depot/cluster/services/dns/default.nix

{ config, depot, lib, ... }:

let
  inherit (depot) hours;
  cfg = config.services.dns;
in
{
  imports = [
    ./options.nix
    ./nodes.nix
    ./ns-records.nix
  ];

  links = {
    dnsResolver = {
      ipv4 = hours.VEGAS.interfaces.vstub.addr;
      port = 53;
    };
    acmeDnsApi = {
      hostname = "acme-dns-challenge.internal.${depot.lib.meta.domain}";
      protocol = "http";
    };
  };
  hostLinks = lib.mkMerge [
    (lib.genAttrs cfg.nodes.authoritative (node: {
      dnsAuthoritative = {
        ipv4 = hours.${node}.interfaces.primary.addrPublic;
        port = 53;
      };
      acmeDnsApi = {
        ipv4 = config.vars.mesh.${node}.meshIp;
        inherit (config.links.acmeDnsApi) port;
        protocol = "http";
      };
    }))
    (lib.genAttrs cfg.nodes.coredns (node: {
      dnsResolver = {
        ipv4 = config.vars.mesh.${node}.meshIp;
        port = 53;
      };
    }))
    (lib.genAttrs cfg.nodes.coredns (node: {
      dnsResolverBackend = {
        ipv4 = config.vars.mesh.${node}.meshIp;
      };
    }))
  ];
  services.dns = {
    nodes = {
      authoritative = [ "VEGAS" "checkmate" "prophet" ];
      coredns = [ "checkmate" "VEGAS" ];
      client = [ "checkmate" "grail" "thunderskin" "VEGAS" "prophet" ];
    };
    nixos = {
      authoritative = ./authoritative.nix;
      coredns = ./coredns.nix;
      client = ./client.nix;
    };
    simulacrum = {
      enable = true;
      deps = [ "consul" "acme-client" "patroni" ];
      settings = ./test.nix;
    };
  };

  patroni = {
    databases.acmedns = {};
    users.acmedns = {
      locksmith = {
        nodes = config.services.dns.nodes.authoritative;
        format = "envFile";
      };
    };
  };

  dns.records = {
    securedns.consulService = "securedns";
    "acme-dns-challenge.internal".consulService = "acme-dns";
  };
}
cluster/services/dns: improve resiliency 2023-03-23 00:00:29 +02:00			`{ config, depot, lib, ... }:`
cluster/services/dns: init 2022-08-07 20:58:37 +03:00
			`let`
treewide: massive refactor 2023-08-31 01:55:45 +03:00			`inherit (depot) hours;`
cluster/services/dns: improve resiliency 2023-03-23 00:00:29 +02:00			`cfg = config.services.dns;`
cluster/services/dns: init 2022-08-07 20:58:37 +03:00			`in`
			`{`
cluster/services/dns: implement basic declarative dns 2023-11-03 00:11:13 +02:00			`imports = [`
			`./options.nix`
cluster/services/dns: create dns records for machines 2023-12-03 17:32:00 +02:00			`./nodes.nix`
cluster/services/dns: add nameserver records 2023-12-03 18:29:27 +02:00			`./ns-records.nix`
cluster/services/dns: implement basic declarative dns 2023-11-03 00:11:13 +02:00			`];`

cluster/services/dns: init 2022-08-07 20:58:37 +03:00			`links = {`
			`dnsResolver = {`
cluster: use new hosts style 2023-03-07 02:26:07 +02:00			`ipv4 = hours.VEGAS.interfaces.vstub.addr;`
cluster/services/dns: init 2022-08-07 20:58:37 +03:00			`port = 53;`
			`};`
cluster/services/dns: switch to acme-dns, host static records 2023-12-03 17:30:16 +02:00			`acmeDnsApi = {`
			`hostname = "acme-dns-challenge.internal.${depot.lib.meta.domain}";`
cluster/services/dns: init 2022-08-07 20:58:37 +03:00			`protocol = "http";`
			`};`
			`};`
cluster/services/dns: improve resiliency 2023-03-23 00:00:29 +02:00			`hostLinks = lib.mkMerge [`
cluster/services/dns: switch to acme-dns, host static records 2023-12-03 17:30:16 +02:00			`(lib.genAttrs cfg.nodes.authoritative (node: {`
cluster/services/dns: improve resiliency 2023-03-23 00:00:29 +02:00			`dnsAuthoritative = {`
			`ipv4 = hours.${node}.interfaces.primary.addrPublic;`
			`port = 53;`
			`};`
cluster/services/dns: switch to acme-dns, host static records 2023-12-03 17:30:16 +02:00			`acmeDnsApi = {`
			`ipv4 = config.vars.mesh.${node}.meshIp;`
			`inherit (config.links.acmeDnsApi) port;`
			`protocol = "http";`
			`};`
cluster/services/dns: improve resiliency 2023-03-23 00:00:29 +02:00			`}))`
			`(lib.genAttrs cfg.nodes.coredns (node: {`
			`dnsResolver = {`
			`ipv4 = config.vars.mesh.${node}.meshIp;`
			`port = 53;`
			`};`
			`}))`
			`(lib.genAttrs cfg.nodes.coredns (node: {`
			`dnsResolverBackend = {`
			`ipv4 = config.vars.mesh.${node}.meshIp;`
			`};`
			`}))`
			`];`
cluster/services/dns: init 2022-08-07 20:58:37 +03:00			`services.dns = {`
			`nodes = {`
cluster/services/dns: switch to acme-dns, host static records 2023-12-03 17:30:16 +02:00			`authoritative = [ "VEGAS" "checkmate" "prophet" ];`
cluster/services/dns: improve resiliency 2023-03-23 00:00:29 +02:00			`coredns = [ "checkmate" "VEGAS" ];`
cluster/services/dns: add grail to clients 2023-11-04 02:07:35 +02:00			`client = [ "checkmate" "grail" "thunderskin" "VEGAS" "prophet" ];`
cluster/services/dns: init 2022-08-07 20:58:37 +03:00			`};`
			`nixos = {`
cluster/services/dns: switch to acme-dns, host static records 2023-12-03 17:30:16 +02:00			`authoritative = ./authoritative.nix;`
cluster/services/dns: init 2022-08-07 20:58:37 +03:00			`coredns = ./coredns.nix;`
cluster/services/dns: add resolver client config 2022-08-07 21:01:27 +03:00			`client = ./client.nix;`
cluster/services/dns: init 2022-08-07 20:58:37 +03:00			`};`
cluster/services/dns: test in simulacrum 2024-08-16 03:16:28 +03:00			`simulacrum = {`
			`enable = true;`
			`deps = [ "consul" "acme-client" "patroni" ];`
			`settings = ./test.nix;`
			`};`
cluster/services/dns: init 2022-08-07 20:58:37 +03:00			`};`
cluster/services/dns: add dns records 2023-11-03 00:21:22 +02:00
cluster/services/dns: use patroni incandescence 2024-08-10 14:06:59 +03:00			`patroni = {`
			`databases.acmedns = {};`
			`users.acmedns = {`
			`locksmith = {`
			`nodes = config.services.dns.nodes.authoritative;`
			`format = "envFile";`
			`};`
			`};`
			`};`

cluster/services/dns: switch to acme-dns, host static records 2023-12-03 17:30:16 +02:00			`dns.records = {`
			`securedns.consulService = "securedns";`
			`"acme-dns-challenge.internal".consulService = "acme-dns";`
			`};`
cluster/services/dns: init 2022-08-07 20:58:37 +03:00			`}`