diff --git a/flake.lock b/flake.lock index 32fe23c..41f1eee 100644 --- a/flake.lock +++ b/flake.lock @@ -59,27 +59,6 @@ "type": "github" } }, - "dns": { - "inputs": { - "flake-utils": "flake-utils", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1768143854, - "narHash": "sha256-E5/kyPz4zAZn/lZdvqlF83jMgCWNxmqYjjWuadngCbk=", - "owner": "kirelagin", - "repo": "dns.nix", - "rev": "a97cf4156e9f044fe4bed5be531061000dfabb07", - "type": "github" - }, - "original": { - "owner": "kirelagin", - "repo": "dns.nix", - "type": "github" - } - }, "firefox-addons": { "inputs": { "nixpkgs": [ @@ -157,21 +136,6 @@ "type": "github" } }, - "flake-utils": { - "locked": { - "lastModified": 1614513358, - "narHash": "sha256-LakhOx3S1dRjnh0b5Dg3mbZyH0ToC9I8Y2wKSkBaTzU=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "5466c5bbece17adaab2d82fae80b46e807611bf3", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -349,7 +313,6 @@ "betterfox": "betterfox", "comin": "comin", "disko": "disko", - "dns": "dns", "firefox-addons": "firefox-addons", "flake-parts": "flake-parts", "home-manager": "home-manager", diff --git a/flake.nix b/flake.nix index 91d7d1b..6706269 100644 --- a/flake.nix +++ b/flake.nix @@ -57,11 +57,6 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - dns = { - url = "github:kirelagin/dns.nix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - radicale-birthday-calendar = { url = "github:iBigQ/radicale-birthday-calendar"; flake = false; diff --git a/hosts/vps-ns/default.nix b/hosts/vps-ns/default.nix index 98fdcce..4f40467 100644 --- a/hosts/vps-ns/default.nix +++ b/hosts/vps-ns/default.nix @@ -20,15 +20,6 @@ }; }; - services.nameservers = { - overlay.enable = true; - public = { - enable = true; - zones = [ - "sprouted.cloud" - "sstork.dev" - ]; - }; - }; + services.nameservers.overlay.enable = true; }; } diff --git a/hosts/vps-public/default.nix b/hosts/vps-public/default.nix index 4991e42..2a4e171 100644 --- a/hosts/vps-public/default.nix +++ b/hosts/vps-public/default.nix @@ -21,14 +21,6 @@ }; }; - services.nameservers.public = { - enable = true; - zones = [ - "sprouted.cloud" - "sstork.dev" - ]; - }; - web-services = let sstorkDomain = "sstork.dev"; diff --git a/modules/nixos/services/nameservers/overlay.nix b/modules/nixos/services/nameservers/overlay.nix index 54e9f32..523f7c7 100644 --- a/modules/nixos/services/nameservers/overlay.nix +++ b/modules/nixos/services/nameservers/overlay.nix @@ -1,6 +1,5 @@ { config, - inputs, self, lib, allHosts, @@ -9,63 +8,37 @@ let cfg = config.custom.services.nameservers.overlay; netCfg = config.custom.networking; - - zoneData = inputs.dns.lib.toString netCfg.overlay.domain { - SOA = { - nameServer = "${netCfg.overlay.fqdn}."; - adminEmail = "hostmaster@sstork.dev"; - serial = 1; - }; - - NS = - allHosts - |> lib.attrValues - |> lib.filter (host: host.config.custom.services.nameservers.overlay.enable) - |> lib.map (host: "${host.config.custom.networking.overlay.fqdn}."); - - subdomains = - let - mkSubdomain = - { name, address }: - { - inherit name; - value.A = [ address ]; - }; - - nodeRecords = - netCfg.nodes - |> lib.map (node: { - name = node.hostName; - inherit (node.overlay) address; - }); - - serviceRecords = - allHosts - |> lib.attrValues - |> lib.concatMap ( - host: - host.config.custom.services.caddy.virtualHosts - |> lib.attrValues - |> lib.map (vHost: vHost.domain) - |> lib.filter (domain: self.lib.isPrivateDomain domain) - |> lib.map (domain: { - name = domain |> lib.removeSuffix ".${netCfg.overlay.domain}"; - inherit (host.config.custom.networking.overlay) address; - }) - ); - in - (nodeRecords ++ serviceRecords) |> lib.map mkSubdomain |> lib.listToAttrs; - }; in { options.custom.services.nameservers.overlay.enable = lib.mkEnableOption ""; config = lib.mkIf cfg.enable { services = { - nsd = { + unbound = { enable = true; - interfaces = [ netCfg.overlay.interface ]; - zones.