flake: add support to managing dns

2026-01-12 07:29:23 +08:00 · 2025-04-11 15:57:23 +08:00
parent 2256cfc2ad
commit 26b5d25b45
10 changed files with 128 additions and 198 deletions
--- a/dns/config/chn.moe.yaml
+++ b/dns/config/chn.moe.yaml
@@ -1,186 +0,0 @@
-? ''
-: - type: A
-    value: 74.211.99.69
-  - type: MX
-    values:
-    - exchange: tuesday.mxrouting.net.
-      preference: 10
-    - exchange: tuesday-relay.mxrouting.net.
-      preference: 20
-  - type: TXT
-    value: v=spf1 include:mxlogin.com -all
-'*.vps4':
-  type: CNAME
-  value: vps4.chn.moe.
-'*.xsession':
-  type: CNAME
-  value: vps3.chn.moe.
-_xlog-challenge.xlog:
-  type: TXT
-  value: chn
-api:
-  type: CNAME
-  value: autoroute.chn.moe.
-autoroute:
-  type: NS
-  values:
-  - ns1.huaweicloud-dns.cn.
-  - ns1.huaweicloud-dns.com.
-  - ns1.huaweicloud-dns.net.
-  - ns1.huaweicloud-dns.org.
-blog:
-  type: CNAME
-  value: vps6.chn.moe.
-catalog:
-  type: CNAME
-  value: vps6.chn.moe.
-coturn:
-  type: CNAME
-  value: vps6.chn.moe.
-element:
-  type: CNAME
-  value: vps6.chn.moe.
-freshrss:
-  type: CNAME
-  value: vps7.chn.moe.
-frp:
-  type: CNAME
-  value: vps6.chn.moe.
-git:
-  type: CNAME
-  value: autoroute.chn.moe.
-grafana:
-  type: CNAME
-  value: autoroute.chn.moe.
-huginn:
-  type: CNAME
-  value: vps7.chn.moe.
-initrd.nas:
-  type: A
-  value: 192.168.1.2
-initrd.vps6:
-  type: CNAME
-  value: vps6.chn.moe.
-initrd.vps7:
-  type: CNAME
-  value: vps7.chn.moe.
-mail:
-  type: CNAME
-  value: tuesday.mxrouting.net.
-matrix:
-  type: CNAME
-  value: autoroute.chn.moe.
-misskey:
-  type: CNAME
-  value: vps6.chn.moe.
-nas:
-  type: A
-  value: 192.168.1.2
-nextcloud:
-  type: CNAME
-  value: vps7.chn.moe.
-nix-store:
-  type: CNAME
-  value: vps6.chn.moe.
-office:
-  type: A
-  value: 210.34.16.60
-peertube:
-  type: CNAME
-  value: autoroute.chn.moe.
-photoprism:
-  type: CNAME
-  value: vps7.chn.moe.
-rsshub:
-  type: CNAME
-  value: vps7.chn.moe.
-send:
-  type: CNAME
-  value: autoroute.chn.moe.
-srv1:
-  type: A
-  value: 59.77.36.250
-srv2:
-  type: CNAME
-  value: office.chn.moe.
-ssh.git:
-  type: CNAME
-  value: vps7.chn.moe.
-sticker:
-  type: CNAME
-  value: vps6.chn.moe.
-synapse:
-  type: CNAME
-  value: autoroute.chn.moe.
-synapse-admin:
-  type: CNAME
-  value: vps6.chn.moe.
-ua:
-  octodns:
-    cloudflare:
-      auto-ttl: true
-  ttl: 300
-  type: CNAME
-  value: vps6.chn.moe.
-vaultwarden:
-  octodns:
-    cloudflare:
-      auto-ttl: true
-  ttl: 300
-  type: CNAME
-  value: vps7.chn.moe.
-vps6:
-  type: A
-  value: 74.211.99.69
-vps6.xserver:
-  type: CNAME
-  value: vps6.chn.moe.
-vps7:
-  type: A
-  value: 144.126.144.62
-webdav:
-  type: CNAME
-  value: vps7.chn.moe.
-webmail:
-  type: CNAME
-  value: tuesday.mxrouting.net.
-wireguard.nas:
-  type: A
-  value: 192.168.83.4
-wireguard.one:
-  type: A
-  value: 192.168.83.5
-wireguard.pc:
-  type: A
-  value: 192.168.83.3
-wireguard.srv1:
-  type: A
-  value: 192.168.83.9
-wireguard.srv2:
-  type: A
-  value: 192.168.83.7
-wireguard.vps6:
-  type: A
-  value: 192.168.83.1
-wireguard.vps7:
-  type: A
-  value: 192.168.83.2
-www:
-  type: CNAME
-  value: vps3.chn.moe.
