home/nixos-servers
home/nixos-servers
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

enable IPv6 support on DNS

Browse source
This commit is contained in:
Pim Kunis 2024-01-14 15:20:32 +01:00
parent 13f0f036e9
commit b38f1c291a
6 changed files with 73 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
nixos/lab.nix
View file

@ -3,6 +3,8 @@
publicIPv4 = "192.145.57.90"; publicIPv4 = "192.145.57.90";
dockerSwarmInternalIPv4 = "192.168.30.8"; dockerSwarmInternalIPv4 = "192.168.30.8";
dmzRouterIPv4 = "192.168.30.1"; dmzRouterIPv4 = "192.168.30.1";
dmzDHCPIPv4 = "192.168.30.7"; dmzServicesIPv4 = "192.168.30.7";
# TODO: configure prefix length as well
dmzServicesIPv6 = "2a0d:6e00:1a77:30::7";
}; };
} }

6
nixos/machines/default.nix
View file

@ -24,11 +24,13 @@
hostName = "atlas.hyp"; hostName = "atlas.hyp";
nixosModule = { config, ... }: nixosModule = { config, ... }:
let inherit (config.lab.networking) dmzDHCPIPv4; in let inherit (config.lab.networking) dmzServicesIPv4 dmzServicesIPv6; in
{ {
lab = { lab = {
networking = { networking = {
staticDMZIpv4Address = "${dmzDHCPIPv4}/24"; # TODO: Ideally, we don't have to set this here.
staticDMZIPv4Address = "${dmzServicesIPv4}/24";
staticDMZIPv6Address = "${dmzServicesIPv6}/64";
dmzServices.enable = true; dmzServices.enable = true;
}; };

30
nixos/modules/networking/default.nix
View file

@ -8,15 +8,23 @@ in {
default = false; default = false;
type = lib.types.bool; type = lib.types.bool;
description = '' description = ''
Whether to create a networking interface on the DMZ bridge. Whether to allow networking on the DMZ bridge interface.
''; '';
}; };
staticDMZIpv4Address = lib.mkOption { staticDMZIPv4Address = lib.mkOption {
default = ""; default = "";
type = lib.types.str; type = lib.types.str;
description = '' description = ''
Assign a static IPv4 on the DMZ interface. Assign a static IPv4 address on the DMZ interface.
'';
};
staticDMZIPv6Address = lib.mkOption {
default = "";
type = lib.types.str;
description = ''
Assign a static IPv6 address on the DMZ interface.
''; '';
}; };
@ -41,10 +49,17 @@ in {
''; '';
}; };
dmzDHCPIPv4 = lib.mkOption { dmzServicesIPv4 = lib.mkOption {
type = lib.types.str; type = lib.types.str;
description = '' description = ''
The IPv4 address of the DHCP server on the DMZ network. The IPv4 address of the interface serving DHCP and DNS on the DMZ network.
'';
};
dmzServicesIPv6 = lib.mkOption {
type = lib.types.str;
description = ''
The IPv6 address of the interface serving DHCP and DNS on the DMZ network.
''; '';
}; };
@ -126,8 +141,9 @@ in {
networkConfig = { networkConfig = {
IPv6AcceptRA = cfg.allowDMZConnectivity; IPv6AcceptRA = cfg.allowDMZConnectivity;
LinkLocalAddressing = if cfg.allowDMZConnectivity then "ipv6" else "no"; LinkLocalAddressing = if cfg.allowDMZConnectivity then "ipv6" else "no";
DHCP = lib.mkIf (cfg.allowDMZConnectivity && cfg.staticDMZIpv4Address != "") "yes"; DHCP = lib.mkIf (cfg.allowDMZConnectivity && cfg.staticDMZIPv4Address != "") "yes";
Address = lib.mkIf (cfg.staticDMZIpv4Address != "") cfg.staticDMZIpv4Address; Address = lib.lists.optional (cfg.staticDMZIPv4Address != "") cfg.staticDMZIPv4Address
++ lib.lists.optional (cfg.staticDMZIPv6Address != "") cfg.staticDMZIPv6Address;
}; };
}; };
}; };

