vcp-bula-nixfiles/hosts/dns/dns.nix

{ config, pkgs, lib, ...}:

{
  networking.firewall.interfaces.ens18.allowedUDPPorts = [ 53 ];
  networking.firewall.interfaces.ens18.allowedTCPPorts = [ 9253 9353 9453 9553 ];
  services.coredns = {
    enable = true;
    config = ''
      .:53 {
        errors
        cache {
          success 1000000
          denial 50000
          prefetch 6 10m 10%
          serve_stale
        }
        prometheus 10.42.10.8:9253
        forward . 2620:fe::fe 9.9.9.9 2620:fe::9 149.112.112.112
      }
      
      bula22.de {
        errors
        prometheus 10.42.10.8:9353
        file /etc/zones/db.bula22.de 
      }

      oncamp.lama.vcp.de {
        errors
        prometheus 10.42.10.8:9453
        file /etc/zones/db.oncamp.lama.vcp.de 
      }

      oncamp.m2yk8s.de {
        errors
        prometheus 10.42.10.8:9553
        file /etc/zones/db.oncamp.m2yk8s.de 
      }

      42.10.in-addr.arpa {
        file /etc/zones/db.42.10.in-addr.arpa.
      }
      2.4.0.0.0.1.0.0.0.0.d.f.ip6.arpa {
        file /etc/zones/db.2.4.0.0.0.1.0.0.0.0.d.f.ip6.arpa.
      }
      1.2.2.8.c.0.c.1.8.f.4.0.1.0.a.2.ip6.arpa {
        file /etc/zones/db.1.2.2.8.c.0.c.1.8.f.4.0.1.0.a.2.ip6.arpa.
      }
    '';
  };
  systemd.services.coredns.restartTriggers = [
    config.environment.etc."zones/db.bula22.de".source
    config.environment.etc."zones/db.oncamp.lama.vcp.de".source
    config.environment.etc."zones/db.oncamp.m2yk8s.de".source
    config.environment.etc."zones/db.42.10.in-addr.arpa.".source
    config.environment.etc."zones/db.2.4.0.0.0.1.0.0.0.0.d.f.ip6.arpa.".source
    config.environment.etc."zones/db.1.2.2.8.c.0.c.1.8.f.4.0.1.0.a.2.ip6.arpa.".source
  ];
  environment = {
    etc = {
      "zones/db.bula22.de".source = ./zones/db.bula22.de;
      "zones/db.oncamp.lama.vcp.de".source = ./zones/db.oncamp.lama.vcp.de;
      "zones/db.oncamp.m2yk8s.de".source = ./zones/db.oncamp.m2yk8s.de;
      "zones/db.42.10.in-addr.arpa.".source = ./zones/db.42.10.in-addr.arpa.;
      "zones/db.2.4.0.0.0.1.0.0.0.0.d.f.ip6.arpa.".source = ./zones/db.2.4.0.0.0.1.0.0.0.0.d.f.ip6.arpa.;
      "zones/db.1.2.2.8.c.0.c.1.8.f.4.0.1.0.a.2.ip6.arpa.".source = ./zones/db.1.2.2.8.c.0.c.1.8.f.4.0.1.0.a.2.ip6.arpa.;
    };
  };
}
#
add dns server 2022-07-14 21:04:08 +02:00			`{ config, pkgs, lib, ...}:`

			`{`
dns: add hw config, set dns server as default, fix firewall rule 2022-07-14 22:15:55 +02:00			`networking.firewall.interfaces.ens18.allowedUDPPorts = [ 53 ];`
dns: allow more prometheus ports 2022-07-27 10:02:24 +02:00			`networking.firewall.interfaces.ens18.allowedTCPPorts = [ 9253 9353 9453 9553 ];`
add dns server 2022-07-14 21:04:08 +02:00			`services.coredns = {`
			`enable = true;`
			`config = ''`
			`.:53 {`
dns: add prometheus exporter 2022-07-15 10:06:48 +02:00			`errors`
dns: tune cache 2022-07-24 15:27:51 +02:00			`cache {`
			`success 1000000`
			`denial 50000`
			`prefetch 6 10m 10%`
			`serve_stale`
			`}`
dns: add prometheus exporter 2022-07-15 10:06:48 +02:00			`prometheus 10.42.10.8:9253`
dns: fix lama records 2022-07-25 21:28:17 +02:00			`forward . 2620:fe::fe 9.9.9.9 2620:fe::9 149.112.112.112`
dns: forward to quad9, add bul22.de zonefiles 2022-07-15 10:34:35 +02:00			`}`

