🔍 coredns updates

2021-07-09 22:59:33 -04:00 · 2021-07-09 22:59:33 -04:00 · 385a8793b0
commit 385a8793b0
parent baf07fe418
4 changed files with 47 additions and 25 deletions
--- a/hosts/plato/configuration.nix
+++ b/hosts/plato/configuration.nix
@ -27,8 +27,6 @@ in {
  networking.useDHCP = false;
  networking.interfaces.enp10s0.useDHCP = true;
  networking.interfaces.enp9s0.useDHCP = true;
-  networking.nameservers = [ "100.111.208.75" "1.1.1.1" ];
-  networking.search = [ "walkah.lab" ];

  security.sudo.wheelNeedsPassword = false;

@ -82,6 +80,8 @@ in {
  # Or disable the firewall altogether.
  networking.firewall.enable = false;

+  walkah.coredns = { enable = true; };
+
  services = {
    grafana = {
      enable = true;
@ -136,6 +136,4 @@ in {
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "20.09"; # Did you read the comment?
-
 }
-
--- a/hosts/socrates/configuration.nix
+++ b/hosts/socrates/configuration.nix
@ -9,6 +9,7 @@ in {
    ./networking.nix # generated at runtime by nixos-infect
    <home-manager/nixos>

+    ../../modules/coredns
    ../../modules/matrix/nginx.nix
  ];

@ -20,8 +21,6 @@ in {
  networking.hostName = "socrates";
  networking.firewall.allowPing = true;
  networking.firewall.allowedTCPPorts = [ 80 443 ];
-  networking.nameservers = [ "100.111.208.75" "1.1.1.1" ];
-  networking.search = [ "walkah.lab" ];

  security.sudo.wheelNeedsPassword = false;

@ -50,6 +49,11 @@ in {
  security.acme.acceptTerms = true;
  security.acme.email = "walkah@walkah.net";

+  walkah.coredns = {
+    enable = true;
+    addr = "100.103.57.96";
+  };
+
  services = {
    nginx = {
      enable = true;
--- a/modules/coredns/default.nix
+++ b/modules/coredns/default.nix
@ -1,23 +1,43 @@
 { config, lib, pkgs, ... }:
+with lib;

-{
-  services.coredns = {
-    enable = true;
-    config = ''
-      . {
-        log
-        errors
-        cache
-        dnssec
-        prometheus 0.0.0.0:9153
-        forward . tls://1.1.1.1 tls://1.0.0.1 {
-          tls_servername cloudflare-dns.com
+let cfg = config.walkah.coredns;
+in {
+  options.walkah.coredns = {
+    enable = mkEnableOption "";
+    addr = mkOption {
+      type = types.str;
+      default = "0.0.0.0";
+      example = "192.168.6.1";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.coredns = {
+      enable = true;
+      config = ''
+        . {
+          bind ${cfg.addr}
+          prometheus ${cfg.addr}:9153
+          log
+          errors
+          cache
+          dnssec
+          forward . tls://1.1.1.1 tls://1.0.0.1 {
+            tls_servername cloudflare-dns.com
+          }
        }
-      }

-      walkah.lab {
-        file ${./walkah.lab.zone}
-      }
-    '';
+        walkah.lab {
+          bind ${cfg.addr}
+          file ${./walkah.lab.zone}
+        }
+      '';
+    };
+
+    networking = {
+      nameservers = [ "100.111.208.75" "100.103.57.96" ];
+      search = [ "walkah.lab" ];
+    };
  };
 }
--- a/modules/coredns/walkah.lab.zone
+++ b/modules/coredns/walkah.lab.zone
@ -1,6 +1,6 @@
 $ORIGIN walkah.lab.
@       3600 IN SOA plato.walkah.lab. walkah.walkah.net. (
-        2020042900 ; serial
+        2021070700 ; serial
        7200       ; refresh (2 hours)
        3600       ; retry (1 hour)
        1209600    ; expire (2 weeks)
@ -15,5 +15,5 @@ form            IN A    100.87.220.71
 matter          IN A    100.126.255.109
 purpose         IN A    100.74.59.80

-parthenon       IN A    100.73.24.17
+parthenon       IN A    100.106.65.40
 epicurus        IN A    100.66.26.116