Fix octodns setup

2024-10-11 14:11:52 +02:00 · 2024-10-11 14:11:52 +02:00 · 404f6c8d3e
parent 78198f18b2
commit 404f6c8d3e
10 changed files with 238 additions and 178 deletions
--- a/dns/common.nix
+++ b/dns/common.nix
@ -69,7 +69,6 @@ let
 in
 # }}}
 {
-  satellite.dns.domain = "moonythm.dev";
  satellite.dns.records = lib.flatten [
    (ghPage "doffycup")
    (ghPage "erratic-gate")
--- a/dns/pkgs.nix
+++ b/dns/pkgs.nix
@ -1,37 +1,48 @@
-{ pkgs, self, ... }: rec {
+{ pkgs, self, ... }:
+rec {
  octodns-zones =
    let
-      nixosConfigModules = pkgs.lib.mapAttrsToList
-        (_: current: { satellite.dns = current.config.satellite.dns; })
-        self.nixosConfigurations;
+      nixosConfigModules = pkgs.lib.mapAttrsToList (
+        key: current:
+        # The iso image doesn't do any dns stuff
+        if key == "iso" then
+          { }
+        else
+          # Copy over all dns records
+          { satellite.dns = current.config.satellite.dns; }
+      ) self.nixosConfigurations;

      evaluated = pkgs.lib.evalModules {
-        specialArgs = { inherit pkgs; };
+        specialArgs = {
+          inherit pkgs;
+        };
        modules = [
          ../modules/nixos/dns.nix
          ../modules/common/octodns.nix
          ./common.nix
-        ]
-        ++ nixosConfigModules;
+        ] ++ nixosConfigModules;
      };
    in
    evaluated.config.satellite.dns.octodns;
-  octodns-sync =
-    pkgs.symlinkJoin {
-      name = "octodns-sync";
-      paths = [ self.packages.${pkgs.system}.octodns ];
-      buildInputs = [ pkgs.makeWrapper pkgs.yq ];
-      postBuild = ''
-        cat ${./octodns.yaml} | yq '.providers.zones.directory="${octodns-zones}"' > $out/config.yaml
-        wrapProgram $out/bin/octodns-sync \
-          --run 'export CLOUDFLARE_TOKEN=$( \
-              sops \
-                --decrypt \
-                --extract "[\"cloudflare_dns_api_token\"]" \
-                ./hosts/nixos/common/secrets.yaml \
-            )' \
-          --add-flags "--config-file $out/config.yaml"
-      '';
-    };
-}

