Merge pull request 'Change default coredns port' (#5065) from fixes-coredns into main

Reviewed-on: https://git.clan.lol/clan/clan-core/pulls/5065
2025-09-02 13:28:57 +00:00
parent eebb9b6a12 018ffdaeeb
commit 0817cf868b
2 changed files with 34 additions and 18 deletions
--- a/clanServices/coredns/default.nix
+++ b/clanServices/coredns/default.nix
@@ -1,4 +1,5 @@
 { ... }:
+
 {
  _class = "clan.service";
  manifest.name = "coredns";
@@ -25,6 +26,12 @@
          # TODO: Set a default
          description = "IP for the DNS to listen on";
        };
+
+        options.dnsPort = lib.mkOption {
+          type = lib.types.int;
+          default = 1053;
+          description = "Port of the clan-internal DNS server";
+        };
      };

    perInstance =
@@ -42,8 +49,8 @@
          }:
          {

-            networking.firewall.allowedTCPPorts = [ 53 ];
-            networking.firewall.allowedUDPPorts = [ 53 ];
+            networking.firewall.allowedTCPPorts = [ settings.dnsPort ];
+            networking.firewall.allowedUDPPorts = [ settings.dnsPort ];

            services.coredns =
              let
@@ -74,16 +81,22 @@
              in
              {
                enable = true;
-                config = ''
-                  . {
-                      forward . 1.1.1.1
-                      cache 30
-                  }
+                config =

-                  ${settings.tld} {
-                      file ${zonefile}
-                  }
-                '';
+                  let
+                    dnsPort = builtins.toString settings.dnsPort;
+                  in
+
+                  ''
+                    .:${dnsPort} {
+                        forward . 1.1.1.1
+                        cache 30
+                    }
+
+                    ${settings.tld}:${dnsPort} {
+                        file ${zonefile}
+                    }
+                  '';
              };
          };
      };
@@ -107,10 +120,16 @@
          # TODO: Set a default
          description = "IP on which the services will listen";
        };
+
+        options.dnsPort = lib.mkOption {
+          type = lib.types.int;
+          default = 1053;
+          description = "Port of the clan-internal DNS server";
+        };
      };

    perInstance =
-      { roles, ... }:
+      { roles, settings, ... }:
      {
        nixosModule =
          { lib, ... }:
@@ -147,7 +166,7 @@
                ];
                stub-zone = map (m: {
                  name = "${roles.server.machines.${m}.settings.tld}.";
-                  stub-addr = "${roles.server.machines.${m}.settings.ip}";
+                  stub-addr = "${roles.server.machines.${m}.settings.ip}@${builtins.toString settings.dnsPort}";
                }) (lib.attrNames roles.server.machines);
              };
            };
--- a/clanServices/coredns/tests/vm/default.nix
+++ b/clanServices/coredns/tests/vm/default.nix
@@ -95,18 +95,15 @@
    for m in machines:
        m.wait_for_unit("network-online.target")

-    # import time
-    # time.sleep(2333333)
-
    # This should work, but is borken in tests i think? Instead we dig directly

    # client.succeed("curl -k -v http://one.foo")
    # client.succeed("curl -k -v http://two.foo")

-    answer = client.succeed("dig @192.168.1.2 one.foo")
+    answer = client.succeed("dig @192.168.1.2 -p 1053 one.foo")
    assert "192.168.1.3" in answer, "IP not found"

-    answer = client.succeed("dig @192.168.1.2 two.foo")
+    answer = client.succeed("dig @192.168.1.2 -p 1053 two.foo")
    assert "192.168.1.4" in answer, "IP not found"

  '';