Fix octodns setup
This commit is contained in:
parent
78198f18b2
commit
404f6c8d3e
|
@ -69,7 +69,6 @@ let
|
|||
in
|
||||
# }}}
|
||||
{
|
||||
satellite.dns.domain = "moonythm.dev";
|
||||
satellite.dns.records = lib.flatten [
|
||||
(ghPage "doffycup")
|
||||
(ghPage "erratic-gate")
|
||||
|
|
61
dns/pkgs.nix
61
dns/pkgs.nix
|
@ -1,37 +1,48 @@
|
|||
{ pkgs, self, ... }: rec {
|
||||
{ pkgs, self, ... }:
|
||||
rec {
|
||||
octodns-zones =
|
||||
let
|
||||
nixosConfigModules = pkgs.lib.mapAttrsToList
|
||||
(_: current: { satellite.dns = current.config.satellite.dns; })
|
||||
self.nixosConfigurations;
|
||||
nixosConfigModules = pkgs.lib.mapAttrsToList (
|
||||
key: current:
|
||||
# The iso image doesn't do any dns stuff
|
||||
if key == "iso" then
|
||||
{ }
|
||||
else
|
||||
# Copy over all dns records
|
||||
{ satellite.dns = current.config.satellite.dns; }
|
||||
) self.nixosConfigurations;
|
||||
|
||||
evaluated = pkgs.lib.evalModules {
|
||||
specialArgs = { inherit pkgs; };
|
||||
specialArgs = {
|
||||
inherit pkgs;
|
||||
};
|
||||
modules = [
|
||||
../modules/nixos/dns.nix
|
||||
../modules/common/octodns.nix
|
||||
./common.nix
|
||||
]
|
||||
++ nixosConfigModules;
|
||||
] ++ nixosConfigModules;
|
||||
};
|
||||
in
|
||||
evaluated.config.satellite.dns.octodns;
|
||||
octodns-sync =
|
||||
pkgs.symlinkJoin {
|
||||
name = "octodns-sync";
|
||||
paths = [ self.packages.${pkgs.system}.octodns ];
|
||||
buildInputs = [ pkgs.makeWrapper pkgs.yq ];
|
||||
postBuild = ''
|
||||
cat ${./octodns.yaml} | yq '.providers.zones.directory="${octodns-zones}"' > $out/config.yaml
|
||||
wrapProgram $out/bin/octodns-sync \
|
||||
--run 'export CLOUDFLARE_TOKEN=$( \
|
||||
sops \
|
||||
--decrypt \
|
||||
--extract "[\"cloudflare_dns_api_token\"]" \
|
||||
./hosts/nixos/common/secrets.yaml \
|
||||
)' \
|
||||
--add-flags "--config-file $out/config.yaml"
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
||||
octodns-sync = pkgs.symlinkJoin {
|
||||
name = "octodns-sync";
|
||||
paths = [ self.packages.${pkgs.system}.octodns ];
|
||||
buildInputs = [
|
||||
pkgs.makeWrapper
|
||||
pkgs.yq
|
||||
];
|
||||
|
||||
postBuild = ''
|
||||
cat ${./octodns.yaml} | yq '.providers.zones.directory="${octodns-zones}"' > $out/config.yaml
|
||||
wrapProgram $out/bin/octodns-sync \
|
||||
--run 'export CLOUDFLARE_TOKEN=$( \
|
||||
sops \
|
||||
--decrypt \
|
||||
--extract "[\"cloudflare_dns_api_token\"]" \
|
||||
./hosts/nixos/common/secrets.yaml \
|
||||
)' \
|
||||
--add-flags "--config-file $out/config.yaml"
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
|
12
flake.lock
12
flake.lock
|
@ -1475,11 +1475,11 @@
|
|||
},
|
||||
"nixpkgs-unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1724819573,
|
||||
"narHash": "sha256-GnR7/ibgIH1vhoy8cYdmXE6iyZqKqFxQSVkFgosBh6w=",
|
||||
"lastModified": 1728492678,
|
||||
"narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "71e91c409d1e654808b2621f28a327acfdad8dc2",
|
||||
"rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -1632,11 +1632,11 @@
|
|||
},
|
||||
"nixpkgs_7": {
|
||||
"locked": {
|
||||
"lastModified": 1720691131,
|
||||
"narHash": "sha256-CWT+KN8aTPyMIx8P303gsVxUnkinIz0a/Cmasz1jyIM=",
|
||||
