system-configuration

system-configuration/modules/config/dns.scm

dns.scm

;;; Tyreunom's system administration and configuration tools.
;;;
;;; Copyright © 2019 Julien Lepiller <julien@lepiller.eu>
;;;
;;; This program is free software: you can redistribute it and/or modify
;;; it under the terms of the GNU General Public License as published by
;;; the Free Software Foundation, either version 3 of the License, or
;;; (at your option) any later version.
;;;
;;; This program is distributed in the hope that it will be useful,
;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with this program.  If not, see <http://www.gnu.org/licenses/>.

;;
;; DNS services
;;

(define-module (config dns)
  #:use-module (data dns)
  #:use-module (gnu services)
  #:use-module (gnu services dns)
  #:use-module (srfi srfi-1)
  #:use-module (ice-9 textual-ports)
  #:export (ipv4-reverse-master-zone
            ipv6-reverse-master-zone
            lepiller-master-zone
            lepiller-slave-zone
            master-acl
            slave-acl
            hermes
            ene))

(define public-dkim
  (apply
    string-append
    (string-split
      (call-with-input-file "/etc/mail/dkim/public.key" get-string-all)
      #\newline)))

(define-zone-entries lepiller.eu.zone
;; Name         TTL Class Type Data
  ("ene"        ""  "IN"  "A"     ene-ip4)
  ; IPv6 firewall is not configurable and refuses any connection
  ;("ene"        ""  "IN"  "AAAA"  ene-ip6)
  ("hermes"     ""  "IN"  "A"     hermes-ip4)
  ("hermes"     ""  "IN"  "AAAA"  hermes-ip6)
  ("monokuma"   ""  "IN"  "A"     monokuma-ip4)
  ; IPv6 firewall is not configurable and refuses any connection
  ;("monokuma"   ""  "IN"  "AAAA"  monokuma-ip6)
  ("xana"       ""  "IN"  "A"     xana-ip4)
  ("@"          ""  "IN"  "A"     hermes-ip4)
  ("@"          ""  "IN"  "AAAA"  hermes-ip6)
  ("www"        ""  "IN"  "CNAME" "lepiller.eu.")

  ("avatar"     ""  "IN"  "CNAME" "ene")
  ("i18n"       ""  "IN"  "CNAME" "xana")
  ("nani"       ""  "IN"  "CNAME" "xana")
  ("offlate"    ""  "IN"  "CNAME" "xana")
  ("rennes"     ""  "IN"  "CNAME" "ene")
  ("social"     ""  "IN"  "CNAME" "hermes")

  ("@"          ""  "IN"  "NS"    "ns")
  ("@"          ""  "IN"  "NS"    "ns2")
  ("ns"         ""  "IN"  "A"     hermes-ip4)
  ("ns"         ""  "IN"  "AAAA"  hermes-ip6)
  ("ns2"        ""  "IN"  "A"     ene-ip4)
  ;("ns2"        ""  "IN"  "AAAA"  ene-ip6)

  ("@"          ""  "IN"  "MX"    "10 courriel")
  ("@"          ""  "IN"  "MX"    "50 b.courriel")
  ("b.courriel" ""  "IN"  "A"     hermes-ip4)
  ("b.courriel" ""  "IN"  "AAAA"  hermes-ip6)
  ("courriel"   ""  "IN"  "A"     ene-ip4)
  ;("courriel"   ""  "IN"  "AAAA"  ene-ip6)
  ("imap"       ""  "IN"  "CNAME" "courriel")
  ("smtp"       ""  "IN"  "CNAME" "b.courriel")
  ("@"          ""  "IN"  "TXT"   "v=spf1 mx a ~all")
  ("@"          ""  "IN"  "SPF"   "v=spf1 mx a ~all")
  
  ("dkim._domainkey" "" "IN" "TXT" (string-append "v=DKIM1\\; p=" public-dkim "\\; s=email\\; t=s"))
  ("_dmarc"     ""  "IN"  "TXT"   "v=DMARC1\\; p=none\\; sp=reject\\; rua=mailto:rua@lepiller.eu!10m\\; ruf=mailto:ruf@lepiller.eu!10m\\; rf=afrf\\; pct=100\\; ri=86400"))

(define-zone-entries ipv4-reverse.zone
  ("@" "" "IN" "PTR" "lepiller.eu.")
  ("@"          ""  "IN"  "NS"    "ns.lepiller.eu.")
  ("@"          ""  "IN"  "NS"    "ns2.lepiller.eu."))

(define-zone-entries ipv6-reverse.zone
  ("1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0" "" "IN" "PTR" "lepiller.eu.")
  ("@"          ""  "IN"  "NS"    "ns.lepiller.eu.")
  ("@"          ""  "IN"  "NS"    "ns2.lepiller.eu."))

