prescientmoon/satellite
1
Fork 0
Code Activity

Fix octodns setup

Browse source
This commit is contained in:
prescientmoon 2024-10-11 14:11:52 +02:00
parent 78198f18b2
commit 404f6c8d3e
Signed by: prescientmoon
SSH key fingerprint: SHA256:WFp/cO76nbarETAoQcQXuV+0h7XJsEsOCI0UsyPIy6U
10 changed files with 238 additions and 178 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
dns/common.nix
View file

@ -69,7 +69,6 @@ let
in in
# }}} # }}}
{ {
satellite.dns.domain = "moonythm.dev";
satellite.dns.records = lib.flatten [ satellite.dns.records = lib.flatten [
(ghPage "doffycup") (ghPage "doffycup")
(ghPage "erratic-gate") (ghPage "erratic-gate")

61
dns/pkgs.nix
View file

@ -1,37 +1,48 @@
{ pkgs, self, ... }: rec { { pkgs, self, ... }:
rec {
octodns-zones = octodns-zones =
let let
nixosConfigModules = pkgs.lib.mapAttrsToList nixosConfigModules = pkgs.lib.mapAttrsToList (
(_: current: { satellite.dns = current.config.satellite.dns; }) key: current:
self.nixosConfigurations; # The iso image doesn't do any dns stuff
if key == "iso" then
{ }
else
# Copy over all dns records
{ satellite.dns = current.config.satellite.dns; }
) self.nixosConfigurations;
evaluated = pkgs.lib.evalModules { evaluated = pkgs.lib.evalModules {
specialArgs = { inherit pkgs; }; specialArgs = {
inherit pkgs;
};
modules = [ modules = [
../modules/nixos/dns.nix ../modules/nixos/dns.nix
../modules/common/octodns.nix ../modules/common/octodns.nix
./common.nix ./common.nix
] ] ++ nixosConfigModules;
++ nixosConfigModules;
}; };
in in
evaluated.config.satellite.dns.octodns; evaluated.config.satellite.dns.octodns;
octodns-sync =
pkgs.symlinkJoin {
name = "octodns-sync";
paths = [ self.packages.${pkgs.system}.octodns ];
buildInputs = [ pkgs.makeWrapper pkgs.yq ];
postBuild = ''
cat ${./octodns.yaml} | yq '.providers.zones.directory="${octodns-zones}"' > $out/config.yaml
wrapProgram $out/bin/octodns-sync \
--run 'export CLOUDFLARE_TOKEN=$( \
sops \
--decrypt \
--extract "[\"cloudflare_dns_api_token\"]" \
./hosts/nixos/common/secrets.yaml \
)' \
--add-flags "--config-file $out/config.yaml"
'';
};
}
octodns-sync = pkgs.symlinkJoin {
name = "octodns-sync";
paths = [ self.packages.${pkgs.system}.octodns ];
buildInputs = [
pkgs.makeWrapper
pkgs.yq
];
postBuild = ''
cat ${./octodns.yaml} | yq '.providers.zones.directory="${octodns-zones}"' > $out/config.yaml
wrapProgram $out/bin/octodns-sync \
--run 'export CLOUDFLARE_TOKEN=$( \
sops \
--decrypt \
--extract "[\"cloudflare_dns_api_token\"]" \
./hosts/nixos/common/secrets.yaml \
)' \
--add-flags "--config-file $out/config.yaml"
'';
};
}

12
flake.lock
View file

@ -1475,11 +1475,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1724819573, "lastModified": 1728492678,
"narHash": "sha256-GnR7/ibgIH1vhoy8cYdmXE6iyZqKqFxQSVkFgosBh6w=", "narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "71e91c409d1e654808b2621f28a327acfdad8dc2", "rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1632,11 +1632,11 @@
}, },
"nixpkgs_7": { "nixpkgs_7": {
"locked": { "locked": {
"lastModified": 1720691131, "lastModified": 1728500571,
"narHash": "sha256-CWT+KN8aTPyMIx8P303gsVxUnkinIz0a/Cmasz1jyIM=", "narHash": "sha256-dOymOQ3AfNI4Z337yEwHGohrVQb4yPODCW9MDUyAc4w=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a046c1202e11b62cbede5385ba64908feb7bfac4", "rev": "d51c28603def282a24fa034bcb007e2bcb5b5dd0",
"type": "github" "type": "github"
}, },
"original": { "original": {

