From 404f6c8d3e89e1b4885da4a7b0155f99aae447ca Mon Sep 17 00:00:00 2001 From: prescientmoon Date: Fri, 11 Oct 2024 14:11:52 +0200 Subject: [PATCH] Fix octodns setup --- dns/common.nix | 1 - dns/pkgs.nix | 61 ++++++++------- flake.lock | 12 +-- flake.nix | 2 +- modules/common/octodns.nix | 56 +++++++------- modules/nixos/cloudflared.nix | 1 + modules/nixos/dns.nix | 87 ++++++++++++--------- modules/nixos/nginx.nix | 137 +++++++++++++++++++--------------- pkgs/default.nix | 27 +++++-- pkgs/octodns-cloudflare.nix | 32 ++++---- 10 files changed, 238 insertions(+), 178 deletions(-) diff --git a/dns/common.nix b/dns/common.nix index 3e3d7f1..160b727 100644 --- a/dns/common.nix +++ b/dns/common.nix @@ -69,7 +69,6 @@ let in # }}} { - satellite.dns.domain = "moonythm.dev"; satellite.dns.records = lib.flatten [ (ghPage "doffycup") (ghPage "erratic-gate") diff --git a/dns/pkgs.nix b/dns/pkgs.nix index 837682e..4d0c823 100644 --- a/dns/pkgs.nix +++ b/dns/pkgs.nix @@ -1,37 +1,48 @@ -{ pkgs, self, ... }: rec { +{ pkgs, self, ... }: +rec { octodns-zones = let - nixosConfigModules = pkgs.lib.mapAttrsToList - (_: current: { satellite.dns = current.config.satellite.dns; }) - self.nixosConfigurations; + nixosConfigModules = pkgs.lib.mapAttrsToList ( + key: current: + # The iso image doesn't do any dns stuff + if key == "iso" then + { } + else + # Copy over all dns records + { satellite.dns = current.config.satellite.dns; } + ) self.nixosConfigurations; evaluated = pkgs.lib.evalModules { - specialArgs = { inherit pkgs; }; + specialArgs = { + inherit pkgs; + }; modules = [ ../modules/nixos/dns.nix ../modules/common/octodns.nix ./common.nix - ] - ++ nixosConfigModules; + ] ++ nixosConfigModules; }; in evaluated.config.satellite.dns.octodns; - octodns-sync = - pkgs.symlinkJoin { - name = "octodns-sync"; - paths = [ self.packages.${pkgs.system}.octodns ]; - buildInputs = [ pkgs.makeWrapper pkgs.yq ]; - postBuild = '' - cat ${./octodns.yaml} | yq '.providers.zones.directory="${octodns-zones}"' > $out/config.yaml - wrapProgram $out/bin/octodns-sync \ - --run 'export CLOUDFLARE_TOKEN=$( \ - sops \ - --decrypt \ - --extract "[\"cloudflare_dns_api_token\"]" \ - ./hosts/nixos/common/secrets.yaml \ - )' \ - --add-flags "--config-file $out/config.yaml" - ''; - }; -} + octodns-sync = pkgs.symlinkJoin { + name = "octodns-sync"; + paths = [ self.packages.${pkgs.system}.octodns ]; + buildInputs = [ + pkgs.makeWrapper + pkgs.yq + ]; + + postBuild = '' + cat ${./octodns.yaml} | yq '.providers.zones.directory="${octodns-zones}"' > $out/config.yaml + wrapProgram $out/bin/octodns-sync \ + --run 'export CLOUDFLARE_TOKEN=$( \ + sops \ + --decrypt \ + --extract "[\"cloudflare_dns_api_token\"]" \ + ./hosts/nixos/common/secrets.yaml \ + )' \ + --add-flags "--config-file $out/config.yaml" + ''; + }; +} diff --git a/flake.lock b/flake.lock index 93b6cc7..266f2f7 100644 --- a/flake.lock +++ b/flake.lock @@ -1475,11 +1475,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1724819573, - "narHash": "sha256-GnR7/ibgIH1vhoy8cYdmXE6iyZqKqFxQSVkFgosBh6w=", + "lastModified": 1728492678, + "narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "71e91c409d1e654808b2621f28a327acfdad8dc2", + "rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7", "type": "github" }, "original": { @@ -1632,11 +1632,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1720691131, - "narHash": "sha256-CWT+KN8aTPyMIx8P303gsVxUnkinIz0a/Cmasz1jyIM=", + "lastModified": 1728500571, + "narHash": "sha256-dOymOQ3AfNI4Z337yEwHGohrVQb4yPODCW9MDUyAc4w=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a046c1202e11b62cbede5385ba64908feb7bfac4", + "rev": "d51c28603def282a24fa034bcb007e2bcb5b5dd0", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 16255b8..f7159fc 100644 --- a/flake.nix +++ b/flake.nix @@ -104,7 +104,7 @@ in myPkgs // { - octodns = upkgs.octodns.withProviders (ps: [ myPkgs.octodns-cloudflare ]); + octodns = myPkgs.octodns.withProviders (ps: [ myPkgs.octodns-cloudflare ]); } // (import ./dns/pkgs.nix) { inherit pkgs self system; } ); diff --git a/modules/common/octodns.nix b/modules/common/octodns.nix index 2d93246..08ddc06 100644 --- a/modules/common/octodns.nix +++ b/modules/common/octodns.