system-configuration

system-configuration/modules/config/dns.scm

dns.scm

;;; Tyreunom's system administration and configuration tools.
;;;
;;; Copyright © 2019 Julien Lepiller <julien@lepiller.eu>
;;;
;;; This program is free software: you can redistribute it and/or modify
;;; it under the terms of the GNU General Public License as published by
;;; the Free Software Foundation, either version 3 of the License, or
;;; (at your option) any later version.
;;;
;;; This program is distributed in the hope that it will be useful,
;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with this program.  If not, see <http://www.gnu.org/licenses/>.

;;
;; DNS services
;;

(define-module (config dns)
  #:use-module (data dns)
  #:use-module (gnu services)
  #:use-module (gnu services dns)
  #:use-module (srfi srfi-1)
  #:use-module (ice-9 textual-ports)
  #:export (ipv4-reverse-master-zone
            ipv6-reverse-master-zone
            lepiller-master-zone
            lepiller-slave-zone
            master-acl
            slave-acl
            hermes
            ene))

(define public-dkim
  (apply
    string-append
    (string-split
      (call-with-input-file "/etc/mail/dkim/public.key" get-string-all)
      #\newline)))

(define-zone-entries lepiller.eu.zone
;; Name         TTL Class Type Data
  ("ene"        ""  "IN"  "A"     ene-ip4)
  ("hermes"     ""  "IN"  "A"     hermes-ip4)
  ("hermes"     ""  "IN"  "AAAA"  hermes-ip6)
  ("xana"       ""  "IN"  "A"     xana-ip4)
  ("@"          ""  "IN"  "A"     hermes-ip4)
  ("@"          ""  "IN"  "AAAA"  hermes-ip6)
  ("www"        ""  "IN"  "CNAME" "lepiller.eu.")

  ("avatar"     ""  "IN"  "CNAME" "ene")
  ("git"        ""  "IN"  "CNAME" "ene")
  ("i18n"       ""  "IN"  "CNAME" "xana")
  ("nani"       ""  "IN"  "CNAME" "xana")
  ("offlate"    ""  "IN"  "CNAME" "xana")
  ("rennes"     ""  "IN"  "CNAME" "ene")
  ("social"     ""  "IN"  "CNAME" "ene")

  ("@"          ""  "IN"  "NS"    "ns")
  ("@"          ""  "IN"  "NS"    "ns2")
  ("ns"         ""  "IN"  "A"     hermes-ip4)
  ("ns"         ""  "IN"  "AAAA"  hermes-ip6)
  ("ns2"        ""  "IN"  "A"     ene-ip4)

  ("@"          ""  "IN"  "MX"    "10 courriel")
  ("@"          ""  "IN"  "MX"    "50 b.courriel")
  ("@"          ""  "IN"  "MX"    "20 wio6sja633kwuybkyqex7vvnzqvrhrtzjix6cjhsqi42hx3n2qjfmzid.onion.")
  ("@"          ""  "IN"  "MX"    "60 5g33mrv2rp2onyvte2b3ge5a44fxansxwt4sajmmae7lgorxjgz5czad.onion.")
  ("b.courriel" ""  "IN"  "A"     hermes-ip4)
  ("b.courriel" ""  "IN"  "AAAA"  hermes-ip6)
  ("courriel"   ""  "IN"  "A"     ene-ip4)
  ("imap"       ""  "IN"  "CNAME" "courriel")
  ("smtp"       ""  "IN"  "CNAME" "b.courriel")
  ("@"          ""  "IN"  "TXT"   "\"v=spf1 mx a ~all\"")
  ("@"          ""  "IN"  "SPF"   "\"v=spf1 mx a ~all\"")
  
  ("dkim._domainkey" "" "IN" "TXT" (string-append "v=DKIM1\\; p=" public-dkim "\\; s=email\\; t=s"))
  ("_dmarc"     ""  "IN"  "TXT"   "v=DMARC1\\; p=none\\; sp=reject\\; rua=mailto:rua@lepiller.eu!10m\\; ruf=mailto:ruf@lepiller.eu!10m\\; rf=afrf\\; pct=100\\; ri=86400"))

(define-zone-entries ipv4-reverse.zone
  ("@" "" "IN" "PTR" "lepiller.eu.")
  ("@"          ""  "IN"  "NS"    "ns.lepiller.eu.")
  ("@"          ""  "IN"  "NS"    "ns2.lepiller.eu."))

(define-zone-entries ipv6-reverse.zone
  ("1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0" "" "IN" "PTR" "lepiller.eu.")
  ("@"          ""  "IN"  "NS"    "ns.lepiller.eu.")
  ("@"          ""  "IN"  "NS"    "ns2.lepiller.eu."))

