X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fdns.nix;h=8fc40454b78b3bd4df6196c4071ded05d923485e;hb=776aa3603903616702b8bc1d9e955d3a6da9ee1e;hp=7c59b43a0463568ad38f11d06fd081aa5b53b0b1;hpb=11c2119f776263b103721302fdd3f2ba8c985bc1;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/dns.nix b/modules/private/dns.nix
index 7c59b43..8fc4045 100644
--- a/modules/private/dns.nix
+++ b/modules/private/dns.nix
@@ -10,7 +10,7 @@
         ) listOfAttrs
       ) [{}] (attrNames attrsOfLists);
     cfg = config.services.bind;
-    keyIncludes = builtins.concatStringsSep "\n" (map (v: "include \"/var/secrets/bind/${v}.key\";") (builtins.attrNames config.myEnv.dns.keys));
+    keyIncludes = builtins.concatStringsSep "\n" (map (v: "include \"${config.secrets.fullPaths."bind/${v}.key"}\";") (builtins.attrNames config.myEnv.dns.keys));
     cartProduct = lib.foldr
       (s: servers: servers // { ${s.masters} = lib.unique ((servers.${s.masters} or []) ++ [s.keys]); })
       {}
@@ -48,7 +48,7 @@
       ${cfg.extraConfig}
 
       ${ lib.concatMapStrings
-          ({ name, file, master ? true, extra ? "", slaves ? [], masters ? [] }:
+          ({ name, file, master ? true, extraConfig ? "", slaves ? [], masters ? [] }:
             ''
               zone "${name}" {
                 type ${if master then "master" else "slave"};
@@ -66,16 +66,16 @@
                     };
                   '' else ""}
                 allow-query { any; };
-                ${extra}
+                ${extraConfig}
               };
             '')
-          cfg.zones }
+          (builtins.attrValues cfg.zones) }
     '';
     mxes = lib.attrsets.filterAttrs
       (n: v: v.mx.enable)
       config.myEnv.servers;
     ip4mxes = builtins.concatStringsSep "\n" (lib.mapAttrsToList
-      (n: v: "${v.mx.subdomain} IN A     ${v.ips.main.ip4}")
+      (n: v: builtins.concatStringsSep "\n" (map (i: "${v.mx.subdomain} IN A     ${i}") v.ips.main.ip4))
       mxes);
     ip6mxes = builtins.concatStringsSep "\n" (lib.mapAttrsToList
       (n: v: builtins.concatStringsSep "\n" (map (i: "${v.mx.subdomain} IN AAAA  ${i}") v.ips.main.ip6))
@@ -84,12 +84,31 @@
       (_: v: "${n} IN MX ${v.mx.priority} ${v.mx.subdomain}.${conf.name}.")
       mxes);
   in lib.mkIf config.myServices.dns.enable {
+    myServices.chatonsProperties.hostings.dns-secondaire = {
+      file.datetime = "2022-08-22T02:00:00";
+      hosting = {
+        name = "DNS secondaire";
+        description = "DNS secondaire";
+        website = "ns1.immae.eu";
+        status.level = "OK";
+        status.description = "OK";
+        registration.load = "OPEN";
+        install.type = "PACKAGE";
+      };
+      software = {
+        name = "bind9";
+        website = pkgs.bind.meta.homepage;
+        license.url = pkgs.bind.meta.license.url;
+        license.name = pkgs.bind.meta.license.fullName;
+        version = pkgs.bind.version;
+        source.url = "https://www.isc.org/download/";
+      };
+    };
     networking.firewall.allowedUDPPorts = [ 53 ];
     networking.firewall.allowedTCPPorts = [ 53 ];
     users.users.named.extraGroups = [ "keys" ];
-    secrets.keys = lib.mapAttrsToList (k: v:
-      {
-        dest = "bind/${k}.key";
+    secrets.keys = lib.mapAttrs' (k: v:
+      lib.nameValuePair "bind/${k}.key" {
         permissions = "0400";
         user = "named";
         text = ''
@@ -109,7 +128,7 @@
         allow-recursion { 127.0.0.1; };
         allow-transfer  { none; };
 
-        notify-source    ${config.myEnv.servers.eldiron.ips.main.ip4};
+        notify-source    ${lib.head config.myEnv.servers.eldiron.ips.main.ip4};
         notify-source-v6 ${lib.head config.myEnv.servers.eldiron.ips.main.ip6};
         version   none;
         hostname  none;
@@ -125,11 +144,13 @@
           masters = if lib.attrsets.hasAttr "masters" conf
             then lib.lists.flatten (map (n: lib.attrsets.attrValues ns.${n}) conf.masters)
             else [];
+          slaves = [];
         }) slaveZones)
         ++ (map (conf: {
           name = conf.name;
           master = true;
-          extra = if lib.attrsets.hasAttr "extra" conf then conf.extra else "";
+          extraConfig = if lib.attrsets.hasAttr "extra" conf then conf.extra else "";
+          masters = [];
           slaves = if lib.attrsets.hasAttr "slaves" conf
             then lib.lists.flatten (map (n: lib.attrsets.attrValues ns.${n}) conf.slaves)
             else [];
@@ -170,7 +191,7 @@
               ; https://support.google.com/a/answer/9261504
               _mta-sts${suffix}   IN TXT  "v=STSv1;id=20200109150200Z"
               _smtp._tls${suffix} IN TXT  "v=TLSRPTv1;rua=mailto:postmaster+mta-sts@immae.eu"
-              mta-sts${suffix}    IN A    ${config.myEnv.servers.eldiron.ips.main.ip4}
+              ${builtins.concatStringsSep "\n" (map (i: "mta-sts${suffix}    IN A    ${i}") config.myEnv.servers.eldiron.ips.main.ip4)}
               ${builtins.concatStringsSep "\n" (map (i: "mta-sts${suffix}    IN AAAA ${i}") config.myEnv.servers.eldiron.ips.main.ip6)}
 
               ; Mail sender authentications