prescientmoon/satellite
1
Fork 0
Code Activity

Fix octodns setup

Browse source
This commit is contained in:
prescientmoon 2024-10-11 14:11:52 +02:00
parent 78198f18b2
commit 404f6c8d3e
Signed by: prescientmoon
SSH key fingerprint: SHA256:WFp/cO76nbarETAoQcQXuV+0h7XJsEsOCI0UsyPIy6U
10 changed files with 238 additions and 178 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
dns/common.nix
View file

@ -69,7 +69,6 @@ let
in in
# }}} # }}}
{ {
satellite.dns.domain = "moonythm.dev";
satellite.dns.records = lib.flatten [ satellite.dns.records = lib.flatten [
(ghPage "doffycup") (ghPage "doffycup")
(ghPage "erratic-gate") (ghPage "erratic-gate")

33
dns/pkgs.nix
View file

@ -1,26 +1,38 @@
{ pkgs, self, ... }: rec { { pkgs, self, ... }:
rec {
octodns-zones = octodns-zones =
let let
nixosConfigModules = pkgs.lib.mapAttrsToList nixosConfigModules = pkgs.lib.mapAttrsToList (
(_: current: { satellite.dns = current.config.satellite.dns; }) key: current:
self.nixosConfigurations; # The iso image doesn't do any dns stuff
if key == "iso" then
{ }
else
# Copy over all dns records
{ satellite.dns = current.config.satellite.dns; }
) self.nixosConfigurations;
evaluated = pkgs.lib.evalModules { evaluated = pkgs.lib.evalModules {
specialArgs = { inherit pkgs; }; specialArgs = {
inherit pkgs;
};
modules = [ modules = [
../modules/nixos/dns.nix ../modules/nixos/dns.nix
../modules/common/octodns.nix ../modules/common/octodns.nix
./common.nix ./common.nix
] ] ++ nixosConfigModules;
++ nixosConfigModules;
}; };
in in
evaluated.config.satellite.dns.octodns; evaluated.config.satellite.dns.octodns;
octodns-sync =
pkgs.symlinkJoin { octodns-sync = pkgs.symlinkJoin {
name = "octodns-sync"; name = "octodns-sync";
paths = [ self.packages.${pkgs.system}.octodns ]; paths = [ self.packages.${pkgs.system}.octodns ];
buildInputs = [ pkgs.makeWrapper pkgs.yq ]; buildInputs = [
pkgs.makeWrapper
pkgs.yq
];
postBuild = '' postBuild = ''
cat ${./octodns.yaml} | yq '.providers.zones.directory="${octodns-zones}"' > $out/config.yaml cat ${./octodns.yaml} | yq '.providers.zones.directory="${octodns-zones}"' > $out/config.yaml
wrapProgram $out/bin/octodns-sync \ wrapProgram $out/bin/octodns-sync \
@ -34,4 +46,3 @@
''; '';
}; };
} }

12
flake.lock
View file

@ -1475,11 +1475,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1724819573, "lastModified": 1728492678,
"narHash": "sha256-GnR7/ibgIH1vhoy8cYdmXE6iyZqKqFxQSVkFgosBh6w=", "narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "71e91c409d1e654808b2621f28a327acfdad8dc2", "rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1632,11 +1632,11 @@
}, },
"nixpkgs_7": { "nixpkgs_7": {
"locked": { "locked": {
"lastModified": 1720691131, "lastModified": 1728500571,
"narHash": "sha256-CWT+KN8aTPyMIx8P303gsVxUnkinIz0a/Cmasz1jyIM=", "narHash": "sha256-dOymOQ3AfNI4Z337yEwHGohrVQb4yPODCW9MDUyAc4w=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a046c1202e11b62cbede5385ba64908feb7bfac4", "rev": "d51c28603def282a24fa034bcb007e2bcb5b5dd0",
"type": "github" "type": "github"
}, },
"original": { "original": {

2
flake.nix
View file

@ -104,7 +104,7 @@
in in
myPkgs myPkgs
// { // {
octodns = upkgs.octodns.withProviders (ps: [ myPkgs.octodns-cloudflare ]); octodns = myPkgs.octodns.withProviders (ps: [ myPkgs.octodns-cloudflare ]);
} }
// (import ./dns/pkgs.nix) { inherit pkgs self system; } // (import ./dns/pkgs.nix) { inherit pkgs self system; }
); );