+  octodns-sync = pkgs.symlinkJoin {
+    name = "octodns-sync";
+    paths = [ self.packages.${pkgs.system}.octodns ];
+    buildInputs = [
+      pkgs.makeWrapper
+      pkgs.yq
+    ];
+
+    postBuild = ''
+      cat ${./octodns.yaml} | yq '.providers.zones.directory="${octodns-zones}"' > $out/config.yaml
+      wrapProgram $out/bin/octodns-sync \
+        --run 'export CLOUDFLARE_TOKEN=$( \
+            sops \
+              --decrypt \
+              --extract "[\"cloudflare_dns_api_token\"]" \
+              ./hosts/nixos/common/secrets.yaml \
+          )' \
+        --add-flags "--config-file $out/config.yaml"
+    '';
+  };
+}
--- a/flake.lock
+++ b/flake.lock
@ -1475,11 +1475,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1724819573,
-        "narHash": "sha256-GnR7/ibgIH1vhoy8cYdmXE6iyZqKqFxQSVkFgosBh6w=",
+        "lastModified": 1728492678,
+        "narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "71e91c409d1e654808b2621f28a327acfdad8dc2",
+        "rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7",
        "type": "github"
      },
      "original": {
@ -1632,11 +1632,11 @@
    },
    "nixpkgs_7": {
      "locked": {
-        "lastModified": 1720691131,
-        "narHash": "sha256-CWT+KN8aTPyMIx8P303gsVxUnkinIz0a/Cmasz1jyIM=",
+        "lastModified": 1728500571,
+        "narHash": "sha256-dOymOQ3AfNI4Z337yEwHGohrVQb4yPODCW9MDUyAc4w=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "a046c1202e11b62cbede5385ba64908feb7bfac4",
+        "rev": "d51c28603def282a24fa034bcb007e2bcb5b5dd0",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -104,7 +104,7 @@
        in
        myPkgs
        // {
-          octodns = upkgs.octodns.withProviders (ps: [ myPkgs.octodns-cloudflare ]);
+          octodns = myPkgs.octodns.withProviders (ps: [ myPkgs.octodns-cloudflare ]);
        }
        // (import ./dns/pkgs.nix) { inherit pkgs self system; }
      );
--- a/modules/common/octodns.nix
+++ b/modules/common/octodns.nix
@ -1,4 +1,9 @@
-{ config, pkgs, lib, ... }:
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
 let
  format = pkgs.formats.yaml { };
  cfg = config.satellite.dns;
@ -12,32 +17,29 @@ in
  config.satellite.dns.octodns =
    let
      grouped = builtins.groupBy (entry: entry.zone) cfg.records;
-      cpLines = lib.mapAttrsToList
-        (zone: group:
-          let
-            grouped = builtins.groupBy (entry: entry.at) group;
-            contents = lib.mapAttrs
-              (at: entries: lib.lists.forEach entries
-                (entry:
-                  let
-                    content =
-                      if builtins.typeOf entry.value == "list"
-                      then { values = entry.value; }
-                      else { inherit (entry) value; };
-                    cloudflare =
-                      if entry.enableCloudflareProxy then {
-                        octodns.cloudflare.proxied = true;
-                      } else { };
-                  in
-                  { inherit (entry) ttl type; }
-                  // content // cloudflare
-                ))
-              grouped;
-            file = format.generate "${zone}.yaml" contents;
-          in
-          "cp ${file} $out/${zone}.yaml"
-        )
-        grouped;
+      cpLines = lib.mapAttrsToList (
+        zone: group:
+        let
+          grouped = builtins.groupBy (entry: entry.at) group;
+          contents = lib.mapAttrs (
+            at: entries:
+            lib.lists.forEach entries (
+              entry:
+              let
+                content =
+                  if builtins.typeOf entry.value == "list" then
+                    { values = entry.value; }
+                  else
+                    { inherit (entry) value; };
+                cloudflare = if entry.enableCloudflareProxy then { octodns.cloudflare.proxied = true; } else { };
+              in
+              { inherit (entry) ttl type; } // content // cloudflare
+            )
+          ) grouped;
+          file = format.generate "${zone}.yaml" contents;
+        in
+        "cp ${file} $out/${zone}.yaml"
+      ) grouped;
    in
    pkgs.runCommand "octodns-zones" { } ''
      mkdir $out
--- a/modules/nixos/cloudflared.nix
+++ b/modules/nixos/cloudflared.nix
@ -85,6 +85,7 @@ in
          at = subdomain;
          zone = cfg.domain;
          value = "${cfg.tunnel}.cfargotunnel.com.";
+          enableCloudflareProxy = true;
        };
    in
    lib.attrsets.mapAttrsToList (_: mkDnsRecord) cfg.at;
--- a/modules/nixos/dns.nix
+++ b/modules/nixos/dns.nix
@ -1,4 +1,9 @@
-{ config, pkgs, lib, ... }:
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
 let
  format = pkgs.formats.yaml { };
  cfg = config.satellite.dns;
@ -13,47 +18,59 @@ in
    records = lib.mkOption {
      description = "List of records to create";
      default = [ ];
-      type = lib.types.listOf (lib.types.submodule ({ config, ... }: {
-        options = {
-          at = lib.mkOption {
-            description = "Subdomain to use for entry";
-            type = lib.types.nullOr lib.types.str;
-          };
+      type = lib.types.listOf (
+        lib.types.submodule (
+          { config, ... }:
+          {
+            options = {
+              at = lib.mkOption {
+                description = "Subdomain to use for entry";
+                type = lib.types.nullOr lib.types.str;
+              };

-          zone = lib.mkOption {
-            description = "Zone this record is a part of";
-            type = lib.types.str;
-            default = cfg.domain;
-          };
+              zone = lib.mkOption {
+                description = "Zone this record is a part of";
+                type = lib.types.str;
+                default = cfg.domain;
+              };

-          type = lib.mkOption {
-            type = lib.types.enum [ "A" "AAAA" "TXT" "CNAME" "MX" ];
-            description = "The type of the DNS record";
-          };
+              type = lib.mkOption {
+                type = lib.types.enum [
+                  "A"
+                  "AAAA"
+                  "TXT"
+                  "CNAME"
+                  "MX"
+                ];
+                description = "The type of the DNS record";
+              };

-          to = lib.mkOption {
-            type = lib.types.nullOr lib.types.str;
-            description = "Shorthand for CNMAE-ing to a subdomain of the given zone";
-            default = null;
-          };
+              to = lib.mkOption {
+                type = lib.types.nullOr lib.types.str;
+                description = "Shorthand for CNMAE-ing to a subdomain of the given zone";
+                default = null;
+              };