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: let format = pkgs.formats.yaml { }; cfg = config.satellite.dns; @@ -12,32 +17,29 @@ in config.satellite.dns.octodns = let grouped = builtins.groupBy (entry: entry.zone) cfg.records; - cpLines = lib.mapAttrsToList - (zone: group: - let - grouped = builtins.groupBy (entry: entry.at) group; - contents = lib.mapAttrs - (at: entries: lib.lists.forEach entries - (entry: - let - content = - if builtins.typeOf entry.value == "list" - then { values = entry.value; } - else { inherit (entry) value; }; - cloudflare = - if entry.enableCloudflareProxy then { - octodns.cloudflare.proxied = true; - } else { }; - in - { inherit (entry) ttl type; } - // content // cloudflare - )) - grouped; - file = format.generate "${zone}.yaml" contents; - in - "cp ${file} $out/${zone}.yaml" - ) - grouped; + cpLines = lib.mapAttrsToList ( + zone: group: + let + grouped = builtins.groupBy (entry: entry.at) group; + contents = lib.mapAttrs ( + at: entries: + lib.lists.forEach entries ( + entry: + let + content = + if builtins.typeOf entry.value == "list" then + { values = entry.value; } + else + { inherit (entry) value; }; + cloudflare = if entry.enableCloudflareProxy then { octodns.cloudflare.proxied = true; } else { }; + in + { inherit (entry) ttl type; } // content // cloudflare + ) + ) grouped; + file = format.generate "${zone}.yaml" contents; + in + "cp ${file} $out/${zone}.yaml" + ) grouped; in pkgs.runCommand "octodns-zones" { } '' mkdir $out diff --git a/modules/nixos/cloudflared.nix b/modules/nixos/cloudflared.nix index 69a5d25..ab0b424 100644 --- a/modules/nixos/cloudflared.nix +++ b/modules/nixos/cloudflared.nix @@ -85,6 +85,7 @@ in at = subdomain; zone = cfg.domain; value = "${cfg.tunnel}.cfargotunnel.com."; + enableCloudflareProxy = true; }; in lib.attrsets.mapAttrsToList (_: mkDnsRecord) cfg.at; diff --git a/modules/nixos/dns.nix b/modules/nixos/dns.nix index edaad21..d9afce8 100644 --- a/modules/nixos/dns.nix +++ b/modules/nixos/dns.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: let format = pkgs.formats.yaml { }; cfg = config.satellite.dns; @@ -13,47 +18,59 @@ in records = lib.mkOption { description = "List of records to create"; default = [ ]; - type = lib.types.listOf (lib.types.submodule ({ config, ... }: { - options = { - at = lib.mkOption { - description = "Subdomain to use for entry"; - type = lib.types.nullOr lib.types.str; - }; + type = lib.types.listOf ( + lib.types.submodule ( + { config, ... }: + { + options = { + at = lib.mkOption { + description = "Subdomain to use for entry"; + type = lib.types.nullOr lib.types.str; + }; - zone = lib.mkOption { - description = "Zone this record is a part of"; - type = lib.types.str; - default = cfg.domain; - }; + zone = lib.mkOption { + description = "Zone this record is a part of"; + type = lib.types.str; + default = cfg.domain; + }; - type = lib.mkOption { - type = lib.types.enum [ "A" "AAAA" "TXT" "CNAME" "MX" ]; - description = "The type of the DNS record"; - }; + type = lib.mkOption { + type = lib.types.enum [ + "A" + "AAAA" + "TXT" + "CNAME" + "MX" + ]; + description = "The type of the DNS record"; + }; - to = lib.mkOption { - type = lib.types.nullOr lib.types.str; - description = "Shorthand for CNMAE-ing to a subdomain of the