Commit 89969dc660a6
Changed files (2)
lib
scripts
lib/dns-helpers.nix
@@ -1,16 +1,13 @@
{ globals }:
{
# Helper to get first IP from machine config
- # Prefers regular IPs, fallback to VPN IPs
+ # Uses VPN IPs only (10.100.0.x) for public DNS
getMachineIP =
machine:
let
- ips = machine.net.ips or [ ];
vpnIps = machine.net.vpn.ips or [ ];
- # Prefer regular IPs, fallback to VPN IPs
- allIps = if ips != [ ] then ips else vpnIps;
in
- if builtins.isList allIps then builtins.head allIps else allIps;
+ if builtins.isList vpnIps then builtins.head vpnIps else vpnIps;
# Generate machine subdomains with wildcard support
# Takes a list of machine names and returns an attribute set of DNS records
@@ -30,6 +27,7 @@
# Helper to generate service DNS records from globals
# Takes a services attribute set and returns DNS records with alias support
+ # Uses VPN IPs only (10.100.0.x) for public DNS
mkServiceRecords =
services:
builtins.listToAttrs (
@@ -38,7 +36,7 @@
let
service = services.${serviceName};
hostName = if builtins.isAttrs service then service.host else service;
- hostIP = globals.machines.${hostName}.net.ips;
+ hostIP = globals.machines.${hostName}.net.vpn.ips;
ip = if builtins.isList hostIP then builtins.head hostIP else hostIP;
aliases = if builtins.isAttrs service then (service.aliases or [ ]) else [ ];
in
scripts/update-gandi-dns.sh
@@ -82,7 +82,7 @@ echo
if [[ "$DRY_RUN" == "false" ]]; then
echo -e "${CYAN}Fetching current DNS records from Gandi...${RESET}"
CURRENT_RECORDS=$(curl -s \
- -H "Authorization: Apikey $GANDIV5_PERSONAL_TOKEN" \
+ -H "Authorization: Bearer $GANDIV5_PERSONAL_TOKEN" \
"$API_URL" || echo "[]")
echo -e "${GREEN}Current records fetched${RESET}"
@@ -149,7 +149,7 @@ while IFS= read -r line; do
# Update/create the record
RESPONSE=$(curl -s -w "\n%{http_code}" \
-X PUT \
- -H "Authorization: Apikey $GANDIV5_PERSONAL_TOKEN" \
+ -H "Authorization: Bearer $GANDIV5_PERSONAL_TOKEN" \
-H "Content-Type: application/json" \
-d "{\"rrset_values\": [\"$VALUE\"], \"rrset_ttl\": $TTL}" \
"$API_URL/$NAME/A")