From 6e608e6ca870da7bcee71ad5e5ad168a87827158 Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Sat, 13 Apr 2024 23:25:48 +0200 Subject: [PATCH] use dns.nix for kun.is zone again parameterize k8s' service IPs --- flake-parts/kubenix.nix | 22 ++++----- kubenix-modules/all.nix | 2 +- .../{bind9.nix => bind9/default.nix} | 48 +++---------------- kubenix-modules/bind9/kun.is.zone.nix | 45 +++++++++++++++++ kubenix-modules/dnsmasq.nix | 14 +++--- kubenix-modules/forgejo.nix | 6 +-- kubenix-modules/inbucket.nix | 4 +- kubenix-modules/kms.nix | 4 +- kubenix-modules/media.nix | 4 +- kubenix-modules/minecraft.nix | 4 +- kubenix-modules/pihole.nix | 4 +- kubenix-modules/traefik.nix | 4 +- my-lib/globals.nix | 33 +++++-------- 13 files changed, 95 insertions(+), 99 deletions(-) rename kubenix-modules/{bind9.nix => bind9/default.nix} (66%) create mode 100644 kubenix-modules/bind9/kun.is.zone.nix diff --git a/flake-parts/kubenix.nix b/flake-parts/kubenix.nix index 3fe34b4..48e6274 100644 --- a/flake-parts/kubenix.nix +++ b/flake-parts/kubenix.nix @@ -1,15 +1,13 @@ -{ myLib, flake-utils, kubenix, nixhelm, ... }: flake-utils.lib.eachDefaultSystem - (system: { - # TODO: DRY - kubenix = kubenix.packages.${system}.default.override +{ dns, myLib, flake-utils, kubenix, nixhelm, ... }: flake-utils.lib.eachDefaultSystem + (system: + let + mkKubenixPackage = module: kubenix.packages.${system}.default.override { - specialArgs = { inherit myLib kubenix nixhelm system; }; - module = { imports = [ ../kubenix-modules/all.nix ]; }; - }; - - kubenix-bootstrap = kubenix.packages.${system}.default.override - { - specialArgs = { inherit myLib kubenix nixhelm system; }; - module = { imports = [ ../kubenix-modules/base.nix ]; }; + specialArgs = { inherit myLib kubenix nixhelm system dns; }; + module = { imports = [ module ]; }; }; + in + { + kubenix = mkKubenixPackage ../kubenix-modules/all.nix; + kubenix-bootstrap = mkKubenixPackage ../kubenix-modules/base.nix; }) diff --git a/kubenix-modules/all.nix b/kubenix-modules/all.nix index 5cf00e5..cf2635a 100644 --- a/kubenix-modules/all.nix +++ b/kubenix-modules/all.nix @@ -15,7 +15,7 @@ ./kitchenowl.nix ./forgejo.nix ./media.nix - ./bind9.nix + ./bind9 ./dnsmasq.nix ./esrom.nix ./metallb.nix diff --git a/kubenix-modules/bind9.nix b/kubenix-modules/bind9/default.nix similarity index 66% rename from kubenix-modules/bind9.nix rename to kubenix-modules/bind9/default.nix index 8505fbc..be2945a 100644 --- a/kubenix-modules/bind9.nix +++ b/kubenix-modules/bind9/default.nix @@ -1,3 +1,7 @@ +{ myLib, dns, ... }: +let + kunisZone = dns.lib.toString "kun.is" (import ./kun.is.zone.nix myLib dns); +in { kubernetes.resources = { configMaps = { @@ -33,47 +37,7 @@ }; ''; - # TODO: replace with dns.nix - kunis-zone = '' - $TTL 86400 - - kun.is. IN SOA ns1 webmaster.kun.is. (2024021702 86400 600 864000 60) - - kun.is. IN CAA 0 issue "letsencrypt.org" - kun.is. IN CAA 0 issuewild ";" - kun.is. IN CAA 0 iodef "mailto:caa@kun.is" - - kun.is. IN MX 10 mail.kun.is. - - kun.is. IN NS ns1.kun.is. - kun.is. IN NS ns2.kun.is. - - kun.is. IN TXT "v=spf1 include:spf.glasnet.nl ~all" - - *.kun.is. IN A 192.145.57.90 - - em670271.kun.is. IN CNAME return.smtp2go.net. - - link.kun.is. IN CNAME track.smtp2go.net. - - ns.kun.is. IN A 192.145.57.90 - - ns.kun.is. IN AAAA 2a0d:6e00:1a77:30::7 - - ns1.kun.is. IN A 192.145.57.90 - - ns1.kun.is. IN AAAA 2a0d:6e00:1a77:30::7 - - ns2.kun.is. IN