[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/01: hydra: Add dns services for guix.gnu.org.
|
From: |
julien lepiller |
|
Subject: |
01/01: hydra: Add dns services for guix.gnu.org. |
|
Date: |
Fri, 26 Apr 2019 10:10:26 -0400 (EDT) |
roptat pushed a commit to branch master
in repository maintenance.
commit fce917f16e8bd7d13584120db5eccf417453e6da
Author: Julien Lepiller <address@hidden>
Date: Mon Mar 4 22:00:22 2019 +0100
hydra: Add dns services for guix.gnu.org.
* hydra/bayfront.scm (services): Add knot-service.
* hydra/berlin.scm (services): Add knot-service.
* hydra/modules/sysadmin/dns.scm: New file.
---
hydra/bayfront.scm | 16 ++++++++--
hydra/berlin.scm | 19 ++++++++++--
hydra/modules/sysadmin/dns.scm | 70 ++++++++++++++++++++++++++++++++++++++++++
3 files changed, 101 insertions(+), 4 deletions(-)
diff --git a/hydra/bayfront.scm b/hydra/bayfront.scm
index fae5cb5..6ec21f2 100644
--- a/hydra/bayfront.scm
+++ b/hydra/bayfront.scm
@@ -1,7 +1,7 @@
;; OS configuration for bayfront, the frontend of the compile farm.
-(use-modules (gnu) (guix) (sysadmin people) (sysadmin services))
-(use-service-modules base networking admin shepherd)
+(use-modules (gnu) (guix) (sysadmin people) (sysadmin services) (sysadmin dns))
+(use-service-modules base dns networking admin shepherd)
(use-package-modules admin certs linux ssh tls vim package-management web wget)
(define %sysadmins
@@ -124,6 +124,18 @@ Happy hacking!\n"))
(service ntp-service-type)
+ ;; DNS
+ (service knot-service-type
+ (knot-configuration
+ (zones (list (knot-zone-configuration
+ (inherit guix.gnu.org-zone)
+ (dnssec-policy "default")
+ (acl '("transfer-allow")))))
+ (acls (list (knot-acl-configuration
+ (id "transfer-allow")
+ (address (list berlin-ip4))
+ (action '(transfer)))))))
+
(frontend-services %sysadmins
#:nar-ttl (* 45 24 3600)
#:motd %motd
diff --git a/hydra/berlin.scm b/hydra/berlin.scm
index 8d63a14..343e104 100644
--- a/hydra/berlin.scm
+++ b/hydra/berlin.scm
@@ -1,8 +1,8 @@
;; OS configuration for "berlin", the frontend of the compile farm
;; hosted at the MDC.
-(use-modules (gnu) (guix) (sysadmin services) (sysadmin people))
-(use-service-modules base databases monitoring networking admin shepherd)
+(use-modules (gnu) (guix) (sysadmin services) (sysadmin people) (sysadmin dns))
+(use-service-modules base databases dns monitoring networking admin shepherd)
(use-package-modules admin certs emacs linux monitoring
ssh tls vim package-management
web wget ci rsync)
@@ -164,6 +164,21 @@ Happy hacking!\n"))
(tty "ttyS0")
(baud-rate "115200")))
+ ;; DNS
+ (service knot-service-type
+ (knot-configuration
+ (zones (list (knot-zone-configuration
+ (domain "guix.gnu.org")
+ (master '("bayfront-master"))
+ (acl '("notify-allow")))))
+ (acls (list (knot-acl-configuration
+ (id "notify-allow")
+ (address (list bayfront-ip4))
+ (action '(notify)))))
+ (remotes (list (knot-remote-configuration
+ (id "bayfront-master")
+ (address (list bayfront-ip4)))))))
+
;; Monitoring
(service zabbix-agent-service-type)
(service zabbix-server-service-type
diff --git a/hydra/modules/sysadmin/dns.scm b/hydra/modules/sysadmin/dns.scm
new file mode 100644
index 0000000..8ce93e6
--- /dev/null
+++ b/hydra/modules/sysadmin/dns.scm
@@ -0,0 +1,70 @@
+;;; GNU Guix system administration tools.
+;;;
+;;; Copyright © 2019 Julien Lepiller <address@hidden>
+;;;
+;;; This program is free software: you can redistribute it and/or modify
+;;; it under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation, either version 3 of the License, or
+;;; (at your option) any later version.
+;;;
+;;; This program is distributed in the hope that it will be useful,
+;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (sysadmin dns)
+ #:use-module (gnu services knot)
+ #:export (guix.gnu.org-zone
+ berlin-ip4
+ bayfront-ip4))
+
+;;; Commentary:
+;;;
+;;; DNS configuration.
+;;;
+;;; For any change in the zone (an IP, a new record, ...), increment the
+;;; the serial in the zone configuration. This is very important for
+;;; changes to be taken into account.
+;;;
+;;; Remember some DNS rules: no other kind of record for a CNAME record.
+;;; Always associate a name that resolves to an A or an AAAA record
+;;; immediately (it cannot be a CNAME). Same for MX.
+;;;
+;;; Remember that data is relative to the root of this zone when it
+;;; reference another domain name, unless it ends with a dot.
+;;;
+;;; Ex: "ns1.guix.gnu.org" actually means "ns1.guix.gnu.org.guix.gnu.org"
+;;; whereas "ns1.guix.gnu.org." means what it says.
+;;;
+;;; Code:
+
+;; Define some IP addresses for easier use later
+(define gnu.org-ip4 "209.51.188.148")
+(define gnu.org-ip6 "2001:470:142:3::a")
+(define hydra-ip4 "18.4.89.46")
+(define bayfront-ip4 "185.233.100.56")
+(define berlin-ip4 "141.80.181.40")
+
+(define-zone-entries guix.gnu.org.zone
+;; Name TTL Class Type Data
+ ("@" "" "IN" "A" gnu.org-ip4)
+ ("@" "" "IN" "AAAA" gnu.org-ip6)
+ ("@" "" "IN" "NS" "ns1")
+ ("@" "" "IN" "NS" "ns2")
+ ("ns1" "" "IN" "A" bayfront-ip4)
+ ("ns2" "" "IN" "A" berlin-ip4)
+ ("hydra" "" "IN" "A" hydra-ip4)
+ ("berlin" "" "IN" "A" berlin-ip4)
+ ("bayfront" "" "IN" "A" bayfront-ip4)
+ ("ci" "" "IN" "CNAME" "berlin"))
+
+(define guix.gnu.org-zone
+ (knot-zone-configuration
+ (domain "guix.gnu.org")
+ (zone (zone-file
+ (origin "guix.gnu.org")
+ (entries guix.gnu.org.zone)
+ (serial 1)))))