			`bula22.de {`
			`errors`
			`prometheus 10.42.10.8:9353`
			`file /etc/zones/db.bula22.de`
dns: fix reverse dns 2022-07-17 18:20:14 +02:00			`}`
dns: tune cache 2022-07-24 15:27:51 +02:00
dns: add lama zone configs 2022-07-25 19:13:17 +02:00			`oncamp.lama.vcp.de {`
			`errors`
			`prometheus 10.42.10.8:9453`
			`file /etc/zones/db.oncamp.lama.vcp.de`
			`}`

			`oncamp.m2yk8s.de {`
			`errors`
			`prometheus 10.42.10.8:9553`
			`file /etc/zones/db.oncamp.m2yk8s.de`
			`}`

dns: fix reverse dns 2022-07-17 18:20:14 +02:00			`42.10.in-addr.arpa {`
			`file /etc/zones/db.42.10.in-addr.arpa.`
			`}`
			`2.4.0.0.0.1.0.0.0.0.d.f.ip6.arpa {`
dns: add zonefiles to environment 2022-07-17 13:19:13 +02:00			`file /etc/zones/db.2.4.0.0.0.1.0.0.0.0.d.f.ip6.arpa.`
dns: fix reverse dns 2022-07-17 18:20:14 +02:00			`}`
			`1.2.2.8.c.0.c.1.8.f.4.0.1.0.a.2.ip6.arpa {`
			`file /etc/zones/db.1.2.2.8.c.0.c.1.8.f.4.0.1.0.a.2.ip6.arpa.`
add dns server 2022-07-14 21:04:08 +02:00			`}`
			`'';`
			`};`
add restart triggers to coredns and prometheus 2022-07-24 17:15:18 +02:00			`systemd.services.coredns.restartTriggers = [`
			`config.environment.etc."zones/db.bula22.de".source`
dns: add lama zone configs 2022-07-25 19:13:17 +02:00			`config.environment.etc."zones/db.oncamp.lama.vcp.de".source`
			`config.environment.etc."zones/db.oncamp.m2yk8s.de".source`
add restart triggers to coredns and prometheus 2022-07-24 17:15:18 +02:00			`config.environment.etc."zones/db.42.10.in-addr.arpa.".source`
			`config.environment.etc."zones/db.2.4.0.0.0.1.0.0.0.0.d.f.ip6.arpa.".source`
			`config.environment.etc."zones/db.1.2.2.8.c.0.c.1.8.f.4.0.1.0.a.2.ip6.arpa.".source`
			`];`
dns: add zonefiles to environment 2022-07-17 13:19:13 +02:00			`environment = {`
add restart triggers to coredns and prometheus 2022-07-24 17:15:18 +02:00			`etc = {`
			`"zones/db.bula22.de".source = ./zones/db.bula22.de;`
dns: add lama zone configs 2022-07-25 19:13:17 +02:00			`"zones/db.oncamp.lama.vcp.de".source = ./zones/db.oncamp.lama.vcp.de;`
			`"zones/db.oncamp.m2yk8s.de".source = ./zones/db.oncamp.m2yk8s.de;`
add restart triggers to coredns and prometheus 2022-07-24 17:15:18 +02:00			`"zones/db.42.10.in-addr.arpa.".source = ./zones/db.42.10.in-addr.arpa.;`
			`"zones/db.2.4.0.0.0.1.0.0.0.0.d.f.ip6.arpa.".source = ./zones/db.2.4.0.0.0.1.0.0.0.0.d.f.ip6.arpa.;`
			`"zones/db.1.2.2.8.c.0.c.1.8.f.4.0.1.0.a.2.ip6.arpa.".source = ./zones/db.1.2.2.8.c.0.c.1.8.f.4.0.1.0.a.2.ip6.arpa.;`
dns: add zonefiles to environment 2022-07-17 13:19:13 +02:00			`};`
add restart triggers to coredns and prometheus 2022-07-24 17:15:18 +02:00			`};`
dns: add lama zone configs 2022-07-25 19:13:17 +02:00			`}`
			`#`