zsh; exit $?";
|
shellHook = "zsh; exit $?";
|
||||||
buildInputs = with pkgs; [
|
buildInputs = with pkgs; [
|
||||||
|
colmena.packages.x86_64-linux.colmena
|
||||||
fluxcd
|
fluxcd
|
||||||
k9s
|
k9s
|
||||||
kubectl
|
kubectl
|
||||||
|
@ -103,8 +104,8 @@
|
||||||
nixfmt
|
nixfmt
|
||||||
nixUnstable
|
nixUnstable
|
||||||
vault
|
vault
|
||||||
(vault-push-approle-envs self)
|
# (vault-push-approle-envs self)
|
||||||
(vault-push-approle-approles self)
|
# (vault-push-approle-approles self)
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,15 +1,15 @@
|
||||||
{ config, pkgs, hosts, ... }:
|
{ config, pkgs, hosts, flat_hosts, ... }:
|
||||||
let
|
let
|
||||||
inherit (builtins) filter hasAttr;
|
inherit (builtins) filter hasAttr attrNames;
|
||||||
localdomain = "olympus";
|
hosts' = flat_hosts;
|
||||||
# TODO: use location attr in hosts
|
domains = attrNames hosts;
|
||||||
hosts' = hosts.${localdomain};
|
|
||||||
ipv6Hosts = filter (hasAttr "ip6") hosts';
|
ipv6Hosts = filter (hasAttr "ip6") hosts';
|
||||||
|
|
||||||
localData = { hostname, ip, ... }: ''"${hostname}.${localdomain}. A ${ip}"'';
|
localData = { hostname, location, ip, ... }: ''"${hostname}.${location}. A ${ip}"'';
|
||||||
local6Data = { hostname, ip6, ... }: ''"${hostname}.${localdomain}. AAAA ${ip6}"'';
|
local6Data = { hostname, location, ip6, ... }: ''"${hostname}.${location}. AAAA ${ip6}"'';
|
||||||
ptrData = { hostname, ip, ... }: ''"${ip} ${hostname}.${localdomain}"'';
|
ptrData = { hostname, location, ip, ... }: ''"${ip} ${hostname}.${location}"'';
|
||||||
ptr6Data = { hostname, ip6, ... }: ''"${ip6} ${hostname}.${localdomain}"'';
|
ptr6Data = { hostname, location, ip6, ... }: ''"${ip6} ${hostname}.${location}"'';
|
||||||
in {
|
in {
|
||||||
imports = [ ];
|
imports = [ ];
|
||||||
|
|
||||||
|
@ -37,7 +37,7 @@ in {
|
||||||
interface-automatic = "yes";
|
interface-automatic = "yes";
|
||||||
interface = [ "0.0.0.0" "::0" ];
|
interface = [ "0.0.0.0" "::0" ];
|
||||||
|
|
||||||
local-zone = ''"${localdomain}." transparent'';
|
local-zone = map (localdomain: ''"${localdomain}}." transparent'') domains;
|
||||||
local-data = (map localData hosts') ++ (map local6Data ipv6Hosts);
|
local-data = (map localData hosts') ++ (map local6Data ipv6Hosts);
|
||||||
local-data-ptr = (map ptrData hosts') ++ (map ptr6Data ipv6Hosts);
|
local-data-ptr = (map ptrData hosts') ++ (map ptr6Data ipv6Hosts);
|
||||||
|
|
||||||
|
@ -46,6 +46,7 @@ in {
|
||||||
"::1 allow_snoop"
|
"::1 allow_snoop"
|
||||||
"10.42.0.0/16 allow"
|
"10.42.0.0/16 allow"
|
||||||
"127.0.0.0/8 allow"
|
"127.0.0.0/8 allow"
|
||||||
|
"192.168.0.0/23 allow"
|
||||||
"192.168.2.0/24 allow"
|
"192.168.2.0/24 allow"
|
||||||
"::1/128 allow"
|
"::1/128 allow"
|
||||||
];
|
];
|
||||||
|
|
Loading…
Reference in a new issue