-x._domainkey:
-  type: TXT
-  value: v=DKIM1\; k=rsa\; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv6xvkOMNYyOlY5mCjyL+Wx9PIWljb7WKLurGNnPNrKOrmSKQBAOwKOgv6SWABsuQMSZnoi33QVrqL2pFrGwAnPbhmQSesdAQW/D2ktaTp6iaRCT2eZTGz+dNdi9HCk1Uzkee8hU7L7KZISnNhvOrbBYbaICOwJWVYjk8hqSbIgyhK90IsTmrs9S4E5PSGxLjJ
-    Cpo0X0DPTtPD4ipH7kHnnD5DRO3fkxCvMAuWbnnt5+iUn/NuFQSC//dMqzs+IklBzZWdm/3n3GijkI5XK9rxnvg8V2/bk7SzJy7qeuLJPgbQgVDHCcIJKR0Ugl6CxpqQ8Jvcf0X0AtixVoVEWoyFQIDAQAB
-xlog:
-  type: CNAME
-  value: xlog.autoroute.chn.moe.
-xsession.vps7:
-  type: CNAME
-  value: vps7.chn.moe.
-铜锣湾:
-  type: CNAME
-  value: autoroute.chn.moe.
-铜锣湾实验室:
-  type: CNAME
-  value: vps6.chn.moe.
--- a/dns/config/mirism.one.yaml
+++ b/dns/config/mirism.one.yaml
@@ -1,3 +0,0 @@
-entry:
-  type: CNAME
-  value: vps6.chn.moe.
--- a/dns/config/nekomia.moe.yaml
+++ b/dns/config/nekomia.moe.yaml
@@ -1,3 +0,0 @@
-? ''
-: type: ALIAS
-  value: vps6.chn.moe.
--- a/flake.lock
+++ b/flake.lock
@@ -1134,11 +1134,11 @@
    "octodns-cloudflare": {
      "flake": false,
      "locked": {
-        "lastModified": 1736639669,
-        "narHash": "sha256-5k6w5e5U1sr7qBJ2tXbmAJi/BMe6qT2W6x53vDEO4xs=",
+        "lastModified": 1743461547,
+        "narHash": "sha256-XYZRiUZC7HtUrSo7fnJyL6gGPi/Npi8C+8msm7sVifE=",
        "owner": "octodns",
        "repo": "octodns-cloudflare",
-        "rev": "51c34b65b3405adeca395c0bba8b1b97af672f9d",
+        "rev": "a306f9a83c1b1a89c7a7fca545618644ed50f869",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -86,5 +86,15 @@
    config.branch = import ./flake/branch.nix;
    devShells.x86_64-linux = import ./flake/dev.nix { inherit inputs; };
    src = import ./flake/src.nix { inherit inputs; };
+    apps.x86_64-linux.dns-push =
+    {
+      type = "app";
+      program = let inherit (inputs.self.packages.x86_64-linux) pkgs; in builtins.toString (pkgs.callPackage ./flake/dns
+      {
+        inherit localLib;
+        tokenPath = inputs.self.nixosConfigurations.pc.config.sops.secrets."acme/token".path;
+        octodns = pkgs.octodns.withProviders (_: [ pkgs.localPackages.octodns-cloudflare ]);
+      });
+    };
  };
 }
--- a/flake/dns/config.yaml
+++ b/flake/dns/config.yaml
@@ -1,7 +1,7 @@
 providers:
  config:
    class: octodns.provider.yaml.YamlProvider
-    directory: ./config
+    directory: env/OCTODNS_CONFIG
  cloudflare:
    class: octodns_cloudflare.CloudflareProvider
    token: env/CLOUDFLARE_TOKEN
@@ -9,6 +9,6 @@ providers:
 zones:
  '*':
    sources:
-      - cloudflare
+      - config
    targets:
-      - config
+      - cloudflare
--- a/flake/dns/config/chn.moe.nix
+++ b/flake/dns/config/chn.moe.nix
@@ -0,0 +1,92 @@
+localLib:
+let
+  cname =
+  {
+    autoroute = [ "api" "git" "grafana" "matrix" "peertube" "send" "synapse" "vikunja" "铜锣湾" "铜锣湾实验室" ];
+    "internal.pc" = [ "internal.nix-store" ];
+    nas = [ "initrd.nas" ];
+    office = [ "srv2" ];
+    vps6 =
+    [
+      "blog" "catalog" "coturn" "element" "frp" "initrd.vps6" "misskey" "nix-store" "sticker" "synapse-admin" "tgapi"
+      "ua" "vps6.xserver"
+    ];
+    vps7 =
+    [
+      "chat" "freshrss" "huginn" "initrd.vps7" "nextcloud" "photoprism" "rsshub" "ssh.git" "vaultwarden" "webdav"
+      "xsession.vps7"
+    ];
+    "xlog.autoroute" = [ "xlog" ];
+  };
+  a =
+  {
+    nas = "192.168.1.2";
+    "internal.pc" = "192.168.1.3";
+    office = "210.34.16.60";
+    srv1 = "59.77.36.250";
+    vps6 = "144.34.225.59";
