refactor(dnsmasq): system host info

2026-02-09 12:29:19 -08:00 · 2024-03-28 13:07:26 -07:00 · 2024-03-28 13:07:26 -07:00 · 6c88d99ae6
commit 6c88d99ae6
parent 86ac38cf2c
30 changed files with 841 additions and 288 deletions
--- a/nixos/avahi.nix
+++ b/nixos/avahi.nix
@ -11,6 +11,8 @@ in {
  services.avahi = {
    enable = mkDefault true;
    ipv6 = mkDefault config.networking.enableIPv6;
+    nssmdns4 = mkIf (!config.services.resolved.enable) (mkDefault true);
+    nssmdns6 = mkIf (!config.services.resolved.enable) (mkDefault true);
    publish = {
      enable = mkDefault true;
      domain = mkDefault true;
--- a/nixos/dnsmasq.nix
+++ b/nixos/dnsmasq.nix
@ -12,18 +12,22 @@
  inherit (lib.strings) hasPrefix replaceStrings concatStringsSep;
  inherit (lib.trivial) mapNullable;
  cfg = config.services.dnsmasq;
-  mkHostRecordPairs = systemName: system: [
-    (mkHostRecordPair "int" systemName system)
-    (mkHostRecordPair "local" systemName system)
-    #(mkHostRecordPair "tail" systemName system)
+  inherit (inputs.self.lib) systems;
+  reisenSystems = filterAttrs (_: system:
+    system.config.proxmox.enabled && system.config.proxmox.node.name == "reisen"
+  ) systems;
+  mkHostRecordPairs = _: system: [
+    (mkHostRecordPair "int" system)
+    (mkHostRecordPair "local" system)
+    (mkHostRecordPair "tail" system)
  ];
  mapDynamic4 = replaceStrings [ "10.1.1." ] [ "0.0.0." ];
  mapDynamic6 = replaceStrings [ "fd0a::" ] [ "2001::" ];
-  mkDynamicHostRecord = systemName: system: let
-    address4 = system.network.local.address4 or null;
-    address6 = system.network.local.address6 or null;
+  mkDynamicHostRecord = _: system: let
+    address4 = system.config.network.networks.local.address4 or null;
+    address6 = system.config.network.networks.local.address6 or null;
  in concatStringsSep "," ([
-    "${systemName}.${config.networking.domain}"
+    system.config.access.fqdn
  ] ++ lib.optional (address4 != null)
    (toString (mapNullable mapDynamic4 address4))
  ++ lib.optional (address6 != null)
@ -31,11 +35,11 @@
  ++ lib.singleton
    cfg.dynamic.interface
  );
-  mkHostRecordPair = network: systemName: system: let
-    address4 = system.network.${network}.address4 or null;
-    address6 = system.network.${network}.address6 or null;
+  mkHostRecordPair = network: system: let
+    address4 = system.config.network.networks.${network}.address4 or null;
+    address6 = system.config.network.networks.${network}.address6 or null;
  in nameValuePair
-    "${systemName}.${network}.${config.networking.domain}"
+    system.config.network.networks.${network}.fqdn or "${network}.${system.config.access.fqdn}"
    (concatStringsSep "," (
    lib.optional (address4 != null)
      (toString address4)
@ -43,7 +47,7 @@
      (toString address6)
    ));
  systemHosts = filterAttrs (_: value: value != "") (
-    listToAttrs (concatLists (mapAttrsToList mkHostRecordPairs generate.reisen.systems))
+    listToAttrs (concatLists (mapAttrsToList mkHostRecordPairs systems))
  );
  mkHostRecord = name: record: "${name},${record}";
  filterns = ns: !hasPrefix "127.0.0" ns || ns == "::1";
@ -66,7 +70,7 @@ in {
      resolveLocalQueries = mkForce false;
      settings = {
        host-record = mapAttrsToList mkHostRecord systemHosts;
-        dynamic-host = mapAttrsToList mkDynamicHostRecord generate.reisen.systems;
+        dynamic-host = mapAttrsToList mkDynamicHostRecord reisenSystems;
        server =
          if config.networking.nameservers' != [ ] then map (ns: ns.address) (filter filterns' config.networking.nameservers')
          else filter filterns config.networking.nameservers
--- a/nixos/ipa.nix
+++ b/nixos/ipa.nix
@ -1,6 +1,6 @@
 { inputs, pkgs, config, lib, ... }: let
  inherit (inputs.self.lib.lib) mkBaseDn;
-  inherit (lib.modules) mkIf mkBefore mkDefault mkOptionDefault;
+  inherit (lib.modules) mkIf mkDefault mkOptionDefault;
  inherit (lib.strings) toUpper;
  inherit (config.networking) domain;
  cfg = config.security.ipa;
@ -47,9 +47,6 @@ in {
      ] ++ config.users.groups.wheel.members;
      dyndns.enable = mkDefault false;
    };
-    networking.hosts = mkIf cfg.enable {
-      "10.1.1.46" = mkBefore [ "idp.${domain}" ];
-    };
    sops.secrets = {
      krb5-keytab = mkIf cfg.enable {
        mode = "0400";
--- a/nixos/reisen-ct/network.nix
+++ b/nixos/reisen-ct/network.nix
@ -1,13 +1,13 @@
 {
  lib,
  config,
-  inputs,
  options,
  meta,
  access,
  ...
 }: let
-  inherit (lib.modules) mkIf mkBefore;
+  inherit (lib.modules) mkIf mkBefore mkOrder;
+  enableDns = !config.services.dnsmasq.enable && config.networking.hostName != "utsuho" && config.networking.hostName != "ct";
 in {
  imports = let
    inherit (meta) nixos;
@ -15,7 +15,7 @@ in {
    nixos.avahi
  ];

-  services.resolved.enable = true;
+  #services.resolved.enable = mkIf enableDns false;
  systemd.services.avahi-daemon = mkIf (options ? proxmoxLXC && config.services.avahi.enable) {
    serviceConfig.ExecStartPre = mkIf config.services.resolved.enable [
      "+-${config.systemd.package}/bin/resolvectl mdns eth0 yes"
@ -26,9 +26,16 @@ in {
    linkConfig.Multicast = true;
    networkConfig.MulticastDNS = true;
  };
-  networking.nameservers' = mkIf (!config.services.dnsmasq.enable && config.networking.hostName != "utsuho" && config.networking.hostName != "ct") (mkBefore [
+  networking.nameservers' = mkIf enableDns (mkBefore [
    { address = access.getAddressFor "utsuho" "lan"; }
  ]);
+  # prioritize our resolver over systemd-resolved!
+  system.nssDatabases.hosts = let
+    avahiResolverEnabled = config.services.avahi.enable && (config.services.avahi.nssmdns4 || config.services.avahi.nssmdns4);
+  in mkIf (enableDns && (config.services.resolved.enable || avahiResolverEnabled)) (mkOrder 499 ["dns"]);
+  services.resolved.extraConfig = mkIf enableDns ''
+    DNSStubListener=no
+  '';

  boot.kernel.sysctl = {
    # not sure how to get it to overlap with subgid/idmap...