40
modules/common/octodns.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
let let
format = pkgs.formats.yaml { }; format = pkgs.formats.yaml { };
cfg = config.satellite.dns; cfg = config.satellite.dns;
@ -12,32 +17,29 @@ in
config.satellite.dns.octodns = config.satellite.dns.octodns =
let let
grouped = builtins.groupBy (entry: entry.zone) cfg.records; grouped = builtins.groupBy (entry: entry.zone) cfg.records;
cpLines = lib.mapAttrsToList cpLines = lib.mapAttrsToList (
(zone: group: zone: group:
let let
grouped = builtins.groupBy (entry: entry.at) group; grouped = builtins.groupBy (entry: entry.at) group;
contents = lib.mapAttrs contents = lib.mapAttrs (
(at: entries: lib.lists.forEach entries at: entries:
(entry: lib.lists.forEach entries (
entry:
let let
content = content =
if builtins.typeOf entry.value == "list" if builtins.typeOf entry.value == "list" then
then { values = entry.value; } { values = entry.value; }
else { inherit (entry) value; }; else
cloudflare = { inherit (entry) value; };
if entry.enableCloudflareProxy then { cloudflare = if entry.enableCloudflareProxy then { octodns.cloudflare.proxied = true; } else { };
octodns.cloudflare.proxied = true;
} else { };
in in
{ inherit (entry) ttl type; } { inherit (entry) ttl type; } // content // cloudflare
// content // cloudflare )
)) ) grouped;
grouped;
file = format.generate "${zone}.yaml" contents; file = format.generate "${zone}.yaml" contents;
in in
"cp ${file} $out/${zone}.yaml" "cp ${file} $out/${zone}.yaml"
) ) grouped;
grouped;
in in
pkgs.runCommand "octodns-zones" { } '' pkgs.runCommand "octodns-zones" { } ''
mkdir $out mkdir $out

1
modules/nixos/cloudflared.nix
View file

@ -85,6 +85,7 @@ in
at = subdomain; at = subdomain;
zone = cfg.domain; zone = cfg.domain;
value = "${cfg.tunnel}.cfargotunnel.com."; value = "${cfg.tunnel}.cfargotunnel.com.";
enableCloudflareProxy = true;
}; };
in in
lib.attrsets.mapAttrsToList (_: mkDnsRecord) cfg.at; lib.attrsets.mapAttrsToList (_: mkDnsRecord) cfg.at;

29
modules/nixos/dns.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
let let
format = pkgs.formats.yaml { }; format = pkgs.formats.yaml { };
cfg = config.satellite.dns; cfg = config.satellite.dns;
@ -13,7 +18,10 @@ in
records = lib.mkOption { records = lib.mkOption {
description = "List of records to create"; description = "List of records to create";
default = [ ]; default = [ ];
type = lib.types.listOf (lib.types.submodule ({ config, ... }: { type = lib.types.listOf (
lib.types.submodule (
{ config, ... }:
{
options = { options = {
at = lib.mkOption { at = lib.mkOption {
description = "Subdomain to use for entry"; description = "Subdomain to use for entry";
@ -27,7 +35,13 @@ in
}; };
type = lib.mkOption { type = lib.mkOption {
type = lib.types.enum [ "A" "AAAA" "TXT" "CNAME" "MX" ]; type = lib.types.enum [
"A"
"AAAA"
"TXT"
"CNAME"
"MX"
];
description = "The type of the DNS record"; description = "The type of the DNS record";
}; };
@ -51,9 +65,12 @@ in
enableCloudflareProxy = lib.mkEnableOption "proxying using cloudflare"; enableCloudflareProxy = lib.mkEnableOption "proxying using cloudflare";
}; };
config.value = lib.mkIf (config.type == "CNAME" && config.to != null) config.value = lib.mkIf (
"${config.to}.${config.zone}."; config.type == "CNAME" && config.to != null
})); ) "${config.to}.${config.zone}.";
}
)
);
}; };
}; };
} }

53
modules/nixos/nginx.nix
View file

@ -1,5 +1,6 @@
{ config, lib, ... }: { config, lib, ... }:
let cfg = config.satellite.nginx; let
cfg = config.satellite.nginx;
in in
{ {
options.satellite.nginx = { options.satellite.nginx = {
@ -11,7 +12,10 @@ in
at = lib.mkOption { at = lib.mkOption {
description = "Per-subdomain nginx configuration"; description = "Per-subdomain nginx configuration";
type = lib.types.attrsOf (lib.types.submodule ({ name, config, ... }: { type = lib.types.attrsOf (
lib.types.submodule (
{ name, config, ... }:
{
options.subdomain = lib.mkOption { options.subdomain = lib.mkOption {
description = '' description = ''
Subdomain to use for host generation. Subdomain to use for host generation.
@ -46,53 +50,64 @@ in
type = lib.types.nullOr lib.types.path; type = lib.types.nullOr lib.types.path;
default = null; default = null;
}; };
})); }
)
);
default = { }; default = { };
}; };
}; };
config = { config = {
assertions = assertions =
let assertSingleTarget = config: let
{ assertSingleTarget = config: {
assertion = (config.port == null) == (config.files != null); assertion = (config.port == null) == (config.files != null);
message = '' message = ''
Precisely one of the options 'satellite.nginx.at.${config.subdomain}.port' Precisely one of the options 'satellite.nginx.at.${config.subdomain}.port'
and 'satellite.nginx.at.${config.subdomain}.files' must be specified. and 'satellite.nginx.at.${config.subdomain}.files' must be specified.
''; '';
}; };
in lib.mapAttrsToList (_: assertSingleTarget) cfg.at; in
lib.mapAttrsToList (_: assertSingleTarget) cfg.at;
services.nginx.virtualHosts = services.nginx.virtualHosts =
let mkNginxConfig = { host, port, files, ... }: { let
name = host; mkNginxConfig = args: {
name = args.host;
value = value =
let extra = let
if port != null then { extra =
if args.port != null then
{
locations."/" = { locations."/" = {
proxyPass = "http://localhost:${toString port}"; proxyPass = "http://localhost:${toString args.port}";
proxyWebsockets = true; proxyWebsockets = true;
}; };
} }
else { else
root = files; { root = args.files; };
};
in in
{ {
enableACME = true; enableACME = true;
acmeRoot = null; acmeRoot = null;
forceSSL = true; forceSSL = true;
} // extra; }
// extra;
}; };
in lib.attrsets.mapAttrs' (_: mkNginxConfig) cfg.at; in
lib.attrsets.mapAttrs' (_: mkNginxConfig) cfg.at;
satellite.dns.records = satellite.dns.records =
let mkDnsRecord = { subdomain, ... }: { let
mkDnsRecord =
{ subdomain, ... }:
{
type = "CNAME"; type = "CNAME";
zone = cfg.domain; zone = cfg.domain;
at = subdomain; at = subdomain;
to = "${config.networking.hostName}.${cfg.domain}."; to = config.networking.hostName;
}; };
in lib.attrsets.mapAttrsToList (_: mkDnsRecord) cfg.at; in
lib.attrsets.mapAttrsToList (_: mkDnsRecord) cfg.at;
}; };
} }

