depot/cluster/services/dns/default.nix

80 lines
1.8 KiB
Nix

{ config, depot, lib, ... }:
let
inherit (depot) hours;
cfg = config.services.dns;
in
{
imports = [
./options.nix
./nodes.nix
./ns-records.nix
];
links = {
dnsResolver = {
ipv4 = hours.VEGAS.interfaces.vstub.addr;
port = 53;
};
acmeDnsApi = {
hostname = "acme-dns-challenge.internal.${depot.lib.meta.domain}";
protocol = "http";
};
};
hostLinks = lib.mkMerge [
(lib.genAttrs cfg.nodes.authoritative (node: {
dnsAuthoritative = {
ipv4 = hours.${node}.interfaces.primary.addrPublic;
port = 53;
};
acmeDnsApi = {
ipv4 = config.vars.mesh.${node}.meshIp;
inherit (config.links.acmeDnsApi) port;
protocol = "http";
};
}))
(lib.genAttrs cfg.nodes.coredns (node: {
dnsResolver = {
ipv4 = config.vars.mesh.${node}.meshIp;
port = 53;
};
}))
(lib.genAttrs cfg.nodes.coredns (node: {
dnsResolverBackend = {
ipv4 = config.vars.mesh.${node}.meshIp;
};
}))
];
services.dns = {
nodes = {
authoritative = [ "VEGAS" "checkmate" "prophet" ];
coredns = [ "checkmate" "VEGAS" ];
client = [ "checkmate" "grail" "thunderskin" "VEGAS" "prophet" ];
};
nixos = {
authoritative = ./authoritative.nix;
coredns = ./coredns.nix;
client = ./client.nix;
};
simulacrum = {
enable = true;
deps = [ "consul" "acme-client" "patroni" ];
settings = ./test.nix;
};
};
patroni = {
databases.acmedns = {};
users.acmedns = {
locksmith = {
nodes = config.services.dns.nodes.authoritative;
format = "envFile";
};
};
};
dns.records = {
securedns.consulService = "securedns";
"acme-dns-challenge.internal".consulService = "acme-dns";
};
}