shuppy/fallen-sky
1
1
Fork 0
Code Issues Pull requests Activity
No description
40 commits 2 branches 0 tags 187 KiB
  • Rust 55.5%
  • Nix 44.5%
Find a file
Delan Azabani f09c63dce5 dns: upgrade nonymous to 0.5.0
2025-10-15 16:04:06 +08:00
fallen-sky-config validator: initial 2025-10-06 23:28:59 +08:00
fallen-sky-dns dns: upgrade nonymous to 0.5.0 2025-10-15 16:04:06 +08:00
fallen-sky-validator validator: fix infinite loop when route cache entry has no mtu 2025-10-07 11:29:03 +08:00
nixos NixOS: initial config 2025-10-07 14:01:41 +08:00
.gitignore validator: initial 2025-10-06 23:28:59 +08:00
Cargo.lock dns: upgrade nonymous to 0.5.0 2025-10-15 16:04:06 +08:00
Cargo.toml validator: initial 2025-10-06 23:28:59 +08:00
LICENSE initial commit 2025-10-06 23:28:37 +08:00
README.md NixOS: initial config 2025-10-07 14:01:41 +08:00
rust-toolchain.toml validator: initial 2025-10-06 23:28:59 +08:00
rustfmt.toml validator: initial 2025-10-06 23:28:59 +08:00

README.md

fallen-sky

tools for falling-sky, the IPv6 diagnostic service that powers test-ipv6.com and sixte.st.

if you’re like me and you’re interested in continuing to run falling-sky after test-ipv6 is retired, and potentially collaborating on its maintenance and development, get in touch:

shuppy <fallen-sky@shuppy.org>

validator

you will need a rust compiler, at least this version or newer.

to build:

$ cargo build -p fallen-sky-validator

to run:

$ cd target/debug
$ ./fallen-sky-validator <domain>
$ ./fallen-sky-validator <domain> \
  --expected-version 1.1.1023 \
  --expected-htrev 1.1.1023-6cac666d687ebd126e73ed55355d8cf6

NixOS config

/nixos/ contains the config management used to deploy falling-sky to sixte.st.

the v6ns zone is defined in this config using a modified vendored NixOS module for nsd (services.falling-sky.nsd), which can be used simultaneously with the usual module (services.nsd). the main DNS zone is currently defined outside this config and deployed on hurricane electric.

this config is deployed on a server that uses nginx for other web services as follows:

{ config, lib, options, modulesPath, pkgs, specialArgs }: {
  imports = [ path/to/fallen-sky/nixos ];

  services.falling-sky = {
    enable = true;
    domain = "sixte.st";
    ipv4-address = "192.0.2.1";
    ipv6-address = "2001:db8::1500";
    mtu1280-address = "2001:db8::1280";
    # v6ns-soa-rname = "hostmaster.sixte.st.";
    v6ns-acme-challenge-cname = "_acme-challenge.v6ns.sixte.st.acme.example.";
  };

  services.nginx.virtualHosts = let
    falling-sky = {
      locations."/" = {
        useACMEHost = "hostname.example.";
        addSSL = true;
        proxyPass = "http://127.0.0.1:1280";
        extraConfig = ''
            # https://github.com/curl/curl/issues/674
            # https://trac.nginx.org/nginx/ticket/915
            proxy_hide_header Upgrade;
        '';
      };
    };
  in {
    ".sixte.st" = falling-sky;
    "192.0.2.1" = falling-sky;
    "[2001:db8::1500]" = falling-sky;
  };

  security.acme.certs."hostname.example." = {
    extraDomainNames = [
      "sixte.st"
      "*.sixte.st"
      "*.v6ns.sixte.st"
    ];
  };
}