2
flake.nix
View file

@ -104,7 +104,7 @@
in in
myPkgs myPkgs
// { // {
octodns = upkgs.octodns.withProviders (ps: [ myPkgs.octodns-cloudflare ]); octodns = myPkgs.octodns.withProviders (ps: [ myPkgs.octodns-cloudflare ]);
} }
// (import ./dns/pkgs.nix) { inherit pkgs self system; } // (import ./dns/pkgs.nix) { inherit pkgs self system; }
); );

56
modules/common/octodns.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
let let
format = pkgs.formats.yaml { }; format = pkgs.formats.yaml { };
cfg = config.satellite.dns; cfg = config.satellite.dns;
@ -12,32 +17,29 @@ in
config.satellite.dns.octodns = config.satellite.dns.octodns =
let let
grouped = builtins.groupBy (entry: entry.zone) cfg.records; grouped = builtins.groupBy (entry: entry.zone) cfg.records;
cpLines = lib.mapAttrsToList cpLines = lib.mapAttrsToList (
(zone: group: zone: group:
let let
grouped = builtins.groupBy (entry: entry.at) group; grouped = builtins.groupBy (entry: entry.at) group;
contents = lib.mapAttrs contents = lib.mapAttrs (
(at: entries: lib.lists.forEach entries at: entries:
(entry: lib.lists.forEach entries (
let entry:
content = let
if builtins.typeOf entry.value == "list" content =
then { values = entry.value; } if builtins.typeOf entry.value == "list" then
else { inherit (entry) value; }; { values = entry.value; }
cloudflare = else
if entry.enableCloudflareProxy then { { inherit (entry) value; };
octodns.cloudflare.proxied = true; cloudflare = if entry.enableCloudflareProxy then { octodns.cloudflare.proxied = true; } else { };
} else { }; in
in { inherit (entry) ttl type; } // content // cloudflare
{ inherit (entry) ttl type; } )
// content // cloudflare ) grouped;
)) file = format.generate "${zone}.yaml" contents;
grouped; in
file = format.generate "${zone}.yaml" contents; "cp ${file} $out/${zone}.yaml"
in ) grouped;
"cp ${file} $out/${zone}.yaml"
)
grouped;
in in
pkgs.runCommand "octodns-zones" { } '' pkgs.runCommand "octodns-zones" { } ''
mkdir $out mkdir $out

1
modules/nixos/cloudflared.nix
View file

@ -85,6 +85,7 @@ in
at = subdomain; at = subdomain;
zone = cfg.domain; zone = cfg.domain;
value = "${cfg.tunnel}.cfargotunnel.com."; value = "${cfg.tunnel}.cfargotunnel.com.";
enableCloudflareProxy = true;
}; };
in in
lib.attrsets.mapAttrsToList (_: mkDnsRecord) cfg.at; lib.attrsets.mapAttrsToList (_: mkDnsRecord) cfg.at;

87
modules/nixos/dns.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
let let
format = pkgs.formats.yaml { }; format = pkgs.formats.yaml { };
cfg = config.satellite.dns; cfg = config.satellite.dns;
@ -13,47 +18,59 @@ in
records = lib.mkOption { records = lib.mkOption {
description = "List of records to create"; description = "List of records to create";
default = [ ]; default = [ ];
type = lib.types.listOf (lib.types.submodule ({ config, ... }: { type = lib.types.listOf (
options = { lib.types.submodule (
at = lib.mkOption { { config, ... }:
description = "Subdomain to use for entry"; {
type = lib.types.nullOr lib.types.str; options = {
}; at = lib.mkOption {
description = "Subdomain to use for entry";
type = lib.types.nullOr lib.types.str;
};
zone = lib.mkOption { zone = lib.mkOption {
description = "Zone this record is a part of"; description = "Zone this record is a part of";
type = lib.types.str; type = lib.types.str;
default = cfg.domain; default = cfg.domain;
}; };
type = lib.mkOption { type = lib.mkOption {
type = lib.types.enum [ "A" "AAAA" "TXT" "CNAME" "MX" ]; type = lib.types.enum [
description = "The type of the DNS record"; "A"
}; "AAAA"
"TXT"
"CNAME"
"MX"
];
description = "The type of the DNS record";
};
to = lib.mkOption { to = lib.mkOption {
type = lib.types.nullOr lib.types.str; type = lib.types.nullOr lib.types.str;
description = "Shorthand for CNMAE-ing to a subdomain of the given zone"; description = "Shorthand for CNMAE-ing to a subdomain of the given zone";
default = null; default = null;
}; };
value = lib.mkOption { value = lib.mkOption {
type = format.type; type = format.type;
description = "The value assigned to the record, in octodns format"; description = "The value assigned to the record, in octodns format";
}; };
ttl = lib.mkOption { ttl = lib.mkOption {
type = lib.types.int; type = lib.types.int;
description = "The TTL assigned to the record"; description = "The TTL assigned to the record";
default = 300; default = 300;
}; };
enableCloudflareProxy = lib.mkEnableOption "proxying using cloudflare"; enableCloudflareProxy = lib.mkEnableOption "proxying using cloudflare";
}; };
config.value = lib.mkIf (config.type == "CNAME" && config.to != null) config.value = lib.mkIf (
"${config.to}.${config.zone}."; config.type == "CNAME" && config.to != null
})); ) "${config.to}.${config.zone}.";
}
)
);
}; };
}; };
} }