(define ene
  (knot-remote-configuration
    (id "ene")
    (address (list ene-ip4 ene-ip6))
    (key "lepiller-key")))

(define hermes
  (knot-remote-configuration
    (id "hermes")
    (address (list hermes-ip4 hermes-ip6))
    (key "lepiller-key")))

(define master-acl
  (knot-acl-configuration
    (id "master-acl")
    (address (list hermes-ip4))
    (key '("lepiller-key"))
    (action '(transfer))))

(define slave-acl
  (knot-acl-configuration
    (id "slave-acl")
    (address (list ene-ip4))
    (key '("lepiller-key"))
    (action '(notify))))

(define lepiller-master-zone
  (knot-zone-configuration
    (domain "lepiller.eu")
    (notify '("hermes"))
    (dnssec-policy "default")
    (acl '("master-acl"))
    (zonefile-load 'difference)
    (zone (zone-file
            (origin "lepiller.eu")
            (entries lepiller.eu.zone)
            (serial 2019112601)))))

(define lepiller-slave-zone
  (knot-zone-configuration
    (domain "lepiller.eu")
    (acl '("slave-acl"))
    (master '("ene"))))

(define ipv6-reverse-master-zone
  (let* ((ip6 (string->list (substring (string-delete hermes-ip6 #\:) 0 12)))
         (rev-ip6-lst (fold (lambda (elem acc)
                          (cons* #\. elem acc))
                        '()
                        ip6))
         (rev-ip6 (list->string (cdr rev-ip6-lst)))
         (domain (string-append rev-ip6 ".ip6.arpa")))
    (knot-zone-configuration
      (domain domain)
      (zone (zone-file
              (origin domain)
              (entries ipv6-reverse.zone)
              (ns "ns.lepiller.eu.")
              (mail "hostmaster.lepiller.eu.")
              (serial 1))))))

(define ipv4-reverse-master-zone
  (let ((domain (string-append
                  (string-join (reverse (string-split hermes-ip4 #\.)) ".")
                  ".in-addr.arpa")))
    (knot-zone-configuration
      (domain domain)
      (zone (zone-file
              (origin domain)
              (entries ipv4-reverse.zone)
              (ns "ns.lepiller.eu.")
              (mail "hostmaster.lepiller.eu.")
              (serial 1))))))