(define ene
  (knot-remote-configuration
    (id "ene")
    (address (list ene-ip4))
    (key "lepiller-key")))

(define hermes
  (knot-remote-configuration
    (id "hermes")
    (address (list hermes-ip4 hermes-ip6))
    (key "lepiller-key")))

(define master-acl
  (knot-acl-configuration
    (id "master-acl")
    (address (list hermes-ip4))
    (key '("lepiller-key"))
    (action '(transfer))))

(define slave-acl
  (knot-acl-configuration
    (id "slave-acl")
    (address (list ene-ip4))
    (key '("lepiller-key"))
    (action '(notify))))

(define lepiller-master-zone
  (knot-zone-configuration
    (domain "lepiller.eu")
    (notify '("hermes"))
    (dnssec-policy "default")
    (acl '("master-acl"))
    (zonefile-load 'difference)
    (zone (zone-file
            (origin "lepiller.eu")
            (entries lepiller.eu.zone)
            (serial 2020101201)))))

(define lepiller-slave-zone
  (knot-zone-configuration
    (domain "lepiller.eu")
    (acl '("slave-acl"))
    (master '("ene"))))

(define ipv6-reverse-master-zone
  (let* ((ip6 (string->list (substring (string-delete #\: hermes-ip6) 0 12)))
         (rev-ip6-lst (fold (lambda (elem acc)
                          (cons* #\. elem acc))
                        '()
                        ip6))
         (rev-ip6 (list->string (cdr rev-ip6-lst)))
         (domain (string-append rev-ip6 ".ip6.arpa")))
    (knot-zone-configuration
      (domain domain)
      (zone (zone-file
              (origin domain)
              (entries ipv6-reverse.zone)
              (ns "ns.lepiller.eu.")
              (mail "hostmaster.lepiller.eu.")
              (serial 1))))))

(define ipv4-reverse-master-zone
  (let ((domain (string-append
                  (string-join (reverse (string-split hermes-ip4 #\.)) ".")
                  ".in-addr.arpa")))
    (knot-zone-configuration
      (domain domain)
      (zone (zone-file
              (origin domain)
              (entries ipv4-reverse.zone)
              (ns "ns.lepiller.eu.")
              (mail "hostmaster.lepiller.eu.")
              (serial 1))))))