137
modules/nixos/nginx.nix
View file

@ -1,5 +1,6 @@
{ config, lib, ... }: { config, lib, ... }:
let cfg = config.satellite.nginx; let
cfg = config.satellite.nginx;
in in
{ {
options.satellite.nginx = { options.satellite.nginx = {
@ -11,88 +12,102 @@ in
at = lib.mkOption { at = lib.mkOption {
description = "Per-subdomain nginx configuration"; description = "Per-subdomain nginx configuration";
type = lib.types.attrsOf (lib.types.submodule ({ name, config, ... }: { type = lib.types.attrsOf (
options.subdomain = lib.mkOption { lib.types.submodule (
description = '' { name, config, ... }:
Subdomain to use for host generation. {
Only required if `host` is not set manually. options.subdomain = lib.mkOption {
''; description = ''
type = lib.types.str; Subdomain to use for host generation.
default = name; Only required if `host` is not set manually.
}; '';
type = lib.types.str;
default = name;
};
options.host = lib.mkOption { options.host = lib.mkOption {
description = "Host to route requests from"; description = "Host to route requests from";
type = lib.types.str; type = lib.types.str;
}; };
config.host = "${config.subdomain}.${cfg.domain}"; config.host = "${config.subdomain}.${cfg.domain}";
options.url = lib.mkOption { options.url = lib.mkOption {
description = "External https url used to access this host"; description = "External https url used to access this host";
type = lib.types.str; type = lib.types.str;
}; };
config.url = "https://${config.host}"; config.url = "https://${config.host}";
options.port = lib.mkOption { options.port = lib.mkOption {
description = "Port to proxy requests to"; description = "Port to proxy requests to";
type = lib.types.nullOr lib.types.port; type = lib.types.nullOr lib.types.port;
default = null; default = null;
}; };
options.files = lib.mkOption { options.files = lib.mkOption {
description = "Path to serve files from"; description = "Path to serve files from";
type = lib.types.nullOr lib.types.path; type = lib.types.nullOr lib.types.path;
default = null; default = null;
}; };
})); }
)
);
default = { }; default = { };
}; };
}; };
config = { config = {
assertions = assertions =
let assertSingleTarget = config: let
{ assertSingleTarget = config: {
assertion = (config.port == null) == (config.files != null); assertion = (config.port == null) == (config.files != null);
message = '' message = ''
Precisely one of the options 'satellite.nginx.at.${config.subdomain}.port' Precisely one of the options 'satellite.nginx.at.${config.subdomain}.port'
and 'satellite.nginx.at.${config.subdomain}.files' must be specified. and 'satellite.nginx.at.${config.subdomain}.files' must be specified.
''; '';
}; };
in lib.mapAttrsToList (_: assertSingleTarget) cfg.at; in
lib.mapAttrsToList (_: assertSingleTarget) cfg.at;
services.nginx.virtualHosts = services.nginx.virtualHosts =
let mkNginxConfig = { host, port, files, ... }: { let
name = host; mkNginxConfig = args: {
value = name = args.host;
let extra = value =
if port != null then { let
locations."/" = { extra =
proxyPass = "http://localhost:${toString port}"; if args.port != null then
proxyWebsockets = true; {
}; locations."/" = {
proxyPass = "http://localhost:${toString args.port}";
proxyWebsockets = true;
};
}
else
{ root = args.files; };
in
{
enableACME = true;
acmeRoot = null;
forceSSL = true;
} }
else { // extra;
root = files; };
}; in
in lib.attrsets.mapAttrs' (_: mkNginxConfig) cfg.at;
{
enableACME = true;
acmeRoot = null;
forceSSL = true;
} // extra;
};
in lib.attrsets.mapAttrs' (_: mkNginxConfig) cfg.at;
satellite.dns.records = satellite.dns.records =
let mkDnsRecord = { subdomain, ... }: { let
type = "CNAME"; mkDnsRecord =
zone = cfg.domain; { subdomain, ... }:
at = subdomain; {
to = "${config.networking.hostName}.${cfg.domain}."; type = "CNAME";
}; zone = cfg.domain;
in lib.attrsets.mapAttrsToList (_: mkDnsRecord) cfg.at; at = subdomain;
to = config.networking.hostName;
};
in
lib.attrsets.mapAttrsToList (_: mkDnsRecord) cfg.at;
}; };
} }