27
pkgs/default.nix
View file

@ -1,12 +1,29 @@
# Custom packages, that can be defined similarly to ones from nixpkgs # Custom packages, that can be defined similarly to ones from nixpkgs
# You can build them using 'nix build .#example' or (legacy) 'nix-build -A example' # You can build them using 'nix build .#example' or (legacy) 'nix-build -A example'
{ pkgs ? (import ../nixpkgs.nix) { }, upkgs ? pkgs, ... }:
let plymouthThemes = pkgs.callPackage (import ./plymouth-themes.nix) { }; in
{ {
# example = pkgs.callPackage (import ./example.nix) {}; pkgs ? (import ../nixpkgs.nix) { },
upkgs ? pkgs,
...
}:
let
plymouthThemes = pkgs.callPackage (import ./plymouth-themes.nix) { };
in
rec {
plymouthThemeCutsAlt = plymouthThemes.cuts_alt;
vimclip = pkgs.callPackage (import ./vimclip.nix) { }; vimclip = pkgs.callPackage (import ./vimclip.nix) { };
homer = pkgs.callPackage (import ./homer.nix) { }; homer = pkgs.callPackage (import ./homer.nix) { };
octodns-cloudflare = pkgs.python3Packages.callPackage (import ./octodns-cloudflare.nix) { };
plymouthThemeCutsAlt = plymouthThemes.cuts_alt; octodns = pkgs.octodns.overrideAttrs (_: {
version = "unstable-2024-10-08";
src = pkgs.fetchFromGitHub {
owner = "octodns";
repo = "octodns";
rev = "a1456cb1fcf00916ca06b204755834210a3ea9cf";
sha256 = "192hbxhb0ghcbzqy3h8q194n4iy7bqfj9ra9qqjff3x2z223czxb";
};
});
octodns-cloudflare = pkgs.python3Packages.callPackage (import ./octodns-cloudflare.nix) {
inherit octodns;
};
} }

32
pkgs/octodns-cloudflare.nix
View file

@ -1,18 +1,18 @@
{ lib {
, buildPythonPackage buildPythonPackage,
, fetchFromGitHub fetchFromGitHub,
, octodns octodns,
, pytestCheckHook pytestCheckHook,
, pythonOlder pythonOlder,
, dnspython dnspython,
, setuptools setuptools,
, requests requests,
, requests-mock requests-mock,
}: }:
buildPythonPackage rec { buildPythonPackage {
pname = "octodns-cloudflare"; pname = "octodns-cloudflare";
version = "unstable-2024-05-31"; version = "unstable-2024-10-08";
pyproject = true; pyproject = true;
disabled = pythonOlder "3.8"; disabled = pythonOlder "3.8";
@ -20,13 +20,11 @@ buildPythonPackage rec {
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "octodns"; owner = "octodns";
repo = "octodns-cloudflare"; repo = "octodns-cloudflare";
rev = "3c01938e280767f433eb276a75d6b02c152c02af"; rev = "61a4b404b15c0c14cb18d36b48b834490e743319";
sha256 = "1dnvyvf6mlpqcsrj11192li2mhqfs8w6pvaqmsy3jsqjqczmgmf5"; sha256 = "0kcih4dxgl9ihh22j6d7dbd0d1ylrjp6f60w1p5gzyini1c0a0x1";
}; };
nativeBuildInputs = [ nativeBuildInputs = [ setuptools ];
setuptools
];
propagatedBuildInputs = [ propagatedBuildInputs = [
octodns octodns