kat/nixfiles
1
0
Fork 0
mirror of https://github.com/kittywitch/nixfiles.git synced 2026-02-10 04:49:19 -08:00
Code Issues Projects Releases Packages Wiki Activity

fix(network): solve DNS root issues

Browse source
This commit is contained in:
Kat Inskip 2022-09-25 20:18:43 -07:00
parent 595a0983cb
commit 4b2ffe160d
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
4 changed files with 36 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

30
nixos/network.nix
View file

@ -231,9 +231,13 @@
network = if settings.host != config.networking.hostName then network = if settings.host != config.networking.hostName then
meta.network.nodes.nixos.${settings.host}.networks.${settings.network} meta.network.nodes.nixos.${settings.host}.networks.${settings.network}
else sane_networks.${settings.network}; else sane_networks.${settings.network};
in nameValuePair "${settings.network}-${if settings.type == "both" || settings.type == family then family else settings.type}-${if settings.domain == null then "root" else settings.domain}-${settings.zone}" ({ in nameValuePair "${settings.network}-${if settings.type == "both" || settings.type == family then family else settings.type}-${if settings.domain == "@" then "root" else settings.domain}-${settings.zone}" ({
inherit (settings) domain zone; inherit (settings) zone;
enable = mkDefault false; enable = mkDefault false;
} // optionalAttrs (settings.domain != null && settings.domain != "" && settings.domain != "@") {
inherit (settings) domain;
} // optionalAttrs (settings.domain == null || settings.domain == "" || settings.domain == "@") {
enable = mkForce true;
} // (optionalAttrs (settings.type == "cname" && family == "ipv4") { } // (optionalAttrs (settings.type == "cname" && family == "ipv4") {
cname = { inherit (network) target; }; cname = { inherit (network) target; };
enable = mkForce true; enable = mkForce true;
@ -259,7 +263,7 @@
isRoot = (length split_domain) <= 2; isRoot = (length split_domain) <= 2;
in nameValuePair "${network}-cname-${if isRoot then "root" else elemAt split_domain ((length split_domain) - 2)}-${concatStringsSep "." (sublist (length split_domain - 2) (length split_domain) split_domain)}." { in nameValuePair "${network}-cname-${if isRoot then "root" else elemAt split_domain ((length split_domain) - 2)}-${concatStringsSep "." (sublist (length split_domain - 2) (length split_domain) split_domain)}." {
zone = if isRoot then "${domain}." else "${concatStringsSep "." (sublist ((length split_domain) - 2) (length split_domain) split_domain)}."; zone = if isRoot then "${domain}." else "${concatStringsSep "." (sublist ((length split_domain) - 2) (length split_domain) split_domain)}.";
enable = true; enable = !isRoot;
domain = if isRoot then "@" domain = if isRoot then "@"
else elemAt split_domain (length split_domain - 2); else elemAt split_domain (length split_domain - 2);
cname = { inherit (settings) target; }; cname = { inherit (settings) target; };
@ -267,7 +271,7 @@
# Merge the result of a map upon address_families to mapAttrs' # Merge the result of a map upon address_families to mapAttrs'
networks'' = map (family: mapAttrs' (network: settings: networks'' = map (family: mapAttrs' (network: settings:
nameValuePair "${network}-${family}-${settings.domain}-${settings.zone}" ({ nameValuePair "${network}-${family}-${settings.domain}-${settings.zone}" ({
inherit (settings) domain zone; inherit (settings) zone;
} // (if family == "ipv6" then { } // (if family == "ipv6" then {
aaaa.address = settings.ipv6; aaaa.address = settings.ipv6;