27
pkgs/default.nix
View file

@ -1,12 +1,29 @@
# Custom packages, that can be defined similarly to ones from nixpkgs # Custom packages, that can be defined similarly to ones from nixpkgs
# You can build them using 'nix build .#example' or (legacy) 'nix-build -A example' # You can build them using 'nix build .#example' or (legacy) 'nix-build -A example'
{ pkgs ? (import ../nixpkgs.nix) { }, upkgs ? pkgs, ... }:
let plymouthThemes = pkgs.callPackage (import ./plymouth-themes.nix) { }; in
{ {
# example = pkgs.callPackage (import ./example.nix) {}; pkgs ? (import ../nixpkgs.nix) { },
upkgs ? pkgs,
...
}:
let
plymouthThemes = pkgs.callPackage (import ./plymouth-themes.nix) { };
in
rec {
plymouthThemeCutsAlt = plymouthThemes.cuts_alt;
vimclip = pkgs.callPackage (import ./vimclip.nix) { }; vimclip = pkgs.callPackage (import ./vimclip.nix) { };
homer = pkgs.callPackage (import ./homer.nix) { }; homer = pkgs.callPackage (import ./homer.nix) { };
octodns-cloudflare = pkgs.python3Packages.callPackage (import ./octodns-cloudflare.nix) { };
plymouthThemeCutsAlt = plymouthThemes.cuts_alt; octodns = pkgs.octodns.overrideAttrs (_: {
version = "unstable-2024-10-08";
src = pkgs.fetchFromGitHub {
owner = "octodns";
repo = "octodns";
rev = "a1456cb1fcf00916ca06b204755834210a3ea9cf";
sha256 = "192hbxhb0ghcbzqy3h8q194n4iy7bqfj9ra9qqjff3x2z223czxb";
};
});
octodns-cloudflare = pkgs.python3Packages.callPackage (import ./octodns-cloudflare.nix) {
inherit octodns;
};
} }

32
pkgs/octodns-cloudflare.nix
View file

@ -1,18 +1,18 @@
{ lib {
, buildPythonPackage buildPythonPackage,
, fetchFromGitHub fetchFromGitHub,
, octodns octodns,
, pytestCheckHook pytestCheckHook,
, pythonOlder pythonOlder,
, dnspython dnspython,
, setuptools setuptools,
, requests requests,
, requests-mock requests-mock,
}: }:
buildPythonPackage rec { buildPythonPackage {
pname = "octodns-cloudflare"; pname = "octodns-cloudflare";
version = "unstable-2024-05-31"; version = "unstable-2024-10-08";
pyproject = true; pyproject = true;
disabled = pythonOlder "3.8"; disabled = pythonOlder "3.8";
@ -20,13 +20,11 @@ buildPythonPackage rec {
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "octodns"; owner = "octodns";
repo = "octodns-cloudflare"; repo = "octodns-cloudflare";
rev = "3c01938e280767f433eb276a75d6b02c152c02af"; rev = "61a4b404b15c0c14cb18d36b48b834490e743319";
sha256 = "1dnvyvf6mlpqcsrj11192li2mhqfs8w6pvaqmsy3jsqjqczmgmf5"; sha256 = "0kcih4dxgl9ihh22j6d7dbd0d1ylrjp6f60w1p5gzyini1c0a0x1";
}; };
nativeBuildInputs = [ nativeBuildInputs = [ setuptools ];
setuptools
];
propagatedBuildInputs = [ propagatedBuildInputs = [
octodns octodns