From 0d9ebf93580a5be7dde949fdfc69f16f3caeab2a Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Wed, 10 Apr 2024 23:23:22 +0200 Subject: [PATCH] add bind9 deployment with our dns --- nix/flake/kubenix/bind9.nix | 134 ++++++++++++++++++++++++++++++++++ nix/flake/kubenix/default.nix | 5 +- 2 files changed, 138 insertions(+), 1 deletion(-) create mode 100644 nix/flake/kubenix/bind9.nix diff --git a/nix/flake/kubenix/bind9.nix b/nix/flake/kubenix/bind9.nix new file mode 100644 index 0000000..8505fbc --- /dev/null +++ b/nix/flake/kubenix/bind9.nix @@ -0,0 +1,134 @@ +{ + kubernetes.resources = { + configMaps = { + bind9-env.data.TZ = "Europe/Amsterdam"; + + bind9-config.data = { + # TODO: this was copied from nix's generated bind config + # Is there a way to generate this without actually running the nixos module? + config = '' + acl cachenetworks { 127.0.0.0/24; }; + acl badnetworks { }; + + options { + listen-on { any; }; + listen-on-v6 { any; }; + allow-query { cachenetworks; }; + blackhole { badnetworks; }; + forward first; + forwarders { }; + directory "/run/named"; + pid-file "/run/named/named.pid"; + allow-transfer { none; }; + allow-recursion { none; }; + version none; + notify no; + }; + + zone "kun.is" { + type master; + file "/etc/bind/kun.is.zone"; + allow-transfer { }; + allow-query { any; }; + }; + ''; + + # TODO: replace with dns.nix + kunis-zone = '' + $TTL 86400 + + kun.is. IN SOA ns1 webmaster.kun.is. (2024021702 86400 600 864000 60) + + kun.is. IN CAA 0 issue "letsencrypt.org" + kun.is. IN CAA 0 issuewild ";" + kun.is. IN CAA 0 iodef "mailto:caa@kun.is" + + kun.is. IN MX 10 mail.kun.is. + + kun.is. IN NS ns1.kun.is. + kun.is. IN NS ns2.kun.is. + + kun.is. IN TXT "v=spf1 include:spf.glasnet.nl ~all" + + *.kun.is. IN A 192.145.57.90 + + em670271.kun.is. IN CNAME return.smtp2go.net. + + link.kun.is. IN CNAME track.smtp2go.net. + + ns.kun.is. IN A 192.145.57.90 + + ns.kun.is. IN AAAA 2a0d:6e00:1a77:30::7 + + ns1.kun.is. IN A 192.145.57.90 + + ns1.kun.is. IN AAAA 2a0d:6e00:1a77:30::7 + + ns2.kun.is. IN A 192.145.57.90 + + ns2.kun.is. IN AAAA 2a0d:6e00:1a77:30::7 + + s670271._domainkey.kun.is. IN CNAME dkim.smtp2go.net. + + wg.kun.is. IN A 192.145.57.90 + + wg.kun.is. IN AAAA 2a0d:6e00:1a77:30::1 + ''; + }; + }; + + deployments.bind9 = { + metadata.labels.app = "bind9"; + + spec = { + selector.matchLabels.app = "bind9"; + + template = { + metadata.labels.app = "bind9"; + + spec = { + containers.bind9 = { + image = "ubuntu/bind9:9.18-22.04_beta"; + envFrom = [{ configMapRef.name = "bind9-env"; }]; + + ports = [{ + containerPort = 53; + protocol = "UDP"; + }]; + + volumeMounts = [ + { + name = "config"; + mountPath = "/etc/bind/named.conf"; + subPath = "config"; + } + { + name = "config"; + mountPath = "/etc/bind/kun.is.zone"; + subPath = "kunis-zone"; + } + ]; + }; + + volumes = [{ + name = "config"; + configMap.name = "bind9-config"; + }]; + }; + }; + }; + }; + + services.bind9.spec = { + type = "LoadBalancer"; + loadBalancerIP = "192.168.30.134"; + selector.app = "bind9"; + + ports = [{ + port = 53; + targetPort = 53; + protocol = "UDP"; + }]; + }; + }; +} diff --git a/nix/flake/kubenix/default.nix b/nix/flake/kubenix/default.nix index 4c396fa..b85535f 100644 --- a/nix/flake/kubenix/default.nix +++ b/nix/flake/kubenix/default.nix @@ -2,7 +2,9 @@ (system: { kubenix = kubenix.packages.${system}.default.override { - specialArgs.flake = self; + specialArgs = { + flake = self; + }; module = { kubenix, ... }: { imports = [ @@ -21,6 +23,7 @@ ./kitchenowl.nix ./forgejo.nix ./media.nix + ./bind9.nix ]; kubernetes.kubeconfig = "~/.kube/config"; kubenix.project = "home";