diff --git a/ops/nixos/clouvider-fra01/default.nix b/ops/nixos/clouvider-fra01/default.nix index cf56b1bc5b..b3693d4953 100644 --- a/ops/nixos/clouvider-fra01/default.nix +++ b/ops/nixos/clouvider-fra01/default.nix @@ -125,6 +125,7 @@ in { ]; }; my.ip.tailscale = "100.75.142.119"; + my.coredns.bind = [ "enp1s0" "tailscale0" "127.0.0.1" "::1" ]; # List packages installed in system profile. To search, run: # $ nix search wget diff --git a/ops/nixos/clouvider-lon01/default.nix b/ops/nixos/clouvider-lon01/default.nix index 642cbe7a9b..2fc34905c3 100644 --- a/ops/nixos/clouvider-lon01/default.nix +++ b/ops/nixos/clouvider-lon01/default.nix @@ -133,6 +133,7 @@ in { }; }; my.ip.tailscale = "100.79.173.25"; + my.coredns.bind = [ "br-ext" "tailscale0" "127.0.0.1" "::1" ]; services.openssh.openFirewall = false; # allowed by networking.firewall.extraCommands services.openssh.hostKeys = [ diff --git a/ops/nixos/frantech-las01/default.nix b/ops/nixos/frantech-las01/default.nix index 887c3749dd..6ff7387845 100644 --- a/ops/nixos/frantech-las01/default.nix +++ b/ops/nixos/frantech-las01/default.nix @@ -65,6 +65,7 @@ in { }; }; my.ip.tailscale = "100.127.132.77"; + my.coredns.bind = [ "ens3" "tailscale0" "127.0.0.1" "::1" ]; system.stateVersion = "21.05"; } diff --git a/ops/nixos/frantech-lux01/default.nix b/ops/nixos/frantech-lux01/default.nix index 8688642ef6..c825010bf7 100644 --- a/ops/nixos/frantech-lux01/default.nix +++ b/ops/nixos/frantech-lux01/default.nix @@ -65,6 +65,7 @@ in { }; }; my.ip.tailscale = "100.125.159.57"; + my.coredns.bind = [ "ens3" "tailscale0" "127.0.0.1" "::1" ]; system.stateVersion = "21.05"; } diff --git a/ops/nixos/frantech-nyc01/default.nix b/ops/nixos/frantech-nyc01/default.nix index 3d889e7ca0..2e838ebf9d 100644 --- a/ops/nixos/frantech-nyc01/default.nix +++ b/ops/nixos/frantech-nyc01/default.nix @@ -68,6 +68,7 @@ in { }; }; my.ip.tailscale = "100.99.236.25"; + my.coredns.bind = [ "ens3" "tailscale0" "127.0.0.1" "::1" ]; services.lukegbgp = let local = { asn = 205479; diff --git a/ops/nixos/lib/coredns/default.nix b/ops/nixos/lib/coredns/default.nix index 113e9a09a0..1f603c00cf 100644 --- a/ops/nixos/lib/coredns/default.nix +++ b/ops/nixos/lib/coredns/default.nix @@ -1,6 +1,11 @@ -{ depot, lib, ... }: +{ depot, lib, config, ... }: { + options.my.coredns.bind = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = []; + }; + config = { environment.etc."coredns-zones" = { source = "${./zones}"; @@ -38,7 +43,12 @@ } ''; in '' + (global) { + bind ${lib.concatStringsSep " " config.my.coredns.bind} + } + . { + import global chaos log errors @@ -52,6 +62,7 @@ } (zonehdr) { + import global prometheus log errors