lasuite-federez/nix
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix spf and soa record

Browse source
This commit is contained in:
asyncnomi 2025-07-31 18:55:44 +02:00
parent 152e28053f
commit d8c6298409
1 changed files with 20 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

21
shared/dns/knot.nix
View file

@ -101,6 +101,14 @@ let
dnsSecondaryConfigs = lib.filterAttrs (peerName: _peerConfig: lib.elem peerName mapping.dns.secondary) nodes; dnsSecondaryConfigs = lib.filterAttrs (peerName: _peerConfig: lib.elem peerName mapping.dns.secondary) nodes;
mailConfigs = lib.filterAttrs (peerName: _peerConfig: lib.elem peerName mapping.mail.hosts) nodes; mailConfigs = lib.filterAttrs (peerName: _peerConfig: lib.elem peerName mapping.mail.hosts) nodes;
# For now lasuite.federez.net will redirect to mail server
soaARecords = lib.flatten (lib.mapAttrsToList (hostname: node:
lib.optional (supportsIPv4 node) "\tIN A ${rmCidr node.ip4}"
) mailConfigs);
soaAAAARecords = lib.flatten (lib.mapAttrsToList (hostname: node:
lib.optional (supportsIPv6 node) "\tIN AAAA ${rmCidr node.ip6}"
) mailConfigs);
# Gen A NS # Gen A NS
nsARecords = lib.flatten (lib.mapAttrsToList (hostname: node: nsARecords = lib.flatten (lib.mapAttrsToList (hostname: node:
lib.optional (supportsIPv4 node) "${hostToDomain hostname}.net. IN A ${rmCidr node.ip4}" lib.optional (supportsIPv4 node) "${hostToDomain hostname}.net. IN A ${rmCidr node.ip4}"
@ -135,6 +143,15 @@ let
firstNS = builtins.head mapping.dns.secondary; firstNS = builtins.head mapping.dns.secondary;
firstNSDn = "${hostToDomain firstNS}.net."; firstNSDn = "${hostToDomain firstNS}.net.";
# Generate SPF record with all mail server IPs
spfIpv4Records = lib.flatten (lib.mapAttrsToList (hostname: node:
lib.optional (supportsIPv4 node) "ip4:${rmCidr node.ip4}"
) mailConfigs);
spfIpv6Records = lib.flatten (lib.mapAttrsToList (hostname: node:
lib.optional (supportsIPv6 node) "ip6:${rmCidr node.ip6}"
) mailConfigs);
spfRecord = "v=spf1 a:lasuite.federez.net ${builtins.concatStringsSep " " (spfIpv4Records ++ spfIpv6Records)} ~all";
# Zone conf # Zone conf
zone-lasuite-federez-net = pkgs.writeText "zone-lasuite-federez-net" '' zone-lasuite-federez-net = pkgs.writeText "zone-lasuite-federez-net" ''
$ORIGIN lasuite.federez.net. $ORIGIN lasuite.federez.net.
@ -146,10 +163,12 @@ let
60 ; expire 60 ; expire
60 ) ; minimum TTL 60 ) ; minimum TTL
IN TXT "v=spf1 a:lasuite.federez.net ~all" IN TXT "${spfRecord}"
${builtins.concatStringsSep "\n" nsRecords} ${builtins.concatStringsSep "\n" nsRecords}
${builtins.concatStringsSep "\n" mxRecords} ${builtins.concatStringsSep "\n" mxRecords}
${builtins.concatStringsSep "\n" soaARecords}
${builtins.concatStringsSep "\n" soaAAAARecords}
${builtins.concatStringsSep "\n" nsARecords} ${builtins.concatStringsSep "\n" nsARecords}
${builtins.concatStringsSep "\n" nsAAAARecords} ${builtins.concatStringsSep "\n" nsAAAARecords}