1	;;; Tyreunom's system administration and configuration tools.
2	;;;
3	;;; Copyright © 2019 Julien Lepiller <julien@lepiller.eu>
4	;;;
5	;;; This program is free software: you can redistribute it and/or modify
6	;;; it under the terms of the GNU General Public License as published by
7	;;; the Free Software Foundation, either version 3 of the License, or
8	;;; (at your option) any later version.
9	;;;
10	;;; This program is distributed in the hope that it will be useful,
11	;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
12	;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13	;;; GNU General Public License for more details.
14	;;;
15	;;; You should have received a copy of the GNU General Public License
16	;;; along with this program. If not, see <http://www.gnu.org/licenses/>.
17
18	;;
19	;; DNS services
20	;;
21
22	(define-module (config dns)
23	#:use-module (data dns)
24	#:use-module (gnu services)
25	#:use-module (gnu services dns)
26	#:use-module (srfi srfi-1)
27	#:use-module (ice-9 textual-ports)
28	#:export (ipv4-reverse-master-zone
29	ipv6-reverse-master-zone
30	lepiller-master-zone
31	lepiller-slave-zone
32	master-acl
33	slave-acl
34	hermes
35	ene))
36
37	(define public-dkim
38	(apply
39	string-append
40	(string-split
41	(call-with-input-file "/etc/mail/dkim/public.key" get-string-all)
42	#\newline)))
43
44	(define-zone-entries lepiller.eu.zone
45	;; Name TTL Class Type Data
46	("ene" "" "IN" "A" ene-ip4)
47	; IPv6 firewall is not configurable and refuses any connection
48	;("ene" "" "IN" "AAAA" ene-ip6)
49	("hermes" "" "IN" "A" hermes-ip4)
50	("hermes" "" "IN" "AAAA" hermes-ip6)
51	("monokuma" "" "IN" "A" monokuma-ip4)
52	; IPv6 firewall is not configurable and refuses any connection
53	;("monokuma" "" "IN" "AAAA" monokuma-ip6)
54	("xana" "" "IN" "A" xana-ip4)
55	("@" "" "IN" "A" hermes-ip4)
56	("@" "" "IN" "AAAA" hermes-ip6)
57	("www" "" "IN" "CNAME" "lepiller.eu.")
58
59	("avatar" "" "IN" "CNAME" "ene")
60	("i18n" "" "IN" "CNAME" "xana")
61	("nani" "" "IN" "CNAME" "xana")
62	("offlate" "" "IN" "CNAME" "xana")
63	("rennes" "" "IN" "CNAME" "ene")
64	("social" "" "IN" "CNAME" "hermes")
65
66	("@" "" "IN" "NS" "ns")
67	("@" "" "IN" "NS" "ns2")
68	("ns" "" "IN" "A" hermes-ip4)
69	("ns" "" "IN" "AAAA" hermes-ip6)
70	("ns2" "" "IN" "A" ene-ip4)
71	;("ns2" "" "IN" "AAAA" ene-ip6)
72
73	("@" "" "IN" "MX" "10 courriel")
74	("@" "" "IN" "MX" "50 b.courriel")
75	("b.courriel" "" "IN" "A" hermes-ip4)
76	("b.courriel" "" "IN" "AAAA" hermes-ip6)
77	("courriel" "" "IN" "A" ene-ip4)
78	;("courriel" "" "IN" "AAAA" ene-ip6)
79	("imap" "" "IN" "CNAME" "courriel")
80	("smtp" "" "IN" "CNAME" "b.courriel")
81	("@" "" "IN" "TXT" "v=spf1 mx a ~all")
82	("@" "" "IN" "SPF" "v=spf1 mx a ~all")
83
84	("dkim._domainkey" "" "IN" "TXT" (string-append "v=DKIM1\\; p=" public-dkim "\\; s=email\\; t=s"))
85	("_dmarc" "" "IN" "TXT" "v=DMARC1\\; p=none\\; sp=reject\\; rua=mailto:rua@lepiller.eu!10m\\; ruf=mailto:ruf@lepiller.eu!10m\\; rf=afrf\\; pct=100\\; ri=86400"))
86
87	(define-zone-entries ipv4-reverse.zone
88	("@" "" "IN" "PTR" "lepiller.eu.")
89	("@" "" "IN" "NS" "ns.lepiller.eu.")
90	("@" "" "IN" "NS" "ns2.lepiller.eu."))
91
92	(define-zone-entries ipv6-reverse.zone
93	("1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0" "" "IN" "PTR" "lepiller.eu.")
94	("@" "" "IN" "NS" "ns.lepiller.eu.")
95	("@" "" "IN" "NS" "ns2.lepiller.eu."))
96
97	(define ene
98	(knot-remote-configuration
99	(id "ene")
100	(address (list ene-ip4 ene-ip6))
101	(key "lepiller-key")))
102
103	(define hermes
104	(knot-remote-configuration
105	(id "hermes")
106	(address (list hermes-ip4 hermes-ip6))
107	(key "lepiller-key")))
108
109	(define master-acl
110	(knot-acl-configuration
111	(id "master-acl")
112	(address (list hermes-ip4))
113	(key '("lepiller-key"))
114	(action '(transfer))))
115
116	(define slave-acl
117	(knot-acl-configuration
118	(id "slave-acl")
119	(address (list ene-ip4))
120	(key '("lepiller-key"))
121	(action '(notify))))
122
123	(define lepiller-master-zone
124	(knot-zone-configuration
125	(domain "lepiller.eu")
126	(notify '("hermes"))
127	(dnssec-policy "default")
128	(acl '("master-acl"))
129	(zonefile-load 'difference)
130	(zone (zone-file
131	(origin "lepiller.eu")
132	(entries lepiller.eu.zone)
133	(serial 2019112601)))))
134
135	(define lepiller-slave-zone
136	(knot-zone-configuration
137	(domain "lepiller.eu")
138	(acl '("slave-acl"))
139	(master '("ene"))))
140
141	(define ipv6-reverse-master-zone
142	(let* ((ip6 (string->list (substring (string-delete hermes-ip6 #\:) 0 12)))
143	(rev-ip6-lst (fold (lambda (elem acc)
144	(cons* #\. elem acc))
145	'()
146	ip6))
147	(rev-ip6 (list->string (cdr rev-ip6-lst)))
148	(domain (string-append rev-ip6 ".ip6.arpa")))
149	(knot-zone-configuration
150	(domain domain)
151	(zone (zone-file
152	(origin domain)
153	(entries ipv6-reverse.zone)
154	(ns "ns.lepiller.eu.")
155	(mail "hostmaster.lepiller.eu.")
156	(serial 1))))))
157
158	(define ipv4-reverse-master-zone
159	(let ((domain (string-append
160	(string-join (reverse (string-split hermes-ip4 #\.)) ".")
161	".in-addr.arpa")))
162	(knot-zone-configuration
163	(domain domain)
164	(zone (zone-file
165	(origin domain)
166	(entries ipv4-reverse.zone)
167	(ns "ns.lepiller.eu.")
168	(mail "hostmaster.lepiller.eu.")
169	(serial 1))))))
170