"lastModified": 1728500571,
|
||||
"narHash": "sha256-dOymOQ3AfNI4Z337yEwHGohrVQb4yPODCW9MDUyAc4w=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "a046c1202e11b62cbede5385ba64908feb7bfac4",
|
||||
"rev": "d51c28603def282a24fa034bcb007e2bcb5b5dd0",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
@ -104,7 +104,7 @@
|
|||
in
|
||||
myPkgs
|
||||
// {
|
||||
octodns = upkgs.octodns.withProviders (ps: [ myPkgs.octodns-cloudflare ]);
|
||||
octodns = myPkgs.octodns.withProviders (ps: [ myPkgs.octodns-cloudflare ]);
|
||||
}
|
||||
// (import ./dns/pkgs.nix) { inherit pkgs self system; }
|
||||
);
|
||||
|
|
|
@ -1,4 +1,9 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
let
|
||||
format = pkgs.formats.yaml { };
|
||||
cfg = config.satellite.dns;
|
||||
|
@ -12,32 +17,29 @@ in
|
|||
config.satellite.dns.octodns =
|
||||
let
|
||||
grouped = builtins.groupBy (entry: entry.zone) cfg.records;
|
||||
cpLines = lib.mapAttrsToList
|
||||
(zone: group:
|
||||
let
|
||||
grouped = builtins.groupBy (entry: entry.at) group;
|
||||
contents = lib.mapAttrs
|
||||
(at: entries: lib.lists.forEach entries
|
||||
(entry:
|
||||
let
|
||||
content =
|
||||
if builtins.typeOf entry.value == "list"
|
||||
then { values = entry.value; }
|
||||
else { inherit (entry) value; };
|
||||
cloudflare =
|
||||
if entry.enableCloudflareProxy then {
|
||||
octodns.cloudflare.proxied = true;
|
||||
} else { };
|
||||
in
|
||||
{ inherit (entry) ttl type; }
|
||||
// content // cloudflare
|
||||
))
|
||||
grouped;
|
||||
file = format.generate "${zone}.yaml" contents;
|
||||
in
|
||||
"cp ${file} $out/${zone}.yaml"
|
||||
)
|
||||
grouped;
|
||||
cpLines = lib.mapAttrsToList (
|
||||
zone: group:
|
||||
let
|
||||
grouped = builtins.groupBy (entry: entry.at) group;
|
||||
contents = lib.mapAttrs (
|
||||
at: entries:
|
||||
lib.lists.forEach entries (
|
||||
entry:
|
||||
let
|
||||
content =
|
||||
if builtins.typeOf entry.value == "list" then
|
||||
{ values = entry.value; }
|
||||
else
|
||||
{ inherit (entry) value; };
|
||||
cloudflare = if entry.enableCloudflareProxy then { octodns.cloudflare.proxied = true; } else { };
|
||||
in
|
||||
{ inherit (entry) ttl type; } // content // cloudflare
|
||||
)
|
||||
) grouped;
|
||||
file = format.generate "${zone}.yaml" contents;
|
||||
in
|
||||
"cp ${file} $out/${zone}.yaml"
|
||||
) grouped;
|
||||
in
|
||||
pkgs.runCommand "octodns-zones" { } ''
|
||||
mkdir $out
|
||||
|
|
|
@ -85,6 +85,7 @@ in
|
|||
at = subdomain;
|
||||
zone = cfg.domain;
|
||||
value = "${cfg.tunnel}.cfargotunnel.com.";
|
||||
enableCloudflareProxy = true;
|
||||
};
|
||||
in
|
||||
lib.attrsets.mapAttrsToList (_: mkDnsRecord) cfg.at;
|
||||
|
|
|
@ -1,4 +1,9 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
let
|
||||
format = pkgs.formats.yaml { };
|
||||
cfg = config.satellite.dns;
|
||||
|
@ -13,47 +18,59 @@ in
|
|||
records = lib.mkOption {
|
||||
description = "List of records to create";
|
||||
default = [ ];
|
||||
type = lib.types.listOf (lib.types.submodule ({ config, ... }: {
|
||||
options = {
|
||||
at = lib.mkOption {
|
||||
description = "Subdomain to use for entry";
|
||||
type = lib.types.nullOr lib.types.str;
|
||||
};
|
||||