+    vps7 = "144.126.144.62";
+  };
+  wireguard =
+  {
+    wg0 =
+    {
+      net = 83;
+      peers =
+      {
+        vps6 = 1;
+        vps7 = 2;
+        pc = 3;
+        nas = 4;
+        one = 5;
+        srv2 = 7;
+        srv1 = 9;
+      };
+    };
+  };
+in
+{
+  "" =
+  [
+    { type = "ALIAS"; value = "vps6.chn.moe."; }
+    {
+      type = "MX";
+      values =
+      [
+        { exchange = "tuesday.mxrouting.net."; preference = 10; }
+        { exchange = "tuesday-relay.mxrouting.net."; preference = 20; }
+      ];
+    }
+    { type = "TXT"; value = "v=spf1 include:mxlogin.com -all"; }
+  ];
+  "_xlog-challenge.xlog" = { type = "TXT"; value = "chn"; };
+  autoroute =
+  {
+    type = "NS";
+    values = builtins.map (suffix: "ns1.huaweicloud-dns.${suffix}.") [ "cn" "com" "net" "org" ];
+  };
+  "mail" = { type = "CNAME"; value = "tuesday.mxrouting.net."; };
+  "webmail" = { type = "CNAME"; value = "tuesday.mxrouting.net."; };
+  "x._domainkey" =
+  {
+    type = "TXT";
+    value = ''v=DKIM1\; k=rsa\; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0CjW96ffx1tVrJkt630lSRrdEF495OAkFbUxwgZm+EjMhdQtG3erl+AzcyjK3gJpg2ylqOYxCFElerqiN9IiggYy4z6tJwVqoh7bucMbO5J4EJQvFdbyRveq7LVm+n5Qgr/CRi6105zfpzX0NbQZoLINSJMCGOmWcYPZZYv7T260ghVFkn4qVpAkFqvvc+RBtY9P96nPZ+omYvpKDV+JReNanxBZRoxuKQDpYPZhV7E6mLulzHzFyuwDLg7THBCcmEr3DlAAeZcLdm6cTdwYTG2cMv2CUiocSdxmrZeBaWa1Xef+70ddrr823o105l6PP437L4337JIMH19g9iTT+QIDAQAB'';
+  };
+}
+// builtins.listToAttrs (builtins.concatLists (builtins.map
+  (cname: builtins.map
+    (name: { inherit name; value = { type = "CNAME"; value = "${cname.name}.chn.moe."; }; })
+    cname.value)
+  (localLib.attrsToList cname)))
+// builtins.listToAttrs (builtins.map
+  (a: {inherit (a) name; value = { inherit (a) value; type = "A"; }; })
+  (localLib.attrsToList a))
+// builtins.listToAttrs (builtins.concatLists (builtins.map
+  (net: builtins.map
+    (peer:
+    {
+      name = "${net.name}.${peer.name}";
+      value = { type = "A"; value = "192.168.${builtins.toString net.value.net}.${builtins.toString peer.value}"; };
+    })
+    (localLib.attrsToList net.value.peers))
+  (localLib.attrsToList wireguard)))
--- a/flake/dns/config/mirism.one.nix
+++ b/flake/dns/config/mirism.one.nix
@@ -0,0 +1 @@
+_: { entry = { type = "CNAME"; value = "vps6.chn.moe."; }; }
--- a/flake/dns/config/nekomia.moe.nix
+++ b/flake/dns/config/nekomia.moe.nix
@@ -0,0 +1 @@
+_: { "" = { type = "ALIAS"; value = "vps6.chn.moe."; }; }
--- a/flake/dns/default.nix
+++ b/flake/dns/default.nix
@@ -0,0 +1,18 @@
+{ writeShellScript, writeTextDir, symlinkJoin, octodns, tokenPath, localLib }:
+let
+  addTtl = config:
+    let addTtl' = attrs: attrs // { octodns.cloudflare.auto-ttl = true; };
+    in builtins.mapAttrs (n: v: if builtins.isList v then builtins.map addTtl' v else addTtl' v) config;
+  config = symlinkJoin
+  {
+    name = "config";
+    paths = builtins.map
+      (domain: writeTextDir "${domain}.yaml" (builtins.toJSON (addTtl (import ./config/${domain}.nix localLib))))
+      [ "chn.moe" "nekomia.moe" "mirism.one" ];
+  };
+in writeShellScript "dns-push"
+''
+  export OCTODNS_CONFIG=${config}
+  export CLOUDFLARE_TOKEN=$(cat ${tokenPath})
+  ${octodns}/bin/octodns-sync --config-file ${./config.yaml} --doit --force
+''
				`@@ -0,0 +1 @@`
				`_: { entry = { type = "CNAME"; value = "vps6.chn.moe."; }; }`
				`@@ -0,0 +1 @@`
				`_: { "" = { type = "ALIAS"; value = "vps6.chn.moe."; }; }`