enable IPv6 support on DNS

nixos/lab.nix

@@ -3,6 +3,8 @@
     publicIPv4 = "192.145.57.90";
     dockerSwarmInternalIPv4 = "192.168.30.8";
     dmzRouterIPv4 = "192.168.30.1";
-    dmzDHCPIPv4 = "192.168.30.7";
+    dmzServicesIPv4 = "192.168.30.7";
+    # TODO: configure prefix length as well
+    dmzServicesIPv6 = "2a0d:6e00:1a77:30::7";
   };
 }

nixos/machines/default.nix

@@ -24,11 +24,13 @@
     hostName = "atlas.hyp";
 
     nixosModule = { config, ... }:
-      let inherit (config.lab.networking) dmzDHCPIPv4; in
+      let inherit (config.lab.networking) dmzServicesIPv4 dmzServicesIPv6; in
       {
         lab = {
           networking = {
-            staticDMZIpv4Address = "${dmzDHCPIPv4}/24";
+            # TODO: Ideally, we don't have to set this here.
+            staticDMZIPv4Address = "${dmzServicesIPv4}/24";
+            staticDMZIPv6Address = "${dmzServicesIPv6}/64";
             dmzServices.enable = true;
           };
 

nixos/modules/networking/default.nix

@@ -8,15 +8,23 @@ in {
       default = false;
       type = lib.types.bool;
       description = ''
-        Whether to create a networking interface on the DMZ bridge.
+        Whether to allow networking on the DMZ bridge interface.
       '';
     };
 
-    staticDMZIpv4Address = lib.mkOption {
+    staticDMZIPv4Address = lib.mkOption {
       default = "";
       type = lib.types.str;
       description = ''
-        Assign a static IPv4 on the DMZ interface.
+        Assign a static IPv4 address on the DMZ interface.
+      '';
+    };
+
+    staticDMZIPv6Address = lib.mkOption {
+      default = "";
+      type = lib.types.str;
+      description = ''
+        Assign a static IPv6 address on the DMZ interface.
       '';
     };
 
@@ -41,10 +49,17 @@ in {
       '';
     };
 
-    dmzDHCPIPv4 = lib.mkOption {
+    dmzServicesIPv4 = lib.mkOption {
       type = lib.types.str;
       description = ''
-        The IPv4 address of the DHCP server on the DMZ network.
+        The IPv4 address of the interface serving DHCP and DNS on the DMZ network.
+      '';
+    };
+
+    dmzServicesIPv6 = lib.mkOption {
+      type = lib.types.str;
+      description = ''
+        The IPv6 address of the interface serving DHCP and DNS on the DMZ network.
       '';
     };
 
@@ -126,8 +141,9 @@ in {
           networkConfig = {
             IPv6AcceptRA = cfg.allowDMZConnectivity;
             LinkLocalAddressing = if cfg.allowDMZConnectivity then "ipv6" else "no";
-            DHCP = lib.mkIf (cfg.allowDMZConnectivity && cfg.staticDMZIpv4Address != "") "yes";
+            DHCP = lib.mkIf (cfg.allowDMZConnectivity && cfg.staticDMZIPv4Address != "") "yes";
-            Address = lib.mkIf (cfg.staticDMZIpv4Address != "") cfg.staticDMZIpv4Address;
+            Address = lib.lists.optional (cfg.staticDMZIPv4Address != "") cfg.staticDMZIPv4Address
+              ++ lib.lists.optional (cfg.staticDMZIPv6Address != "") cfg.staticDMZIPv6Address;
           };
         };
       };

nixos/modules/networking/dmz/dnsmasq.nix

@@ -1,6 +1,6 @@
 { config, ... }:
 let
-  inherit (config.lab.networking) publicIPv4 dockerSwarmInternalIPv4 dmzDHCPIPv4 dmzRouterIPv4;
+  inherit (config.lab.networking) publicIPv4 dockerSwarmInternalIPv4 dmzServicesIPv4 dmzServicesIPv6 dmzRouterIPv4;
 in
 {
   no-resolv = true;
@@ -15,11 +15,16 @@ in
   log-dhcp = true;
   log-queries = true;
   port = "5353";
+  host-record = [
+    "hermes.dmz,${dmzServicesIPv4},${dmzServicesIPv6}"
+    "ipv4.hermes.dmz,${dmzServicesIPv4}"
+    "ipv6.hermes.dmz,${dmzServicesIPv6}"
+  ];
 
   server = [
     dmzRouterIPv4
-    "/geokunis2.nl/${dmzDHCPIPv4}"
+    "/geokunis2.nl/${dmzServicesIPv4}"
-    "/kun.is/${dmzDHCPIPv4}"
+    "/kun.is/${dmzServicesIPv4}"
   ];
 
   dhcp-range = [
@@ -39,7 +44,7 @@ in
   ];
 
   address = [
-    "/ns.pizzapim.nl/ns.geokunis2.nl/${dmzDHCPIPv4}"
+    "/ns.pizzapim.nl/ns.geokunis2.nl/${dmzServicesIPv4}"
-    # "/ns.pizzapim.nl/ns.geokunis2.nl/TODOIPV6"
+    "/ns.pizzapim.nl/ns.geokunis2.nl/${dmzServicesIPv6}"
   ];
 }

nixos/modules/networking/dmz/zones/geokunis2.nl.nix

@@ -1,7 +1,7 @@
 { config, dns, ... }:
 with dns.lib.combinators;
 let
-  inherit (config.lab.networking) publicIPv4;
+  inherit (config.lab.networking) publicIPv4 dmzServicesIPv6;
 in
 {
   SOA = {
@@ -20,12 +20,25 @@ in
   MX = [ (mx.mx 10 "mail.geokunis2.nl.") ];
 
   A = [ publicIPv4 ];
+  AAAA = [ dmzServicesIPv6 ];
   CAA = letsEncrypt "caa@geokunis2.nl";
 
   subdomains = {
-    ns.A = [ publicIPv4 ];
-    ns1.A = [ publicIPv4 ];
-    ns2.A = [ publicIPv4 ];
     "*".A = [ publicIPv4 ];
+
+    ns = {
+      A = [ publicIPv4 ];
+      AAAA = [ dmzServicesIPv6 ];
+    };
+
+    ns1 = {
+      A = [ publicIPv4 ];
+      AAAA = [ dmzServicesIPv6 ];
+    };
+
+    ns2 = {
+      A = [ publicIPv4 ];
+      AAAA = [ dmzServicesIPv6 ];
+    };
   };
 }

nixos/modules/networking/dmz/zones/kun.is.nix

@@ -1,7 +1,7 @@
 { config, dns, ... }:
 with dns.lib.combinators;
 let
-  inherit (config.lab.networking) publicIPv4;
+  inherit (config.lab.networking) publicIPv4 dmzServicesIPv6;
 in
 {
   CAA = letsEncrypt "caa@kun.is";
@@ -22,9 +22,21 @@ in
   ];
 
   subdomains = {
-    ns.A = [ publicIPv4 ];
-    ns1.A = [ publicIPv4 ];
-    ns2.A = [ publicIPv4 ];
     "*".A = [ publicIPv4 ];
+
+    ns = {
+      A = [ publicIPv4 ];
+      AAAA = [ dmzServicesIPv6 ];
+    };
+
+    ns1 = {
+      A = [ publicIPv4 ];
+      AAAA = [ dmzServicesIPv6 ];
+    };
+
+    ns2 = {
+      A = [ publicIPv4 ];
+      AAAA = [ dmzServicesIPv6 ];
+    };
   };
 }