-          value = lib.mkOption {
-            type = format.type;
-            description = "The value assigned to the record, in octodns format";
-          };
+              value = lib.mkOption {
+                type = format.type;
+                description = "The value assigned to the record, in octodns format";
+              };

-          ttl = lib.mkOption {
-            type = lib.types.int;
-            description = "The TTL assigned to the record";
-            default = 300;
-          };
+              ttl = lib.mkOption {
+                type = lib.types.int;
+                description = "The TTL assigned to the record";
+                default = 300;
+              };

-          enableCloudflareProxy = lib.mkEnableOption "proxying using cloudflare";
-        };
+              enableCloudflareProxy = lib.mkEnableOption "proxying using cloudflare";
+            };

-        config.value = lib.mkIf (config.type == "CNAME" && config.to != null)
-          "${config.to}.${config.zone}.";
-      }));
+            config.value = lib.mkIf (
+              config.type == "CNAME" && config.to != null
+            ) "${config.to}.${config.zone}.";
+          }
+        )
+      );
    };
  };
 }
--- a/modules/nixos/nginx.nix
+++ b/modules/nixos/nginx.nix
@ -1,5 +1,6 @@
 { config, lib, ... }:
-let cfg = config.satellite.nginx;
+let
+  cfg = config.satellite.nginx;
 in
 {
  options.satellite.nginx = {
@ -11,88 +12,102 @@ in

    at = lib.mkOption {
      description = "Per-subdomain nginx configuration";
-      type = lib.types.attrsOf (lib.types.submodule ({ name, config, ... }: {
-        options.subdomain = lib.mkOption {
-          description = ''
-            Subdomain to use for host generation. 
-            Only required if `host` is not set manually.
-          '';
-          type = lib.types.str;
-          default = name;
-        };
+      type = lib.types.attrsOf (
+        lib.types.submodule (
+          { name, config, ... }:
+          {
+            options.subdomain = lib.mkOption {
+              description = ''
+                Subdomain to use for host generation.
+                Only required if `host` is not set manually.
+              '';
+              type = lib.types.str;
+              default = name;
+            };

-        options.host = lib.mkOption {
-          description = "Host to route requests from";
-          type = lib.types.str;
-        };
+            options.host = lib.mkOption {
+              description = "Host to route requests from";
+              type = lib.types.str;
+            };

-        config.host = "${config.subdomain}.${cfg.domain}";
+            config.host = "${config.subdomain}.${cfg.domain}";

-        options.url = lib.mkOption {
-          description = "External https url used to access this host";
-          type = lib.types.str;
-        };
+            options.url = lib.mkOption {
+              description = "External https url used to access this host";
+              type = lib.types.str;
+            };

-        config.url = "https://${config.host}";
+            config.url = "https://${config.host}";

-        options.port = lib.mkOption {
-          description = "Port to proxy requests to";
-          type = lib.types.nullOr lib.types.port;
-          default = null;
-        };
+            options.port = lib.mkOption {
+              description = "Port to proxy requests to";
+              type = lib.types.nullOr lib.types.port;
+              default = null;
+            };

-        options.files = lib.mkOption {
-          description = "Path to serve files from";
-          type = lib.types.nullOr lib.types.path;
-          default = null;
-        };
-      }));
+            options.files = lib.mkOption {
+              description = "Path to serve files from";
+              type = lib.types.nullOr lib.types.path;
+              default = null;
+            };
+          }
+        )
+      );
      default = { };
    };
  };

  config = {
    assertions =
-      let assertSingleTarget = config:
-        {
+      let
+        assertSingleTarget = config: {
          assertion = (config.port == null) == (config.files != null);
          message = ''
            Precisely one of the options 'satellite.nginx.at.${config.subdomain}.port'
            and 'satellite.nginx.at.${config.subdomain}.files' must be specified.
          '';
        };
-      in lib.mapAttrsToList (_: assertSingleTarget) cfg.at;
+      in
+      lib.mapAttrsToList (_: assertSingleTarget) cfg.at;

    services.nginx.virtualHosts =
-      let mkNginxConfig = { host, port, files, ... }: {
-        name = host;
-        value =
-          let extra =
-            if port != null then {
-              locations."/" = {
-                proxyPass = "http://localhost:${toString port}";
-                proxyWebsockets = true;
-              };
+      let
+        mkNginxConfig = args: {
+          name = args.host;
+          value =
+            let
+              extra =
+                if args.port != null then
+                  {
+                    locations."/" = {
+                      proxyPass = "http://localhost:${toString args.port}";
+                      proxyWebsockets = true;
+                    };
+                  }
+                else
+                  { root = args.files; };
+            in
+            {
+              enableACME = true;
+              acmeRoot = null;
+              forceSSL = true;
            }
-            else {
-              root = files;
-            };
-          in
-          {
-            enableACME = true;
-            acmeRoot = null;
-            forceSSL = true;
-          } // extra;
-      };
-      in lib.attrsets.mapAttrs' (_: mkNginxConfig) cfg.at;
+            // extra;
+        };
+      in
+      lib.attrsets.mapAttrs' (_: mkNginxConfig) cfg.at;