enable = mkForce settings.ipv6_defined; enable = mkForce settings.ipv6_defined;
@ -275,7 +279,10 @@
enable = mkForce settings.ipv4_defined; enable = mkForce settings.ipv4_defined;
a.address = settings.ipv4; a.address = settings.ipv4;
}) })
)) networks') address_families; ) // optionalAttrs (settings.domain != "@" && settings.domain != "" && settings.domain != null) {
inherit (settings) domain;
} // optionalAttrs (settings.domain == "@" || settings.domain == "" || settings.domain == null) {
}) networks') address_families;
in mkMerge (networks'' ++ domains' ++ [ extraDomains ]); in mkMerge (networks'' ++ domains' ++ [ extraDomains ]);
acme = let acme = let
@ -367,17 +374,18 @@
in networks // networks' // domains // domains'; in networks // networks' // domains // domains';
services.nginx.virtualHosts = let services.nginx.virtualHosts = let
networkVirtualHosts = concatLists (mapAttrsToList (network: settings: map(domain: nameValuePair domain { networkVirtualHosts = concatLists (mapAttrsToList (network: settings: map(domain: nameValuePair (if domain != "@" then domain else "root") {
forceSSL = true; forceSSL = true;
sslCertificate = config.secrets.files."${removeSuffix "." settings.target}-cert".path; sslCertificate = config.secrets.files."${removeSuffix "." settings.target}-cert".path;
sslCertificateKey = config.secrets.files."${removeSuffix "." settings.target}-key".path; sslCertificateKey = config.secrets.files."${removeSuffix "." settings.target}-key".path;
}) ([ settings.target ] ++ settings.extra_domains)) sane_networks); }) ([ settings.target ] ++ settings.extra_domains)) sane_networks);
domainVirtualHosts = (attrValues (mapAttrs (network: settings: removeSuffix "." settings.target) config.domains)); domainVirtualHosts = (attrValues (mapAttrs (network: settings: removeSuffix "." settings.target) (filterAttrs (network: settings: settings.create_cert) config.domains)));
domainVirtualHosts' = (map (hostname: domainVirtualHosts' = (map (hostname2: let
nameValuePair hostname { hostname = if hasPrefix "@" hostname2 then "root" else hostname2;
in nameValuePair hostname {
forceSSL = true; forceSSL = true;
sslCertificate = config.secrets.files."${hostname}-cert".path; sslCertificate = mkDefault config.secrets.files."${hostname}-cert".path;
sslCertificateKey = config.secrets.files."${hostname}-key".path; sslCertificateKey = mkDefault config.secrets.files."${hostname}-key".path;
}) domainVirtualHosts); }) domainVirtualHosts);
in listToAttrs (networkVirtualHosts ++ (lib.optionals config.services.nginx.enable domainVirtualHosts')); in listToAttrs (networkVirtualHosts ++ (lib.optionals config.services.nginx.enable domainVirtualHosts'));

10
nixos/systems/daiyousei.nix
View file

@ -43,5 +43,15 @@
]; ];
}; };
domains = {
kittywitch-root = {
network = "internet";
type = "both";
domain = "@";
zone = "kittywit.ch.";
create_cert = false;
};
};
system.stateVersion = "21.11"; system.stateVersion = "21.11";
} }

9
services/access.nix
View file

@ -1,7 +1,4 @@
{ config, lib, meta, pkgs, ... }: with lib; { { config, lib, meta, pkgs, ... }: with lib; {
networks.internet.extra_domains = [
"gensokyo.zone"
];
domains = { domains = {
kittywitch-plex = { kittywitch-plex = {
@ -43,6 +40,12 @@
domain = "z2m"; domain = "z2m";
zone = "gensokyo.zone."; zone = "gensokyo.zone.";
}; };
gensokyo-root = {
network = "internet";
type = "both";
domain = "@";
zone = "gensokyo.zone.";
};
}; };
services.nginx.virtualHosts = mkMerge [ services.nginx.virtualHosts = mkMerge [

2
tf

@ -1 +1 @@
Subproject commit 6a4d5a1c8ff9ba3a89be70f4a45131c495999038 Subproject commit ea25bd488426f965bf39ad0a9cf01e84024d4554