${netCfg.overlay.domain}.data = zoneData; + + settings.server = { + interface = [ netCfg.overlay.interface ]; + access-control = [ "${toString netCfg.overlay.networkCidr} allow" ]; + + local-zone = "\"${netCfg.overlay.domain}.\" static"; + local-data = + let + nodeRecords = netCfg.nodes |> lib.map (node: "\"${node.overlay.fqdn}. A ${node.overlay.address}\""); + serviceRecords = + allHosts + |> lib.attrValues + |> lib.concatMap ( + host: + host.config.custom.services.caddy.virtualHosts + |> lib.attrValues + |> lib.map (vHost: vHost.domain) + |> lib.filter (domain: self.lib.isPrivateDomain domain) + |> lib.map (domain: "\"${domain}. A ${host.config.custom.networking.overlay.address}\"") + ); + in + nodeRecords ++ serviceRecords; + }; }; nebula.networks.mesh.firewall.inbound = lib.singleton { @@ -75,7 +48,7 @@ in }; }; - systemd.services.nsd = { + systemd.services.unbound = { requires = [ netCfg.overlay.systemdUnit ]; after = [ netCfg.overlay.systemdUnit ]; }; diff --git a/modules/nixos/services/nameservers/public.nix b/modules/nixos/services/nameservers/public.nix deleted file mode 100644 index 0841d75..0000000 --- a/modules/nixos/services/nameservers/public.nix +++ /dev/null @@ -1,88 +0,0 @@ -{ - config, - inputs, - lib, - allHosts, - ... -}: -let - cfg = config.custom.services.nameservers.public; - netCfg = config.custom.networking; - - zoneData = - zone: - let - mkSubdomain = - { name, address }: - { - inherit name; - value.A = [ address ]; - }; - - serviceRecords = - allHosts - |> lib.attrValues - |> lib.concatMap ( - host: - host.config.custom.services.caddy.virtualHosts - |> lib.attrValues - |> lib.map (vHost: vHost.domain) - |> lib.filter (domain: domain |> lib.hasSuffix "${zone}") - |> lib.map (domain: domain |> lib.removeSuffix ".${zone}" |> lib.removeSuffix "${zone}") # In case the domain is the root domain - |> lib.map (name: { - inherit name; - inherit (host.config.custom.networking.underlay) address; - }) - ); - - nsRecords = - allHosts - |> lib.attrValues - |> lib.filter (host: host.config.custom.services.nameservers.public.enable) - |> lib.map (host: { - name = host.config.custom.networking.hostName; - inherit (host.config.custom.networking.underlay) address; - }); - in - inputs.dns.lib.toString zone { - SOA = { - nameServer = "${netCfg.hostName}.${zone}."; - adminEmail = "hostmaster@sstork.dev"; - serial = 1; - }; - - NS = nsRecords |> lib.map ({ name, ... }: "${name}.${zone}."); - - A = serviceRecords |> lib.filter ({ name, ... }: name == "") |> lib.map (record: record.address); - - subdomains = - serviceRecords - |> lib.filter ({ name, ... }: name != "") - |> (subRecords: nsRecords ++ subRecords) - |> lib.map mkSubdomain - |> lib.listToAttrs; - }; -in -{ - options.custom.services.nameservers.public = { - enable = lib.mkEnableOption ""; - zones = lib.mkOption { - type = lib.types.nonEmptyListOf lib.types.nonEmptyStr; - default = [ ]; - }; - }; - - config = lib.mkIf cfg.enable { - services.nsd = { - enable = true; - interfaces = [ netCfg.underlay.interface ]; - zones = - cfg.zones - |> lib.map (zone: { - name = zone; - value.data = zoneData zone; - }) - |> lib.listToAttrs; - }; - }; -} diff --git a/tests/infrastructure/default.nix b/tests/infrastructure/default.nix index ee077bf..2110107 100644 --- a/tests/infrastructure/default.nix +++ b/tests/infrastructure/default.nix @@ -133,7 +133,7 @@ client1.wait_for_unit("${client1NetCfg.overlay.systemdUnit}") client2.wait_for_unit("${client2NetCfg.overlay.systemdUnit}") - lighthouse.wait_for_unit("nsd.service") + lighthouse.wait_for_unit("unbound.service") lighthouse.wait_for_open_port(53, "${lighthouseNetCfg.overlay.address}") server.wait_for_unit("sshd.service")