modules.services.coredns: replace bind

2026-01-12 00:49:42 +08:00 · 2025-11-12 10:17:33 +08:00
parent 10da86a550
commit cae25cbac1
3 changed files with 82 additions and 97 deletions
--- a/devices/vps6/default.nix
+++ b/devices/vps6/default.nix
@@ -59,7 +59,7 @@ inputs:
        mirism = {};
        fail2ban = {};
        beesd."/" = {};
-        bind = {};
+        coredns.interface = "ens18";
        headscale = {};
      };
    };
--- a/modules/services/bind.nix
+++ b/modules/services/bind.nix
@@ -1,96 +0,0 @@
-inputs:
-{
-  options.nixos.services.bind = let inherit (inputs.lib) mkOption types; in mkOption
-    { type = types.nullOr (types.submodule (submoduleInputs: {})); default = null; };
-  config = let inherit (inputs.config.nixos.services) bind; in inputs.lib.mkIf (bind != null)
-  {
-    services.bind =
-      let
-        chinaZone = inputs.pkgs.writeText "autoroute.chn.moe.china.zone"
-        ''
-          $ORIGIN autoroute.chn.moe.
-          $TTL 3600
-          @ IN SOA vps6.chn.moe. chn.chn.moe. (
-            2024071301 ; serial
-            3600       ; refresh
-            600        ; retry
-            604800     ; expire
-            300        ; minimum
-          )
-          @ IN NS vps6.chn.moe.
-          @ IN A ${inputs.topInputs.self.config.dns."chn.moe".getAddress "vps6"}
-        '';
-        globalZone = inputs.pkgs.writeText "autoroute.chn.moe.zone"
-        ''
-          $ORIGIN autoroute.chn.moe.
-          $TTL 3600
-          @ IN SOA vps6.chn.moe. chn.chn.moe. (
-            2024071301 ; serial
-            3600       ; refresh
-            600        ; retry
-            604800     ; expire
-            300        ; minimum
-          )
-          @ IN NS vps6.chn.moe.
-          @ IN A ${inputs.topInputs.self.config.dns."chn.moe".getAddress "vps9"}
-        '';
-        nullZone = inputs.pkgs.writeText "null.zone" "";
-      in
-      {
-        enable = true;
-        package = inputs.pkgs.bind.overrideAttrs
-          (prev: { buildInputs = prev.buildInputs ++ [ inputs.pkgs.libmaxminddb ]; });
-        listenOn = [(inputs.topInputs.self.config.dns."chn.moe".getAddress "vps6")];
-        cacheNetworks = [ "any" ];
-        extraOptions =
-        ''
-          max-cache-ttl 0;
-          max-ncache-ttl 0;
-          allow-recursion { any; };
-          dnssec-validation no;
-          geoip-directory "${inputs.config.services.geoipupdate.settings.DatabaseDirectory}";
-        '';
-        extraConfig =
-        ''
-          acl "china" {
-            geoip country CN;
-          };
-
-          view "china" {
-            match-clients { china; };
-            zone "autoroute.chn.moe" {
-              type master;
-              file "${chinaZone}";
-            };
-            zone "ts.chn.moe" {
-                type forward;
-                forward only;
-                forwarders { 100.100.100.100; };
-            };
-            zone "." {
-              type hint;
-              file "${nullZone}";
-            };
-          };
-          view "global" {
-            match-clients { any; };
-            zone "autoroute.chn.moe" {
-              type master;
-              file "${globalZone}";
-            };
-            zone "ts.chn.moe" {
-                type forward;
-                forward only;
-                forwarders { 100.100.100.100; };
-            };
-            zone "." {
-              type hint;
-              file "${nullZone}";
-            };
-          };
-        '';
-      };
-    nixos.services.geoipupdate = {};
-    networking.firewall.allowedUDPPorts = [ 53 ];
-  };
-}
--- a/modules/services/coredns.nix
+++ b/modules/services/coredns.nix
@@ -0,0 +1,81 @@
+inputs:
+{
+  options.nixos.services.coredns = let inherit (inputs.lib) mkOption types; in mkOption
+  {
+    type = types.nullOr (types.submodule (submoduleInputs: { options =
+    {
+      interface = mkOption { type = types.str; };
+    };}));
+    default = null;
+  };
+  config = let inherit (inputs.config.nixos.services) coredns; in inputs.lib.mkIf (coredns != null)
+  {
+    services.coredns =
+    {
+      enable = true;
+      config =
+      ''
+        autoroute.chn.moe {
+          bind ${coredns.interface}
+          geoip ${inputs.config.services.geoipupdate.settings.DatabaseDirectory}/GeoLite2-Country.mmdb
+          log
+          errors
+          metadata
+
+          view china {
+            expr metadata('geoip/country/code') == 'CN'
+          }
+          template IN A autoroute.chn.moe {
+            match ^autoroute\.chn\.moe\.$
+            answer "{{.Name}} 60 IN A ${inputs.topInputs.self.config.dns."chn.moe".getAddress "vps6"}"
+          }
+          template IN AAAA autoroute.chn.moe {
+            match ^autoroute\.chn\.moe\.$
+            rcode NXDOMAIN
+          }
+          header {
+            response set aa
+          }
+        }
+
+        autoroute.chn.moe {
+          bind ${coredns.interface}
+          log
+          errors
+          metadata
+
+          template IN A autoroute.chn.moe {
+            match ^autoroute\.chn\.moe\.$
+            answer "{{.Name}} 60 IN A ${inputs.topInputs.self.config.dns."chn.moe".getAddress "vps9"}"
+          }
+          template IN AAAA autoroute.chn.moe {
+            match ^autoroute\.chn\.moe\.$
+            rcode NXDOMAIN
+          }
+          header {
+            response set aa
+          }
+        }
+
+        ts.chn.moe {
+          bind ${coredns.interface}
+          forward . 100.100.100.100
+          header {
+            response set aa
+          }
+          log
+          errors
+        }
+
+        . {
+          bind ${coredns.interface}
+          acl {}
+          errors
+          log
+        }
+      '';
+    };
+    nixos.services.geoipupdate = {};
+    networking.firewall.allowedUDPPorts = [ 53 ];
+  };
+}