15
nixos/modules/networking/dmz/dnsmasq.nix
View file

@ -1,6 +1,6 @@
{ config, ... }: { config, ... }:
let let
inherit (config.lab.networking) publicIPv4 dockerSwarmInternalIPv4 dmzDHCPIPv4 dmzRouterIPv4; inherit (config.lab.networking) publicIPv4 dockerSwarmInternalIPv4 dmzServicesIPv4 dmzServicesIPv6 dmzRouterIPv4;
in in
{ {
no-resolv = true; no-resolv = true;
@ -15,11 +15,16 @@ in
log-dhcp = true; log-dhcp = true;
log-queries = true; log-queries = true;
port = "5353"; port = "5353";
host-record = [
"hermes.dmz,${dmzServicesIPv4},${dmzServicesIPv6}"
"ipv4.hermes.dmz,${dmzServicesIPv4}"
"ipv6.hermes.dmz,${dmzServicesIPv6}"
];
server = [ server = [
dmzRouterIPv4 dmzRouterIPv4
"/geokunis2.nl/${dmzDHCPIPv4}" "/geokunis2.nl/${dmzServicesIPv4}"
"/kun.is/${dmzDHCPIPv4}" "/kun.is/${dmzServicesIPv4}"
]; ];
dhcp-range = [ dhcp-range = [
@ -39,7 +44,7 @@ in
]; ];
address = [ address = [
"/ns.pizzapim.nl/ns.geokunis2.nl/${dmzDHCPIPv4}" "/ns.pizzapim.nl/ns.geokunis2.nl/${dmzServicesIPv4}"
# "/ns.pizzapim.nl/ns.geokunis2.nl/TODOIPV6" "/ns.pizzapim.nl/ns.geokunis2.nl/${dmzServicesIPv6}"
]; ];
} }

21
nixos/modules/networking/dmz/zones/geokunis2.nl.nix
View file

@ -1,7 +1,7 @@
{ config, dns, ... }: { config, dns, ... }:
with dns.lib.combinators; with dns.lib.combinators;
let let
inherit (config.lab.networking) publicIPv4; inherit (config.lab.networking) publicIPv4 dmzServicesIPv6;
in in
{ {
SOA = { SOA = {
@ -20,12 +20,25 @@ in
MX = [ (mx.mx 10 "mail.geokunis2.nl.") ]; MX = [ (mx.mx 10 "mail.geokunis2.nl.") ];
A = [ publicIPv4 ]; A = [ publicIPv4 ];
AAAA = [ dmzServicesIPv6 ];
CAA = letsEncrypt "caa@geokunis2.nl"; CAA = letsEncrypt "caa@geokunis2.nl";
subdomains = { subdomains = {
ns.A = [ publicIPv4 ];
ns1.A = [ publicIPv4 ];
ns2.A = [ publicIPv4 ];
"*".A = [ publicIPv4 ]; "*".A = [ publicIPv4 ];
ns = {
A = [ publicIPv4 ];
AAAA = [ dmzServicesIPv6 ];
};
ns1 = {
A = [ publicIPv4 ];
AAAA = [ dmzServicesIPv6 ];
};
ns2 = {
A = [ publicIPv4 ];
AAAA = [ dmzServicesIPv6 ];
};
}; };
} }

20
nixos/modules/networking/dmz/zones/kun.is.nix
View file

@ -1,7 +1,7 @@
{ config, dns, ... }: { config, dns, ... }:
with dns.lib.combinators; with dns.lib.combinators;
let let
inherit (config.lab.networking) publicIPv4; inherit (config.lab.networking) publicIPv4 dmzServicesIPv6;
in in
{ {
CAA = letsEncrypt "caa@kun.is"; CAA = letsEncrypt "caa@kun.is";
@ -22,9 +22,21 @@ in
]; ];
subdomains = { subdomains = {
ns.A = [ publicIPv4 ];
ns1.A = [ publicIPv4 ];
ns2.A = [ publicIPv4 ];
"*".A = [ publicIPv4 ]; "*".A = [ publicIPv4 ];
ns = {
A = [ publicIPv4 ];
AAAA = [ dmzServicesIPv6 ];
};
ns1 = {
A = [ publicIPv4 ];
AAAA = [ dmzServicesIPv6 ];
};
ns2 = {
A = [ publicIPv4 ];
AAAA = [ dmzServicesIPv6 ];
};
}; };
} }