    satellite.dns.records =
-      let mkDnsRecord = { subdomain, ... }: {
-        type = "CNAME";
-        zone = cfg.domain;
-        at = subdomain;
-        to = "${config.networking.hostName}.${cfg.domain}.";
-      };
-      in lib.attrsets.mapAttrsToList (_: mkDnsRecord) cfg.at;
+      let
+        mkDnsRecord =
+          { subdomain, ... }:
+          {
+            type = "CNAME";
+            zone = cfg.domain;
+            at = subdomain;
+            to = config.networking.hostName;
+          };
+      in
+      lib.attrsets.mapAttrsToList (_: mkDnsRecord) cfg.at;
  };
 }
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@ -1,12 +1,29 @@
 # Custom packages, that can be defined similarly to ones from nixpkgs
 # You can build them using 'nix build .#example' or (legacy) 'nix-build -A example'

-{ pkgs ? (import ../nixpkgs.nix) { }, upkgs ? pkgs, ... }:
-let plymouthThemes = pkgs.callPackage (import ./plymouth-themes.nix) { }; in
 {
-  # example = pkgs.callPackage (import ./example.nix) {};
+  pkgs ? (import ../nixpkgs.nix) { },
+  upkgs ? pkgs,
+  ...
+}:
+let
+  plymouthThemes = pkgs.callPackage (import ./plymouth-themes.nix) { };
+in
+rec {
+  plymouthThemeCutsAlt = plymouthThemes.cuts_alt;
  vimclip = pkgs.callPackage (import ./vimclip.nix) { };
  homer = pkgs.callPackage (import ./homer.nix) { };
-  octodns-cloudflare = pkgs.python3Packages.callPackage (import ./octodns-cloudflare.nix) { };
-  plymouthThemeCutsAlt = plymouthThemes.cuts_alt;
+
+  octodns = pkgs.octodns.overrideAttrs (_: {
+    version = "unstable-2024-10-08";
+    src = pkgs.fetchFromGitHub {
+      owner = "octodns";
+      repo = "octodns";
+      rev = "a1456cb1fcf00916ca06b204755834210a3ea9cf";
+      sha256 = "192hbxhb0ghcbzqy3h8q194n4iy7bqfj9ra9qqjff3x2z223czxb";
+    };
+  });
+  octodns-cloudflare = pkgs.python3Packages.callPackage (import ./octodns-cloudflare.nix) {
+    inherit octodns;
+  };
 }
--- a/pkgs/octodns-cloudflare.nix
+++ b/pkgs/octodns-cloudflare.nix
@ -1,18 +1,18 @@
-{ lib
-, buildPythonPackage
-, fetchFromGitHub
-, octodns
-, pytestCheckHook
-, pythonOlder
-, dnspython
-, setuptools
-, requests
-, requests-mock
+{
+  buildPythonPackage,
+  fetchFromGitHub,
+  octodns,
+  pytestCheckHook,
+  pythonOlder,
+  dnspython,
+  setuptools,
+  requests,
+  requests-mock,
 }:

-buildPythonPackage rec {
+buildPythonPackage {
  pname = "octodns-cloudflare";
-  version = "unstable-2024-05-31";
+  version = "unstable-2024-10-08";
  pyproject = true;

  disabled = pythonOlder "3.8";
@ -20,13 +20,11 @@ buildPythonPackage rec {
  src = fetchFromGitHub {
    owner = "octodns";
    repo = "octodns-cloudflare";
-    rev = "3c01938e280767f433eb276a75d6b02c152c02af";
-    sha256 = "1dnvyvf6mlpqcsrj11192li2mhqfs8w6pvaqmsy3jsqjqczmgmf5";
+    rev = "61a4b404b15c0c14cb18d36b48b834490e743319";
+    sha256 = "0kcih4dxgl9ihh22j6d7dbd0d1ylrjp6f60w1p5gzyini1c0a0x1";
  };

-  nativeBuildInputs = [
-    setuptools
-  ];
+  nativeBuildInputs = [ setuptools ];

  propagatedBuildInputs = [
    octodns