given zone"; - default = null; - }; + to = lib.mkOption { + type = lib.types.nullOr lib.types.str; + description = "Shorthand for CNMAE-ing to a subdomain of the given zone"; + default = null; + }; - value = lib.mkOption { - type = format.type; - description = "The value assigned to the record, in octodns format"; - }; + value = lib.mkOption { + type = format.type; + description = "The value assigned to the record, in octodns format"; + }; - ttl = lib.mkOption { - type = lib.types.int; - description = "The TTL assigned to the record"; - default = 300; - }; + ttl = lib.mkOption { + type = lib.types.int; + description = "The TTL assigned to the record"; + default = 300; + }; - enableCloudflareProxy = lib.mkEnableOption "proxying using cloudflare"; - }; + enableCloudflareProxy = lib.mkEnableOption "proxying using cloudflare"; + }; - config.value = lib.mkIf (config.type == "CNAME" && config.to != null) - "${config.to}.${config.zone}."; - })); + config.value = lib.mkIf ( + config.type == "CNAME" && config.to != null + ) "${config.to}.${config.zone}."; + } + ) + ); }; }; } diff --git a/modules/nixos/nginx.nix b/modules/nixos/nginx.nix index 8dd0008..84f0f63 100644 --- a/modules/nixos/nginx.nix +++ b/modules/nixos/nginx.nix @@ -1,5 +1,6 @@ { config, lib, ... }: -let cfg = config.satellite.nginx; +let + cfg = config.satellite.nginx; in { options.satellite.nginx = { @@ -11,88 +12,102 @@ in at = lib.mkOption { description = "Per-subdomain nginx configuration"; - type = lib.types.attrsOf (lib.types.submodule ({ name, config, ... }: { - options.subdomain = lib.mkOption { - description = '' - Subdomain to use for host generation. - Only required if `host` is not set manually. - ''; - type = lib.types.str; - default = name; - }; + type = lib.types.attrsOf ( + lib.types.submodule ( + { name, config, ... }: + { + options.subdomain = lib.mkOption { + description = '' + Subdomain to use for host generation. + Only required if `host` is not set manually. + ''; + type = lib.types.str; + default = name; + }; - options.host = lib.mkOption { - description = "Host to route requests from"; - type = lib.types.str; - }; + options.host = lib.mkOption { + description = "Host to route requests from"; + type = lib.types.str; + }; - config.host = "${config.subdomain}.${cfg.domain}"; + config.host = "${config.subdomain}.${cfg.domain}"; - options.url = lib.mkOption { - description = "External https url used to access this host"; - type = lib.types.str; - }; + options.url = lib.mkOption { + description = "External https url used to access this host"; + type = lib.types.str; + }; - config.url = "https://${config.host}"; + config.url = "https://${config.host}"; - options.port = lib.mkOption { - description = "Port to proxy requests to"; - type = lib.types.nullOr lib.types.port; - default = null; - }; + options.port = lib.mkOption { + description = "Port to proxy requests to"; + type = lib.types.nullOr lib.types.port; + default = null; + }; - options.files = lib.mkOption { - description = "Path to serve files from"; - type = lib.types.nullOr lib.types.path; - default = null; - }; - })); + options.files = lib.mkOption { + description = "Path to serve files from"; + type = lib.types.nullOr lib.types.path; + default = null; + }; + } + ) + ); default = { }; }; }; config = { assertions = - let assertSingleTarget = config: - { + let + assertSingleTarget = config: { assertion = (config.port == null) == (config.files != null); message = '' Precisely one of the options 'satellite.nginx.at.${config.subdomain}.port' and 'satellite.nginx.at.${config.subdomain}.files' must be specified. ''; }; - in lib.mapAttrsToList (_: assertSingleTarget) cfg.at; + in + lib.mapAttrsToList (_: assertSingleTarget) cfg.at; services.nginx.virtualHosts = - let mkNginxConfig = { host, port, files, ... }: { - name = host; - value = - let extra = - if port != null then { - locations."