From 018ffdaeeb721bee1b0a49f0055f214b89422af6 Mon Sep 17 00:00:00 2001 From: pinpox Date: Tue, 2 Sep 2025 14:56:35 +0200 Subject: [PATCH] Change default coredns port This removes a conflict with systemd-resolved and provides an option to set your own port --- clanServices/coredns/default.nix | 45 ++++++++++++++++------- clanServices/coredns/tests/vm/default.nix | 7 +--- 2 files changed, 34 insertions(+), 18 deletions(-) diff --git a/clanServices/coredns/default.nix b/clanServices/coredns/default.nix index 51a1689a0..36ec489ab 100644 --- a/clanServices/coredns/default.nix +++ b/clanServices/coredns/default.nix @@ -1,4 +1,5 @@ { ... }: + { _class = "clan.service"; manifest.name = "coredns"; @@ -25,6 +26,12 @@ # TODO: Set a default description = "IP for the DNS to listen on"; }; + + options.dnsPort = lib.mkOption { + type = lib.types.int; + default = 1053; + description = "Port of the clan-internal DNS server"; + }; }; perInstance = @@ -42,8 +49,8 @@ }: { - networking.firewall.allowedTCPPorts = [ 53 ]; - networking.firewall.allowedUDPPorts = [ 53 ]; + networking.firewall.allowedTCPPorts = [ settings.dnsPort ]; + networking.firewall.allowedUDPPorts = [ settings.dnsPort ]; services.coredns = let @@ -74,16 +81,22 @@ in { enable = true; - config = '' - . { - forward . 1.1.1.1 - cache 30 - } + config = - ${settings.tld} { - file ${zonefile} - } - ''; + let + dnsPort = builtins.toString settings.dnsPort; + in + + '' + .:${dnsPort} { + forward . 1.1.1.1 + cache 30 + } + + ${settings.tld}:${dnsPort} { + file ${zonefile} + } + ''; }; }; }; @@ -107,10 +120,16 @@ # TODO: Set a default description = "IP on which the services will listen"; }; + + options.dnsPort = lib.mkOption { + type = lib.types.int; + default = 1053; + description = "Port of the clan-internal DNS server"; + }; }; perInstance = - { roles, ... }: + { roles, settings, ... }: { nixosModule = { lib, ... }: @@ -147,7 +166,7 @@ ]; stub-zone = map (m: { name = "${roles.server.machines.${m}.settings.tld}."; - stub-addr = "${roles.server.machines.${m}.settings.ip}"; + stub-addr = "${roles.server.machines.${m}.settings.ip}@${builtins.toString settings.dnsPort}"; }) (lib.attrNames roles.server.machines); }; }; diff --git a/clanServices/coredns/tests/vm/default.nix b/clanServices/coredns/tests/vm/default.nix index d6347d0a0..f81ee830f 100644 --- a/clanServices/coredns/tests/vm/default.nix +++ b/clanServices/coredns/tests/vm/default.nix @@ -95,18 +95,15 @@ for m in machines: m.wait_for_unit("network-online.target") - # import time - # time.sleep(2333333) - # This should work, but is borken in tests i think? Instead we dig directly # client.succeed("curl -k -v http://one.foo") # client.succeed("curl -k -v http://two.foo") - answer = client.succeed("dig @192.168.1.2 one.foo") + answer = client.succeed("dig @192.168.1.2 -p 1053 one.foo") assert "192.168.1.3" in answer, "IP not found" - answer = client.succeed("dig @192.168.1.2 two.foo") + answer = client.succeed("dig @192.168.1.2 -p 1053 two.foo") assert "192.168.1.4" in answer, "IP not found" '';