chn/nixos
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixos.git synced 2026-01-12 01:29:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

modules.services.bind: serve ts.chn.moe

Browse Source
This commit is contained in:
陈浩南
2025-11-11 21:40:52 +08:00
parent e4d8620d81
commit f9a7c0b3fa
3 changed files with 31 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
flake/dns/config/chn.moe.nix
View File

@@ -62,6 +62,7 @@ in
];
"_xlog-challenge.xlog" = { type = "TXT"; value = "chn"; };
autoroute = { type = "NS"; values = "vps6.chn.moe."; };
ts = { type = "NS"; values = "vps6.chn.moe."; };
"mail" = { type = "CNAME"; value = "tuesday.mxrouting.net."; };
"webmail" = { type = "CNAME"; value = "tuesday.mxrouting.net."; };
"x._domainkey" =

16
modules/services/bind.nix
View File

@@ -41,9 +41,13 @@ inputs:
package = inputs.pkgs.bind.overrideAttrs
(prev: { buildInputs = prev.buildInputs ++ [ inputs.pkgs.libmaxminddb ]; });
listenOn = [(inputs.topInputs.self.config.dns."chn.moe".getAddress "vps6")];
cacheNetworks = [ "any" ];
extraOptions =
''
recursion no;
max-cache-ttl 0;
max-ncache-ttl 0;
allow-recursion { any; };
dnssec-validation no;
geoip-directory "${inputs.config.services.geoipupdate.settings.DatabaseDirectory}";
'';
extraConfig =
@@ -58,6 +62,11 @@ inputs:
type master;
file "${chinaZone}";
};
zone "ts.chn.moe" {
type forward;
forward only;
forwarders { 100.100.100.100; };
};
zone "." {
type hint;
file "${nullZone}";
@@ -69,6 +78,11 @@ inputs:
type master;
file "${globalZone}";
};
zone "ts.chn.moe" {
type forward;
forward only;
forwarders { 100.100.100.100; };
};
zone "." {
type hint;
file "${nullZone}";

53
modules/services/tailscale.nix
View File

@@ -2,42 +2,19 @@ inputs:
{
options.nixos.services.tailscale = let inherit (inputs.lib) mkOption types; in mkOption
{ type = types.nullOr (types.submodule {}); default = {}; };
config =
let inherit (inputs.config.nixos.services) tailscale;
in inputs.lib.mkIf (tailscale != null) (inputs.lib.mkMerge
[
{
services.tailscale =
{
enable = true;
openFirewall = true;
disableTaildrop = true;
# authKeyParameters should not be set
authKeyFile = inputs.config.nixos.system.sops.secrets."tailscale".path;
extraUpFlags = [ "--login-server=https://headscale.chn.moe" "--accept-dns=false" ];
extraSetFlags = [ "--accept-dns=false" ];
};
nixos.system.sops.secrets."tailscale" = {};
networking.firewall.trustedInterfaces = [ inputs.config.services.tailscale.interfaceName ];
}
# 如果启用了 xray client则 dns 交给 dnsmasq 处理
# 如果没有启用 xray client 但使用 systemd networkd则 dns 交给 systemd-networkd 处理
# 否则,需要交给 networkmanager 处理,但暂时不用实现
(
inputs.localLib.mkConditional (inputs.config.nixos.services.xray.client != null)
{ services.dnsmasq.settings.server = [ "/ts.chn.moe/100.100.100.100" ]; }
(
inputs.localLib.mkConditional (inputs.config.nixos.system.network.implementation == "systemd-networkd")
{
services.resolved.extraConfig =
''
[Resolve]
DNS=100.100.100.100
Domains=~ts.chn.moe
'';
}
{ assertions = [{ assertion = false; message = "not implemented"; }]; }
)
)
]);
config = let inherit (inputs.config.nixos.services) tailscale; in inputs.lib.mkIf (tailscale != null)
{
services.tailscale =
{
enable = true;
openFirewall = true;
disableTaildrop = true;
# authKeyParameters should not be set
authKeyFile = inputs.config.nixos.system.sops.secrets."tailscale".path;
extraUpFlags = [ "--login-server=https://headscale.chn.moe" "--accept-dns=false" ];
extraSetFlags = [ "--accept-dns=false" ];
};
nixos.system.sops.secrets."tailscale" = {};
networking.firewall.trustedInterfaces = [ inputs.config.services.tailscale.interfaceName ];
};
}