/" = { - proxyPass = "http://localhost:${toString port}"; - proxyWebsockets = true; - }; + let + mkNginxConfig = args: { + name = args.host; + value = + let + extra = + if args.port != null then + { + locations."/" = { + proxyPass = "http://localhost:${toString args.port}"; + proxyWebsockets = true; + }; + } + else + { root = args.files; }; + in + { + enableACME = true; + acmeRoot = null; + forceSSL = true; } - else { - root = files; - }; - in - { - enableACME = true; - acmeRoot = null; - forceSSL = true; - } // extra; - }; - in lib.attrsets.mapAttrs' (_: mkNginxConfig) cfg.at; + // extra; + }; + in + lib.attrsets.mapAttrs' (_: mkNginxConfig) cfg.at; satellite.dns.records = - let mkDnsRecord = { subdomain, ... }: { - type = "CNAME"; - zone = cfg.domain; - at = subdomain; - to = "${config.networking.hostName}.${cfg.domain}."; - }; - in lib.attrsets.mapAttrsToList (_: mkDnsRecord) cfg.at; + let + mkDnsRecord = + { subdomain, ... }: + { + type = "CNAME"; + zone = cfg.domain; + at = subdomain; + to = config.networking.hostName; + }; + in + lib.attrsets.mapAttrsToList (_: mkDnsRecord) cfg.at; }; } diff --git a/pkgs/default.nix b/pkgs/default.nix index 91c8bae..1c6447f 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,12 +1,29 @@ # Custom packages, that can be defined similarly to ones from nixpkgs # You can build them using 'nix build .#example' or (legacy) 'nix-build -A example' -{ pkgs ? (import ../nixpkgs.nix) { }, upkgs ? pkgs, ... }: -let plymouthThemes = pkgs.callPackage (import ./plymouth-themes.nix) { }; in { - # example = pkgs.callPackage (import ./example.nix) {}; + pkgs ? (import ../nixpkgs.nix) { }, + upkgs ? pkgs, + ... +}: +let + plymouthThemes = pkgs.callPackage (import ./plymouth-themes.nix) { }; +in +rec { + plymouthThemeCutsAlt = plymouthThemes.cuts_alt; vimclip = pkgs.callPackage (import ./vimclip.nix) { }; homer = pkgs.callPackage (import ./homer.nix) { }; - octodns-cloudflare = pkgs.python3Packages.callPackage (import ./octodns-cloudflare.nix) { }; - plymouthThemeCutsAlt = plymouthThemes.cuts_alt; + + octodns = pkgs.octodns.overrideAttrs (_: { + version = "unstable-2024-10-08"; + src = pkgs.fetchFromGitHub { + owner = "octodns"; + repo = "octodns"; + rev = "a1456cb1fcf00916ca06b204755834210a3ea9cf"; + sha256 = "192hbxhb0ghcbzqy3h8q194n4iy7bqfj9ra9qqjff3x2z223czxb"; + }; + }); + octodns-cloudflare = pkgs.python3Packages.callPackage (import ./octodns-cloudflare.nix) { + inherit octodns; + }; } diff --git a/pkgs/octodns-cloudflare.nix b/pkgs/octodns-cloudflare.nix index e960238..2fd27cc 100644 --- a/pkgs/octodns-cloudflare.nix +++ b/pkgs/octodns-cloudflare.nix @@ -1,18 +1,18 @@ -{ lib -, buildPythonPackage -, fetchFromGitHub -, octodns -, pytestCheckHook -, pythonOlder -, dnspython -, setuptools -, requests -, requests-mock +{ + buildPythonPackage, + fetchFromGitHub, + octodns, + pytestCheckHook, + pythonOlder, + dnspython, + setuptools, + requests, + requests-mock, }: -buildPythonPackage rec { +buildPythonPackage { pname = "octodns-cloudflare"; - version = "unstable-2024-05-31"; + version = "unstable-2024-10-08"; pyproject = true; disabled = pythonOlder "3.8"; @@ -20,13 +20,11 @@ buildPythonPackage rec { src = fetchFromGitHub { owner = "octodns"; repo = "octodns-cloudflare"; - rev = "3c01938e280767f433eb276a75d6b02c152c02af"; - sha256 = "1dnvyvf6mlpqcsrj11192li2mhqfs8w6pvaqmsy3jsqjqczmgmf5"; + rev = "61a4b404b15c0c14cb18d36b48b834490e743319"; + sha256 = "0kcih4dxgl9ihh22j6d7dbd0d1ylrjp6f60w1p5gzyini1c0a0x1"; }; - nativeBuildInputs = [ - setuptools - ]; + nativeBuildInputs = [ setuptools ]; propagatedBuildInputs = [ octodns