1	;;; Tyreunom's system administration and configuration tools.
2	;;;
3	;;; Copyright © 2019 Julien Lepiller <julien@lepiller.eu>
4	;;;
5	;;; This program is free software: you can redistribute it and/or modify
6	;;; it under the terms of the GNU General Public License as published by
7	;;; the Free Software Foundation, either version 3 of the License, or
8	;;; (at your option) any later version.
9	;;;
10	;;; This program is distributed in the hope that it will be useful,
11	;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
12	;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13	;;; GNU General Public License for more details.
14	;;;
15	;;; You should have received a copy of the GNU General Public License
16	;;; along with this program. If not, see <http://www.gnu.org/licenses/>.
17
18	;;
19	;; DNS services
20	;;
21
22	(define-module (config dns)
23	#:use-module (data dns)
24	#:use-module (gnu services)
25	#:use-module (gnu services dns)
26	#:use-module (srfi srfi-1)
27	#:use-module (ice-9 textual-ports)
28	#:export (ipv4-reverse-master-zone
29	ipv6-reverse-master-zone
30	lepiller-master-zone
31	lepiller-slave-zone
32	master-acl
33	slave-acl
34	hermes
35	ene))
36
37	(define public-dkim
38	(apply
39	string-append
40	(string-split
41	(call-with-input-file "/etc/mail/dkim/public.key" get-string-all)
42	#\newline)))
43
44	(define-zone-entries lepiller.eu.zone
45	;; Name TTL Class Type Data
46	("ene" "" "IN" "A" ene-ip4)
47	("hermes" "" "IN" "A" hermes-ip4)
48	("hermes" "" "IN" "AAAA" hermes-ip6)
49	("xana" "" "IN" "A" xana-ip4)
50	("@" "" "IN" "A" hermes-ip4)
51	("@" "" "IN" "AAAA" hermes-ip6)
52	("www" "" "IN" "CNAME" "lepiller.eu.")
53
54	("avatar" "" "IN" "CNAME" "ene")
55	("git" "" "IN" "CNAME" "ene")
56	("i18n" "" "IN" "CNAME" "xana")
57	("nani" "" "IN" "CNAME" "xana")
58	("offlate" "" "IN" "CNAME" "xana")
59	("rennes" "" "IN" "CNAME" "ene")
60	("social" "" "IN" "CNAME" "ene")
61
62	("@" "" "IN" "NS" "ns")
63	("@" "" "IN" "NS" "ns2")
64	("ns" "" "IN" "A" hermes-ip4)
65	("ns" "" "IN" "AAAA" hermes-ip6)
66	("ns2" "" "IN" "A" ene-ip4)
67
68	("@" "" "IN" "MX" "10 courriel")
69	("@" "" "IN" "MX" "50 b.courriel")
70	("@" "" "IN" "MX" "20 wio6sja633kwuybkyqex7vvnzqvrhrtzjix6cjhsqi42hx3n2qjfmzid.onion.")
71	("@" "" "IN" "MX" "60 5g33mrv2rp2onyvte2b3ge5a44fxansxwt4sajmmae7lgorxjgz5czad.onion.")
72	("b.courriel" "" "IN" "A" hermes-ip4)
73	("b.courriel" "" "IN" "AAAA" hermes-ip6)
74	("courriel" "" "IN" "A" ene-ip4)
75	("imap" "" "IN" "CNAME" "courriel")
76	("smtp" "" "IN" "CNAME" "b.courriel")
77	("@" "" "IN" "TXT" "\"v=spf1 mx a ~all\"")
78	("@" "" "IN" "SPF" "\"v=spf1 mx a ~all\"")
79
80	("dkim._domainkey" "" "IN" "TXT" (string-append "v=DKIM1\\; p=" public-dkim "\\; s=email\\; t=s"))
81	("_dmarc" "" "IN" "TXT" "v=DMARC1\\; p=none\\; sp=reject\\; rua=mailto:rua@lepiller.eu!10m\\; ruf=mailto:ruf@lepiller.eu!10m\\; rf=afrf\\; pct=100\\; ri=86400"))
82
83	(define-zone-entries ipv4-reverse.zone
84	("@" "" "IN" "PTR" "lepiller.eu.")
85	("@" "" "IN" "NS" "ns.lepiller.eu.")
86	("@" "" "IN" "NS" "ns2.lepiller.eu."))
87
88	(define-zone-entries ipv6-reverse.zone
89	("1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0" "" "IN" "PTR" "lepiller.eu.")
90	("@" "" "IN" "NS" "ns.lepiller.eu.")
91	("@" "" "IN" "NS" "ns2.lepiller.eu."))
92
93	(define ene
94	(knot-remote-configuration
95	(id "ene")
96	(address (list ene-ip4))
97	(key "lepiller-key")))
98
99	(define hermes
100	(knot-remote-configuration
101	(id "hermes")
102	(address (list hermes-ip4 hermes-ip6))
103	(key "lepiller-key")))
104
105	(define master-acl
106	(knot-acl-configuration
107	(id "master-acl")
108	(address (list hermes-ip4))
109	(key '("lepiller-key"))
110	(action '(transfer))))
111
112	(define slave-acl
113	(knot-acl-configuration
114	(id "slave-acl")
115	(address (list ene-ip4))
116	(key '("lepiller-key"))
117	(action '(notify))))
118
119	(define lepiller-master-zone
120	(knot-zone-configuration
121	(domain "lepiller.eu")
122	(notify '("hermes"))
123	(dnssec-policy "default")
124	(acl '("master-acl"))
125	(zonefile-load 'difference)
126	(zone (zone-file
127	(origin "lepiller.eu")
128	(entries lepiller.eu.zone)
129	(serial 2020101201)))))
130
131	(define lepiller-slave-zone
132	(knot-zone-configuration
133	(domain "lepiller.eu")
134	(acl '("slave-acl"))
135	(master '("ene"))))
136
137	(define ipv6-reverse-master-zone
138	(let* ((ip6 (string->list (substring (string-delete #\: hermes-ip6) 0 12)))
139	(rev-ip6-lst (fold (lambda (elem acc)
140	(cons* #\. elem acc))
141	'()
142	ip6))
143	(rev-ip6 (list->string (cdr rev-ip6-lst)))
144	(domain (string-append rev-ip6 ".ip6.arpa")))
145	(knot-zone-configuration
146	(domain domain)
147	(zone (zone-file
148	(origin domain)
149	(entries ipv6-reverse.zone)
150	(ns "ns.lepiller.eu.")
151	(mail "hostmaster.lepiller.eu.")
152	(serial 1))))))
153
154	(define ipv4-reverse-master-zone
155	(let ((domain (string-append
156	(string-join (reverse (string-split hermes-ip4 #\.)) ".")
157	".in-addr.arpa")))
158	(knot-zone-configuration
159	(domain domain)
160	(zone (zone-file
161	(origin domain)
162	(entries ipv4-reverse.zone)
163	(ns "ns.lepiller.eu.")
164	(mail "hostmaster.lepiller.eu.")
165	(serial 1))))))
166