prescientmoon/satellite
prescientmoon/satellite
1
Fork 0
Code Activity

Custom octodns setup!

Browse source
This commit is contained in:
prescientmoon 2024-07-08 03:06:27 +02:00
parent 9e853e9684
commit fd36e012f9
Signed by: prescientmoon
SSH key fingerprint: SHA256:UUF9JT2s8Xfyv76b8ZuVL7XrmimH4o49p4b+iexbVH4
27 changed files with 434 additions and 59 deletions

39
modules/nixos/cloudflared.nix
View file

@ -8,22 +8,44 @@ in
description = "Cloudflare tunnel id to use for the `satellite.cloudflared.at` helper";
};
domain = lib.mkOption {
description = "Root domain to use as a default for configurations.";
type = lib.types.str;
default = config.satellite.dns.domain;
};
at = lib.mkOption {
description = "List of hosts to set up ingress rules for";
default = { };
type = lib.types.attrsOf (lib.types.submodule ({ name, ... }: {
type = lib.types.attrsOf (lib.types.submodule ({ name, config, ... }: {
options = {
subdomain = lib.mkOption {
description = ''
Subdomain to use for host generation.
Only required if `host` is not set manually.
'';
type = lib.types.str;
default = name;
};
port = lib.mkOption {
type = lib.types.port;
description = "Localhost port to point the tunnel at";
type = lib.types.port;
};
host = lib.mkOption {
default = name;
type = lib.types.str;
description = "Host to direct traffic from";
type = lib.types.str;
default = "${config.subdomain}.${cfg.domain}";
};
url = lib.mkOption {
description = "External https url used to access this host";
type = lib.types.str;
};
};
config.url = "https://${config.host}";
}));
};
};
@ -34,4 +56,13 @@ in
value = "http://localhost:${toString port}";
})
cfg.at;
config.satellite.dns.records =
let mkDnsRecord = { subdomain, ... }: {
type = "CNAME";
at = subdomain;
zone = cfg.domain;
value = "${cfg.tunnel}.cfargotunnel.com.";
};
in lib.attrsets.mapAttrsToList (_: mkDnsRecord) cfg.at;
}

2
modules/nixos/default.nix
View file

@ -7,4 +7,6 @@
nginx = import ./nginx.nix;
pilot = import ./pilot.nix;
pounce = import ./pounce.nix;
dns = import ./dns.nix;
dns-assertions = import ./dns-assertions.nix;
}

17
modules/nixos/dns-assertions.nix Normal file
View file

@ -0,0 +1,17 @@
# This must only be loaded on actual Nixos, otherwise `assertions`
# won't be defined when running `evaluateModules`.
{ config, ... }:
let cfg = config.satellite.dns;
in
{
config.assertions =
let assertProperToUsage = config:
{
assertion = (config.to == null) || (config.type == "CNAME");
message = ''
The option `satellite.dns.records[*].to` can only be used with `CNAME` records.
This was not the case for ${config.type} record at ${config.at}.${config.zone}.
'';
};
in builtins.map assertProperToUsage cfg.records;
}

59
modules/nixos/dns.nix Normal file
View file

@ -0,0 +1,59 @@
{ config, pkgs, lib, ... }:
let
format = pkgs.formats.yaml { };
cfg = config.satellite.dns;
in
{
options.satellite.dns = {
domain = lib.mkOption {
description = "Default zone to include records in";
type = lib.types.str;
};
records = lib.mkOption {
description = "List of records to create";
default = [ ];
type = lib.types.listOf (lib.types.submodule ({ config, ... }: {
options = {
at = lib.mkOption {
description = "Subdomain to use for entry";
type = lib.types.nullOr lib.types.str;
};
zone = lib.mkOption {
description = "Zone this record is a part of";
type = lib.types.str;
default = cfg.domain;
};
type = lib.mkOption {
type = lib.types.enum [ "A" "AAAA" "TXT" "CNAME" "MX" ];
description = "The type of the DNS record";
};
to = lib.mkOption {
type = lib.types.nullOr lib.types.str;
description = "Shorthand for CNMAE-ing to a subdomain of the given zone";
default = null;
};
value = lib.mkOption {
type = format.type;
description = "The value assigned to the record, in octodns format";
};
ttl = lib.mkOption {
type = lib.types.int;
description = "The TTL assigned to the record";
default = 300;
};
enableCloudflareProxy = lib.mkEnableOption "proxying using cloudflare";
};
config.value = lib.mkIf (config.type == "CNAME" && config.to != null)
"${config.to}.${config.zone}.";
}));
};
};
}

27
modules/nixos/nginx.nix
View file

@ -6,24 +6,28 @@ in
domain = lib.mkOption {
description = "Root domain to use as a default for configurations.";
type = lib.types.str;
default = config.satellite.dns.domain;
};
at = lib.mkOption {
description = "Per-subdomain nginx configuration";
type = lib.types.attrsOf (lib.types.submodule ({ name, config, ... }: {
options.name = lib.mkOption {
description = "Attribute name leading to this submodule";
options.subdomain = lib.mkOption {
description = ''
Subdomain to use for host generation.
Only required if `host` is not set manually.
'';
type = lib.types.str;
default = name;
};
config.name = name;
options.host = lib.mkOption {
description = "Host to route requests from";
type = lib.types.str;
default = "${name}.${cfg.domain}";
};
config.host = "${config.subdomain}.${cfg.domain}";
options.url = lib.mkOption {
description = "External https url used to access this host";
type = lib.types.str;
@ -53,8 +57,8 @@ in
{
assertion = (config.port == null) == (config.files != null);
message = ''
Precisely one of the options 'satellite.nginx.at.${config.name}.port'
and 'satellite.nginx.at.${config.name}.files' must be specified.
Precisely one of the options 'satellite.nginx.at.${config.subdomain}.port'
and 'satellite.nginx.at.${config.subdomain}.files' must be specified.
'';
};
in lib.mapAttrsToList (_: assertSingleTarget) cfg.at;
@ -81,5 +85,14 @@ in
} // extra;
};
in lib.attrsets.mapAttrs' (_: mkNginxConfig) cfg.at;
satellite.dns.records =
let mkDnsRecord = { subdomain, ... }: {
type = "CNAME";
zone = cfg.domain;
at = subdomain;
to = config.networking.hostName;
};
in lib.attrsets.mapAttrsToList (_: mkDnsRecord) cfg.at;
};
}