type = lib.types.listOf (
|
||||
lib.types.submodule (
|
||||
{ config, ... }:
|
||||
{
|
||||
options = {
|
||||
at = lib.mkOption {
|
||||
description = "Subdomain to use for entry";
|
||||
type = lib.types.nullOr lib.types.str;
|
||||
};
|
||||
|
||||
zone = lib.mkOption {
|
||||
description = "Zone this record is a part of";
|
||||
type = lib.types.str;
|
||||
default = cfg.domain;
|
||||
};
|
||||
zone = lib.mkOption {
|
||||
description = "Zone this record is a part of";
|
||||
type = lib.types.str;
|
||||
default = cfg.domain;
|
||||
};
|
||||
|
||||
type = lib.mkOption {
|
||||
type = lib.types.enum [ "A" "AAAA" "TXT" "CNAME" "MX" ];
|
||||
description = "The type of the DNS record";
|
||||
};
|
||||
type = lib.mkOption {
|
||||
type = lib.types.enum [
|
||||
"A"
|
||||
"AAAA"
|
||||
"TXT"
|
||||
"CNAME"
|
||||
"MX"
|
||||
];
|
||||
description = "The type of the DNS record";
|
||||
};
|
||||
|
||||
to = lib.mkOption {
|
||||
type = lib.types.nullOr lib.types.str;
|
||||
description = "Shorthand for CNMAE-ing to a subdomain of the given zone";
|
||||
default = null;
|
||||
};
|
||||
to = lib.mkOption {
|
||||
type = lib.types.nullOr lib.types.str;
|
||||
description = "Shorthand for CNMAE-ing to a subdomain of the given zone";
|
||||
default = null;
|
||||
};
|
||||
|
||||
value = lib.mkOption {
|
||||
type = format.type;
|
||||
description = "The value assigned to the record, in octodns format";
|
||||
};
|
||||
value = lib.mkOption {
|
||||
type = format.type;
|
||||
description = "The value assigned to the record, in octodns format";
|
||||
};
|
||||
|
||||
ttl = lib.mkOption {
|
||||
type = lib.types.int;
|
||||
description = "The TTL assigned to the record";
|
||||
default = 300;
|
||||
};
|
||||
ttl = lib.mkOption {
|
||||
type = lib.types.int;
|
||||
description = "The TTL assigned to the record";
|
||||
default = 300;
|
||||
};
|
||||
|
||||
enableCloudflareProxy = lib.mkEnableOption "proxying using cloudflare";
|
||||
};
|
||||
enableCloudflareProxy = lib.mkEnableOption "proxying using cloudflare";
|
||||
};
|
||||
|
||||
config.value = lib.mkIf (config.type == "CNAME" && config.to != null)
|
||||
"${config.to}.${config.zone}.";
|
||||
}));
|
||||
config.value = lib.mkIf (
|
||||
config.type == "CNAME" && config.to != null
|
||||
) "${config.to}.${config.zone}.";
|
||||
}
|
||||
)
|
||||
);
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
{ config, lib, ... }:
|
||||
let cfg = config.satellite.nginx;
|
||||
let
|
||||
cfg = config.satellite.nginx;
|
||||
in
|
||||
{
|
||||
options.satellite.nginx = {
|
||||
|
@ -11,88 +12,102 @@ in
|
|||
|
||||
at = lib.mkOption {
|
||||
description = "Per-subdomain nginx configuration";
|
||||
type = lib.types.attrsOf (lib.types.submodule ({ name, config, ... }: {
|
||||
options.subdomain = lib.mkOption {
|
||||
description = ''
|
||||
Subdomain to use for host generation.
|
||||
Only required if `host` is not set manually.
|
||||
'';
|
||||
type = lib.types.str;
|
||||
default = name;
|
||||
};
|
||||
type = lib.types.attrsOf (
|
||||
lib.types.submodule (
|
||||
{ name, config, ... }:
|
||||
{
|
||||
options.subdomain = lib.mkOption {
|
||||
description = ''
|
||||
Subdomain to use for host generation.
