diff --git a/hosts/servo/services/trust-dns.nix b/hosts/servo/services/trust-dns.nix index a39455d9b..1f1f1b7c3 100644 --- a/hosts/servo/services/trust-dns.nix +++ b/hosts/servo/services/trust-dns.nix @@ -11,22 +11,23 @@ ]; sane.services.trust-dns.zones."uninsane.org".TTL = 900; - sane.services.trust-dns.zones."uninsane.org".SOA = '' - ; SOA record structure: - ; SOA MNAME RNAME (... rest) - ; MNAME = Master name server for this zone. this is where update requests should be sent. - ; RNAME = admin contact (encoded email address) - ; Serial = YYYYMMDDNN, where N is incremented every time this file changes, to trigger secondary NS to re-fetch it. - ; Refresh = how frequently secondary NS should query master - ; Retry = how long secondary NS should wait until re-querying master after a failure (must be < Refresh) - ; Expire = how long secondary NS should continue to reply to queries after master fails (> Refresh + Retry) - @ IN SOA ns1.uninsane.org. admin-dns.uninsane.org. ( + + # SOA record structure: + # SOA MNAME RNAME (... rest) + # MNAME = Master name server for this zone. this is where update requests should be sent. + # RNAME = admin contact (encoded email address) + # Serial = YYYYMMDDNN, where N is incremented every time this file changes, to trigger secondary NS to re-fetch it. + # Refresh = how frequently secondary NS should query master + # Retry = how long secondary NS should wait until re-querying master after a failure (must be < Refresh) + # Expire = how long secondary NS should continue to reply to queries after master fails (> Refresh + Retry) + sane.services.trust-dns.zones."uninsane.org".inet.SOA."@" = ['' + ns1.uninsane.org. admin-dns.uninsane.org. ( 2022121601 ; Serial 4h ; Refresh 30m ; Retry 7d ; Expire 5m) ; Negative response TTL - ''; + '']; sane.services.trust-dns.zones."uninsane.org".extraConfig = '' rev TXT "2022121601" diff --git a/modules/services/trust-dns.nix b/modules/services/trust-dns.nix index 4cca385e5..4fe75f538 100644 --- a/modules/services/trust-dns.nix +++ b/modules/services/trust-dns.nix @@ -4,7 +4,22 @@ with lib; let cfg = config.sane.services.trust-dns; toml = pkgs.formats.toml { }; - configFile = toml.generate "trust-dns.toml" { + fmtRecord = proto: rrtype: name: value: "${name}\t${proto}\t${rrtype}\t${value}"; + fmtRecordList = proto: rrtype: name: values: concatStringsSep + "\n" + (map (fmtRecord proto rrtype name) values) + ; + fmtRecordAttrs = proto: rrtype: rrAttrs: + concatStringsSep + "\n" + ( + attrValues ( + mapAttrs + (name: fmtRecordList proto rrtype name) + rrAttrs + ) + ); + configFile = toml.generate "trust-dns.toml" { listen_addrs_ipv4 = cfg.listenAddrsIPv4; zones = attrValues ( mapAttrs (zone: zcfg: { @@ -12,7 +27,7 @@ let zone_type = "Primary"; file = pkgs.writeText "${zone}.zone" ('' $TTL ${toString zcfg.TTL} - ${zcfg.SOA} + ${fmtRecordAttrs "IN" "SOA" zcfg.inet.SOA} '' + zcfg.extraConfig); }) cfg.zones ); @@ -39,15 +54,17 @@ in default = 3600; description = "default TTL"; }; - SOA = mkOption { - type = types.str; - description = "Start of Authority record"; - }; extraConfig = mkOption { type = types.lines; default = ""; description = "extra lines to append to the zone file"; }; + inet = { + SOA = mkOption { + type = types.attrsOf (types.listOf types.str); + description = "Start of Authority record"; + }; + }; }; }); default = {};