dns.scm
1 | ;;; Tyreunom's system administration and configuration tools. |
2 | ;;; |
3 | ;;; Copyright © 2019 Julien Lepiller <julien@lepiller.eu> |
4 | ;;; |
5 | ;;; This program is free software: you can redistribute it and/or modify |
6 | ;;; it under the terms of the GNU General Public License as published by |
7 | ;;; the Free Software Foundation, either version 3 of the License, or |
8 | ;;; (at your option) any later version. |
9 | ;;; |
10 | ;;; This program is distributed in the hope that it will be useful, |
11 | ;;; but WITHOUT ANY WARRANTY; without even the implied warranty of |
12 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
13 | ;;; GNU General Public License for more details. |
14 | ;;; |
15 | ;;; You should have received a copy of the GNU General Public License |
16 | ;;; along with this program. If not, see <http://www.gnu.org/licenses/>. |
17 | |
18 | ;; |
19 | ;; DNS services |
20 | ;; |
21 | |
22 | (define-module (config dns) |
23 | #:use-module (data dns) |
24 | #:use-module (gnu services) |
25 | #:use-module (gnu services dns) |
26 | #:use-module (srfi srfi-1) |
27 | #:use-module (ice-9 textual-ports) |
28 | #:export (ipv4-reverse-master-zone |
29 | ipv6-reverse-master-zone |
30 | lepiller-master-zone |
31 | lepiller-slave-zone |
32 | master-acl |
33 | slave-acl |
34 | hermes |
35 | nono)) |
36 | |
37 | ;; Update this when changing the zone: |
38 | (define lepiller-serial 2022121801) |
39 | |
40 | (define public-dkim |
41 | (apply |
42 | string-append |
43 | (string-split |
44 | (call-with-input-file "/etc/mail/dkim/public.key" get-string-all) |
45 | #\newline))) |
46 | |
47 | (define-zone-entries lepiller.eu.zone |
48 | ;; Name TTL Class Type Data |
49 | ("ene" "" "IN" "A" ene-toulouse-ip4) |
50 | ("ene" "" "IN" "AAAA" ene-toulouse-ip6) |
51 | ("hermes" "" "IN" "A" hermes-ip4) |
52 | ("hermes" "" "IN" "AAAA" hermes-ip6) |
53 | ("xana" "" "IN" "A" xana-ip4) |
54 | ("dark" "" "IN" "A" dark-ip4) |
55 | ("nono" "" "IN" "A" nono-ip4) |
56 | ("nono" "" "IN" "AAAA" nono-ip6) |
57 | ("lieserl" "" "IN" "A" lieserl-ip4) |
58 | ("lieserl" "" "IN" "AAAA" lieserl-ip6) |
59 | ("@" "" "IN" "A" hermes-ip4) |
60 | ("@" "" "IN" "AAAA" hermes-ip6) |
61 | ("www" "" "IN" "CNAME" "lepiller.eu.") |
62 | |
63 | ("avatar" "" "IN" "CNAME" "nono") |
64 | ("git" "" "IN" "CNAME" "nono") |
65 | ("i18n" "" "IN" "CNAME" "xana") |
66 | ("nani" "" "IN" "CNAME" "xana") |
67 | ("offlate" "" "IN" "CNAME" "xana") |
68 | ("social" "" "IN" "CNAME" "nono") |
69 | ("dico" "" "IN" "CNAME" "nono") |
70 | ("lfs" "" "IN" "CNAME" "dark") |
71 | |
72 | ("toulouse" "" "IN" "CNAME" "nono") |
73 | |
74 | ("@" "" "IN" "NS" "ns") |
75 | ("@" "" "IN" "NS" "ns2") |
76 | ("ns" "" "IN" "A" hermes-ip4) |
77 | ("ns" "" "IN" "AAAA" hermes-ip6) |
78 | ("ns2" "" "IN" "A" nono-ip4) |
79 | ("ns2" "" "IN" "AAAA" nono-ip6) |
80 | |
81 | ("@" "" "IN" "MX" "10 courriel") |
82 | ("@" "" "IN" "MX" "50 b.courriel") |
83 | ("@" "" "IN" "MX" "20 wio6sja633kwuybkyqex7vvnzqvrhrtzjix6cjhsqi42hx3n2qjfmzid.onion.") |
84 | ("@" "" "IN" "MX" "60 5g33mrv2rp2onyvte2b3ge5a44fxansxwt4sajmmae7lgorxjgz5czad.onion.") |
85 | ("b.courriel" "" "IN" "A" hermes-ip4) |
86 | ("b.courriel" "" "IN" "AAAA" hermes-ip6) |
