cluster/services/dns: implement basic declarative dns

2023-11-02 23:11:13 +01:00 · 2023-11-02 23:11:13 +01:00 · 6102a4ccca
commit 6102a4ccca
parent b24e82be3f
3 changed files with 67 additions and 1 deletions
--- a/cluster/services/dns/authoritative.nix
+++ b/cluster/services/dns/authoritative.nix
@ -1,4 +1,4 @@
-{ cluster, config, depot, lib, ... }:
+{ cluster, config, depot, lib, pkgs, ... }:

 let
  inherit (depot.reflection) interfaces;
@ -16,6 +16,12 @@ let
  translateConfig = cfg: let
    configList = lib.mapAttrsToList (n: v: "${n}=${v}") cfg;
  in lib.concatStringsSep "\n" configList;
+
+  rewriteRecords = lib.filterAttrs (_: record: record.rewriteTarget != null) cluster.config.dns.records;
+
+  rewrites = lib.mapAttrsToList (_: record: "rewrite stop name exact ${record.name}.${record.root}. ${record.rewriteTarget}.") rewriteRecords;
+
+  rewriteConf = pkgs.writeText "coredns-rewrites.conf" (lib.concatStringsSep "\n" rewrites);
 in {
  links.localAuthoritativeDNS = {};

@ -64,6 +70,7 @@ in {
        }
        forward service.eu-central.sd-magic.${domain} 127.0.0.1:8600
        forward addr.eu-central.sd-magic.${domain} 127.0.0.1:8600
+        import ${rewriteConf}
        forward . ${config.links.localAuthoritativeDNS.tuple} ${otherDnsServers} {
          policy sequential
        }
--- a/cluster/services/dns/default.nix
+++ b/cluster/services/dns/default.nix
@ -5,6 +5,10 @@ let
  cfg = config.services.dns;
 in
 {
+  imports = [
+    ./options.nix
+  ];
+
  vars.pdns-api-key-secret = {
    file = ./pdns-api-key.age;
    mode = "0400";
--- a/cluster/services/dns/options.nix
+++ b/cluster/services/dns/options.nix
@ -0,0 +1,55 @@
+{ depot, lib, ... }:
+
+with lib;
+
+let
+  recordType = types.submodule ({ config, name, ... }: {
+    options = {
+      root = mkOption {
+        type = types.str;
+        default = depot.lib.meta.domain;
+      };
+      consulServicesRoot = mkOption {
+        type = types.str;
+        default = "service.eu-central.sd-magic.${depot.lib.meta.domain}";
+      };
+      name = mkOption {
+        type = types.str;
+        default = name;
+      };
+
+      type = mkOption {
+        type = types.enum [ "A" "CNAME" "AAAA" "NS" "MX" "SOA" ];
+        default = "A";
+      };
+      target = mkOption {
+        type = with types; listOf str;
+      };
+      ttl = mkOption {
+        type = types.ints.unsigned;
+        default = 86400;
+      };
+
+      consulService = mkOption {
+        type = with types; nullOr str;
+        default = null;
+      };
+      rewriteTarget = mkOption {
+        type = with types; nullOr str;
+        default = null;
+      };
+    };
+    config = {
+      rewriteTarget = mkIf (config.consulService != null) "${config.consulService}.${config.consulServicesRoot}";
+    };
+  });
+in
+
+{
+  options.dns = {
+    records = mkOption {
+      type = with types; attrsOf recordType;
+      default = {};
+    };
+  };
+}