A 192.145.57.90 - - ns2.kun.is. IN AAAA 2a0d:6e00:1a77:30::7 - - s670271._domainkey.kun.is. IN CNAME dkim.smtp2go.net. - - wg.kun.is. IN A 192.145.57.90 - - wg.kun.is. IN AAAA 2a0d:6e00:1a77:30::1 - ''; + kunis-zone = kunisZone; }; }; @@ -121,7 +85,7 @@ services.bind9.spec = { type = "LoadBalancer"; - loadBalancerIP = "192.168.30.134"; + loadBalancerIP = myLib.globals.bind9IPv4; selector.app = "bind9"; ports = [{ diff --git a/kubenix-modules/bind9/kun.is.zone.nix b/kubenix-modules/bind9/kun.is.zone.nix new file mode 100644 index 0000000..9e15cf0 --- /dev/null +++ b/kubenix-modules/bind9/kun.is.zone.nix @@ -0,0 +1,45 @@ +myLib: dns: with dns.lib.combinators; { + CAA = letsEncrypt "caa@kun.is"; + + SOA = { + nameServer = "ns1"; + adminEmail = "webmaster@kun.is"; + serial = 2024041300; + }; + + NS = [ + "ns1.kun.is." + "ns2.kun.is." + ]; + + MX = [ + (mx.mx 10 "mail.kun.is.") + ]; + + TXT = [ + (with spf; soft [ "include:spf.glasnet.nl" ]) + ]; + + subdomains = rec { + "*".A = [ myLib.globals.routerPublicIPv4 ]; + + ns.A = [ myLib.globals.routerPublicIPv4 ]; + ns1 = ns; + ns2 = ns; + + wg = host myLib.globals.routerPublicIPv4 myLib.globals.routerPublicIPv6; + + #for SMTP2GO to be able send emails from kun.is domain + em670271 = { + CNAME = [ "return.smtp2go.net." ]; + }; + + "s670271._domainkey" = { + CNAME = [ "dkim.smtp2go.net." ]; + }; + + link = { + CNAME = [ "track.smtp2go.net." ]; + }; + }; +} diff --git a/kubenix-modules/dnsmasq.nix b/kubenix-modules/dnsmasq.nix index a92477c..43ed7f5 100644 --- a/kubenix-modules/dnsmasq.nix +++ b/kubenix-modules/dnsmasq.nix @@ -1,19 +1,19 @@ -{ +{ myLib, ... }: { kubernetes.resources = { # TODO: generate this with nix? configMaps.dnsmasq-config.data.config = '' - address=/kms.kun.is/192.168.30.129 - address=/ssh.git.kun.is/192.168.30.132 - alias=192.145.57.90,192.168.30.128 + address=/kms.kun.is/${myLib.globals.kmsIPv4} + address=/ssh.git.kun.is/${myLib.globals.gitIPv4} + alias=${myLib.globals.routerPublicIPv4},${myLib.globals.traefikIPv4} expand-hosts - host-record=hermes.dmz,192.168.30.135 + host-record=hermes.dmz,${myLib.globals.dnsmasqIPv4} local=/dmz/ log-queries no-hosts no-resolv port=53 server=192.168.30.1 - server=/kun.is/192.168.30.134 + server=/kun.is/${myLib.globals.bind9IPv4} ''; deployments.dnsmasq = { @@ -52,7 +52,7 @@ services.dnsmasq.spec = { type = "LoadBalancer"; - loadBalancerIP = "192.168.30.135"; + loadBalancerIP = myLib.globals.dnsmasqIPv4; selector.app = "dnsmasq"; ports = [{ diff --git a/kubenix-modules/forgejo.nix b/kubenix-modules/forgejo.nix index 2f7a415..d1d146a 100644 --- a/kubenix-modules/forgejo.nix +++ b/kubenix-modules/forgejo.nix @@ -1,8 +1,8 @@ -{ +{ myLib, ... }: { kubernetes.resources = { configMaps = { forgejo-config.data = { - # TODO: Generate from nix code. + # TODO: Generate from nix code? config = '' APP_NAME = Forgejo: Beyond coding. We forge. RUN_MODE = prod @@ -200,7 +200,7 @@ forgejo-ssh.spec = { type = "LoadBalancer"; - loadBalancerIP = "192.168.30.132"; + loadBalancerIP = myLib.globals.gitIPv4; selector.app = "forgejo"; ports = [{ diff --git a/kubenix-modules/inbucket.nix b/kubenix-modules/inbucket.nix index d7aabd4..22c24e4 100644 --- a/kubenix-modules/inbucket.nix +++ b/kubenix-modules/inbucket.nix @@ -1,4 +1,4 @@ -{ +{ myLib, ... }: { kubernetes.resources = { deployments.inbucket = { metadata.labels.app = "inbucket"; @@ -43,7 +43,7 @@ inbucket-email.spec = { type = "LoadBalancer"; - loadBalancerIP = "192.168.30.130"; + loadBalancerIP = myLib.globals.inbucketIPv4; selector.app = "inbucket"; ports = [{ diff --git a/kubenix-modules/kms.nix b/kubenix-modules/kms.nix index 65b2c09..c6b9301 100644 --- a/kubenix-modules/kms.nix +++ b/kubenix-modules/kms.nix @@ -1,4 +1,4 @@ -{ +{ myLib, ... }: { kubernetes.resources = { deployments.kms = { metadata.labels.app = "kms"; @@ -23,7 +23,7 @@ services.kms.spec = { type = "LoadBalancer"; - loadBalancerIP = "192.168.30.129"; + loadBalancerIP = myLib.globals.kmsIPv4; selector.app = "kms"; ports = [{ diff --git a/kubenix-modules/media.nix b/kubenix-modules/media.nix index 11cb5ee..17ff19b 100644 --- a/kubenix-modules/media.nix +++ b/kubenix-modules/media.nix @@ -1,4 +1,4 @@ -{ +{ myLib, ... }: { kubernetes.resources = { configMaps = { jellyfin-env.data.JELLYFIN_PublishedServerUrl = "https://media.kun.is"; @@ -578,7 +578,7 @@ transmission-bittorrent.spec = { type = "LoadBalancer"; - loadBalancerIP = "192.168.30.133"; + loadBalancerIP = myLib.globals.bittorrentIPv4; selector = { app = "media"; diff --git a/kubenix-modules/minecraft.nix b/kubenix-modules/minecraft.nix index 2219f06..12bc7ad 100644 --- a/kubenix-modules/minecraft.nix +++ b/kubenix-modules/minecraft.nix @@ -1,4 +1,4 @@ -{ +{ myLib, ... }: { kubernetes.resources = { configMaps.minecraft-env.data.EULA = "TRUE"; @@ -55,7 +55,7 @@ services.minecraft.spec = { type = "LoadBalancer"; - loadBalancerIP = "192.168.30.136"; + loadBalancerIP = myLib.globals.minecraftIPv4; selector.app = "minecraft"; ports = [{ diff --git a/kubenix-modules/pihole.nix b/kubenix-modules/pihole.nix index 180a5b2..7bf6ded 100644 --- a/kubenix-modules/pihole.nix +++ b/kubenix-modules/pihole.nix @@ -1,4 +1,4 @@ -{ +{ myLib, ... }: { kubernetes.resources = { configMaps.pihole.data = { TZ = "Europe/Amsterdam"; @@ -120,7 +120,7 @@ pihole-dns.spec = { type = "LoadBalancer"; - loadBalancerIP = "192.168.30.131"; + loadBalancerIP = myLib.globals.piholeIPv4; selector.app = "pihole"; ports = [{ diff --git a/kubenix-modules/traefik.nix b/kubenix-modules/traefik.nix index 73133d3..4ff26dc 100644 --- a/kubenix-modules/traefik.nix +++ b/kubenix-modules/traefik.nix @@ -1,4 +1,4 @@ -{ +{ myLib, ... }: { kubernetes.resources.helmChartConfigs = { traefik = { metadata.namespace = "kube-system"; @@ -9,7 +9,7 @@ spec.valuesContent = '' service: spec: - loadBalancerIP: "192.168.30.128" + loadBalancerIP: "${myLib.globals.traefikIPv4}" ports: localsecure: port: 8444 diff --git a/my-lib/globals.nix b/my-lib/globals.nix index b0d7438..25dcc2f 100644 --- a/my-lib/globals.nix +++ b/my-lib/globals.nix @@ -1,24 +1,13 @@ { - networking = { - public = { - ipv4.router = "192.145.57.90"; - ipv6.router = "2a0d:6e00:1a77::1"; - }; - - dmz = { - ipv4 = { - prefixLength = "24"; - dockerSwarm = "192.168.30.8"; - router = "192.168.30.1"; - services = "192.168.30.7"; - }; - - ipv6 = { - prefixLength = "64"; - dockerSwarm = "2a0d:6e00:1a77:30:c8fe:c0ff:feff:ee08"; - router = "2a0d:6e00:1a77:30::1"; - services = "2a0d:6e00:1a77:30::7"; - }; - }; - }; + routerPublicIPv4 = "192.145.57.90"; + routerPublicIPv6 = "2a0d:6e00:1a77::1"; + minecraftIPv4 = "192.168.30.136"; + dnsmasqIPv4 = "192.168.30.135"; + bind9IPv4 = "192.168.30.134"; + bittorrentIPv4 = "192.168.30.133"; + gitIPv4 = "192.168.30.132"; + piholeIPv4 = "192.168.30.131"; + inbucketIPv4 = "192.168.30.130"; + kmsIPv4 = "192.168.30.129"; + traefikIPv4 = "192.168.30.128"; }