|
||||
Only required if `host` is not set manually.
|
||||
'';
|
||||
type = lib.types.str;
|
||||
default = name;
|
||||
};
|
||||
|
||||
options.host = lib.mkOption {
|
||||
description = "Host to route requests from";
|
||||
type = lib.types.str;
|
||||
};
|
||||
options.host = lib.mkOption {
|
||||
description = "Host to route requests from";
|
||||
type = lib.types.str;
|
||||
};
|
||||
|
||||
config.host = "${config.subdomain}.${cfg.domain}";
|
||||
config.host = "${config.subdomain}.${cfg.domain}";
|
||||
|
||||
options.url = lib.mkOption {
|
||||
description = "External https url used to access this host";
|
||||
type = lib.types.str;
|
||||
};
|
||||
options.url = lib.mkOption {
|
||||
description = "External https url used to access this host";
|
||||
type = lib.types.str;
|
||||
};
|
||||
|
||||
config.url = "https://${config.host}";
|
||||
config.url = "https://${config.host}";
|
||||
|
||||
options.port = lib.mkOption {
|
||||
description = "Port to proxy requests to";
|
||||
type = lib.types.nullOr lib.types.port;
|
||||
default = null;
|
||||
};
|
||||
options.port = lib.mkOption {
|
||||
description = "Port to proxy requests to";
|
||||
type = lib.types.nullOr lib.types.port;
|
||||
default = null;
|
||||
};
|
||||
|
||||
options.files = lib.mkOption {
|
||||
description = "Path to serve files from";
|
||||
type = lib.types.nullOr lib.types.path;
|
||||
default = null;
|
||||
};
|
||||
}));
|
||||
options.files = lib.mkOption {
|
||||
description = "Path to serve files from";
|
||||
type = lib.types.nullOr lib.types.path;
|
||||
default = null;
|
||||
};
|
||||
}
|
||||
)
|
||||
);
|
||||
default = { };
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
assertions =
|
||||
let assertSingleTarget = config:
|
||||
{
|
||||
let
|
||||
assertSingleTarget = config: {
|
||||
assertion = (config.port == null) == (config.files != null);
|
||||
message = ''
|
||||
Precisely one of the options 'satellite.nginx.at.${config.subdomain}.port'
|
||||
and 'satellite.nginx.at.${config.subdomain}.files' must be specified.
|
||||
'';
|
||||
};
|
||||
in lib.mapAttrsToList (_: assertSingleTarget) cfg.at;
|
||||
in
|
||||
lib.mapAttrsToList (_: assertSingleTarget) cfg.at;
|
||||
|
||||
services.nginx.virtualHosts =
|
||||
let mkNginxConfig = { host, port, files, ... }: {
|
||||
name = host;
|
||||
value =
|
||||
let extra =
|
||||
if port != null then {
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:${toString port}";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
let
|
||||
mkNginxConfig = args: {
|
||||
name = args.host;
|
||||
value =
|
||||
let
|
||||
extra =
|
||||
if args.port != null then
|
||||
{
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:${toString args.port}";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
}
|
||||
else
|
||||
{ root = args.files; };
|
||||
in
|
||||
{
|
||||
enableACME = true;
|
||||
acmeRoot = null;
|
||||
forceSSL = true;
|
||||
}
|
||||
else {
|
||||
root = files;
|
||||
};
|
||||
in
|
||||
{
|
||||
enableACME = true;
|
||||
acmeRoot = null;
|
||||
forceSSL = true;
|
||||
} // extra;
|
||||
};
|
||||
in lib.attrsets.mapAttrs' (_: mkNginxConfig) cfg.at;
|
||||
// extra;
|
||||
};
|
||||
in
|
||||
lib.attrsets.mapAttrs' (_: mkNginxConfig) cfg.at;
|
||||
|
||||
satellite.dns.records =
|
||||