87 | ("courriel" "" "IN" "A" nono-ip4) |
88 | ("courriel" "" "IN" "AAAA" nono-ip6) |
89 | ("imap" "" "IN" "CNAME" "courriel") |
90 | ("smtp" "" "IN" "CNAME" "b.courriel") |
91 | ("@" "" "IN" "TXT" "\"v=spf1 mx a ~all\"") |
92 | ("@" "" "IN" "SPF" "\"v=spf1 mx a ~all\"") |
93 | |
94 | ("dkim._domainkey" "" "IN" "TXT" (string-append "v=DKIM1\\; p=" public-dkim "\\; s=email\\; t=s")) |
95 | ("_dmarc" "" "IN" "TXT" "v=DMARC1\\; p=none\\; sp=reject\\; rua=mailto:rua@lepiller.eu!10m\\; ruf=mailto:ruf@lepiller.eu!10m\\; rf=afrf\\; pct=100\\; ri=86400")) |
96 | |
97 | (define-zone-entries ipv4-reverse.zone |
98 | ("@" "" "IN" "PTR" "lepiller.eu.") |
99 | ("@" "" "IN" "NS" "ns.lepiller.eu.") |
100 | ("@" "" "IN" "NS" "ns2.lepiller.eu.")) |
101 | |
102 | (define-zone-entries ipv6-reverse.zone |
103 | ("1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0" "" "IN" "PTR" "lepiller.eu.") |
104 | ("@" "" "IN" "NS" "ns.lepiller.eu.") |
105 | ("@" "" "IN" "NS" "ns2.lepiller.eu.")) |
106 | |
107 | (define nono |
108 | (knot-remote-configuration |
109 | (id "nono") |
110 | (address (list nono-ip4 nono-ip6)) |
111 | (key "lepiller-key"))) |
112 | |
113 | (define hermes |
114 | (knot-remote-configuration |
115 | (id "hermes") |
116 | (address (list hermes-ip4 hermes-ip6)) |
117 | (key "lepiller-key"))) |
118 | |
119 | (define master-acl |
120 | (knot-acl-configuration |
121 | (id "master-acl") |
122 | (address (list nono-ip4 nono-ip6)) |
123 | (key '("lepiller-key")) |
124 | (action '(transfer)))) |
125 | |
126 | (define slave-acl |
127 | (knot-acl-configuration |
128 | (id "slave-acl") |
129 | (address (list hermes-ip4 hermes-ip6)) |
130 | (key '("lepiller-key")) |
131 | (action '(notify)))) |
132 | |
133 | (define lepiller-master-zone |
134 | (knot-zone-configuration |
135 | (domain "lepiller.eu") |
136 | (notify '("nono")) |
137 | (dnssec-policy "default") |
138 | (acl '("master-acl")) |
139 | (zonefile-load 'difference) |
140 | (zone (zone-file |
141 | (origin "lepiller.eu") |
142 | (entries lepiller.eu.zone) |
143 | (serial lepiller-serial))))) |
144 | |
145 | (define lepiller-slave-zone |
146 | (knot-zone-configuration |
147 | (domain "lepiller.eu") |
148 | (acl '("slave-acl")) |
149 | (master '("hermes")))) |
150 | |
151 | (define ipv6-reverse-master-zone |
152 | (let* ((ip6 (string->list (substring (string-delete #\: hermes-ip6) 0 12))) |
153 | (rev-ip6-lst (fold (lambda (elem acc) |
154 | (cons* #\. elem acc)) |
155 | '() |
156 | ip6)) |
157 | (rev-ip6 (list->string (cdr rev-ip6-lst))) |
158 | (domain (string-append rev-ip6 ".ip6.arpa"))) |
159 | (knot-zone-configuration |
160 | (domain domain) |
161 | (zone (zone-file |
162 | (origin domain) |
163 | (entries ipv6-reverse.zone) |
164 | (ns "ns.lepiller.eu.") |
165 | (mail "hostmaster.lepiller.eu.") |
166 | (serial 1)))))) |
167 | |
168 | (define ipv4-reverse-master-zone |
169 | (let ((domain (string-append |
170 | (string-join (reverse (string-split hermes-ip4 #\.)) ".") |
171 | ".in-addr.arpa"))) |
172 | (knot-zone-configuration |
173 | (domain domain) |
174 | (zone (zone-file |
175 | (origin domain) |
176 | (entries ipv4-reverse.zone) |
177 | (ns "ns.lepiller.eu.") |
178 | (mail "hostmaster.lepiller.eu.") |
179 | (serial 1)))))) |
180 |