let mkDnsRecord = { subdomain, ... }: {
|
||||
type = "CNAME";
|
||||
zone = cfg.domain;
|
||||
at = subdomain;
|
||||
to = "${config.networking.hostName}.${cfg.domain}.";
|
||||
};
|
||||
in lib.attrsets.mapAttrsToList (_: mkDnsRecord) cfg.at;
|
||||
let
|
||||
mkDnsRecord =
|
||||
{ subdomain, ... }:
|
||||
{
|
||||
type = "CNAME";
|
||||
zone = cfg.domain;
|
||||
at = subdomain;
|
||||
to = config.networking.hostName;
|
||||
};
|
||||
in
|
||||
lib.attrsets.mapAttrsToList (_: mkDnsRecord) cfg.at;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,12 +1,29 @@
|
|||
# Custom packages, that can be defined similarly to ones from nixpkgs
|
||||
# You can build them using 'nix build .#example' or (legacy) 'nix-build -A example'
|
||||
|
||||
{ pkgs ? (import ../nixpkgs.nix) { }, upkgs ? pkgs, ... }:
|
||||
let plymouthThemes = pkgs.callPackage (import ./plymouth-themes.nix) { }; in
|
||||
{
|
||||
# example = pkgs.callPackage (import ./example.nix) {};
|
||||
pkgs ? (import ../nixpkgs.nix) { },
|
||||
upkgs ? pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
plymouthThemes = pkgs.callPackage (import ./plymouth-themes.nix) { };
|
||||
in
|
||||
rec {
|
||||
plymouthThemeCutsAlt = plymouthThemes.cuts_alt;
|
||||
vimclip = pkgs.callPackage (import ./vimclip.nix) { };
|
||||
homer = pkgs.callPackage (import ./homer.nix) { };
|
||||
octodns-cloudflare = pkgs.python3Packages.callPackage (import ./octodns-cloudflare.nix) { };
|
||||
plymouthThemeCutsAlt = plymouthThemes.cuts_alt;
|
||||
|
||||
octodns = pkgs.octodns.overrideAttrs (_: {
|
||||
version = "unstable-2024-10-08";
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "octodns";
|
||||
repo = "octodns";
|
||||
rev = "a1456cb1fcf00916ca06b204755834210a3ea9cf";
|
||||
sha256 = "192hbxhb0ghcbzqy3h8q194n4iy7bqfj9ra9qqjff3x2z223czxb";
|
||||
};
|
||||
});
|
||||
octodns-cloudflare = pkgs.python3Packages.callPackage (import ./octodns-cloudflare.nix) {
|
||||
inherit octodns;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,18 +1,18 @@
|
|||
{ lib
|
||||
, buildPythonPackage
|
||||
, fetchFromGitHub
|
||||
, octodns
|
||||
, pytestCheckHook
|
||||
, pythonOlder
|
||||
, dnspython
|
||||
, setuptools
|
||||
, requests
|
||||
, requests-mock
|
||||
{
|
||||
buildPythonPackage,
|
||||
fetchFromGitHub,
|
||||
octodns,
|
||||
pytestCheckHook,
|
||||
pythonOlder,
|
||||
dnspython,
|
||||
setuptools,
|
||||
requests,
|
||||
requests-mock,
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
buildPythonPackage {
|
||||
pname = "octodns-cloudflare";
|
||||
version = "unstable-2024-05-31";
|
||||
version = "unstable-2024-10-08";
|
||||
pyproject = true;
|
||||
|
||||
disabled = pythonOlder "3.8";
|
||||
|
@ -20,13 +20,11 @@ buildPythonPackage rec {
|
|||
src = fetchFromGitHub {
|
||||
owner = "octodns";
|
||||
repo = "octodns-cloudflare";
|
||||
rev = "3c01938e280767f433eb276a75d6b02c152c02af";
|
||||
sha256 = "1dnvyvf6mlpqcsrj11192li2mhqfs8w6pvaqmsy3jsqjqczmgmf5";
|
||||
rev = "61a4b404b15c0c14cb18d36b48b834490e743319";
|
||||
sha256 = "0kcih4dxgl9ihh22j6d7dbd0d1ylrjp6f60w1p5gzyini1c0a0x1";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
setuptools
|
||||
];
|
||||
nativeBuildInputs = [ setuptools ];
|
||||
|
||||
propagatedBuildInputs = [
|
||||
octodns
|
||||
|
|
Loading…
Reference in a new issue