home/nixos-servers
home/nixos-servers
Archived
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

use dns.nix for kun.is zone again

Browse source 
parameterize k8s' service IPs
This commit is contained in:
Pim Kunis 2024-04-13 23:25:48 +02:00
parent 76bd5c9276
commit 6e608e6ca8
13 changed files with 95 additions and 99 deletions
Download patch file Download diff file Expand all files Collapse all files

2
kubenix-modules/all.nix
View file

@ -15,7 +15,7 @@
./kitchenowl.nix
./forgejo.nix
./media.nix
./bind9.nix
./bind9
./dnsmasq.nix
./esrom.nix
./metallb.nix

48
kubenix-modules/bind9.nix → kubenix-modules/bind9/default.nix
View file

@ -1,3 +1,7 @@
{ myLib, dns, ... }:
let
kunisZone = dns.lib.toString "kun.is" (import ./kun.is.zone.nix myLib dns);
in
{
kubernetes.resources = {
configMaps = {
@ -33,47 +37,7 @@
};
'';
# TODO: replace with dns.nix
kunis-zone = ''
$TTL 86400
kun.is. IN SOA ns1 webmaster.kun.is. (2024021702 86400 600 864000 60)
kun.is. IN CAA 0 issue "letsencrypt.org"
kun.is. IN CAA 0 issuewild ";"
kun.is. IN CAA 0 iodef "mailto:caa@kun.is"
kun.is. IN MX 10 mail.kun.is.
kun.is. IN NS ns1.kun.is.
kun.is. IN NS ns2.kun.is.
kun.is. IN TXT "v=spf1 include:spf.glasnet.nl ~all"
*.kun.is. IN A 192.145.57.90
em670271.kun.is. IN CNAME return.smtp2go.net.
link.kun.is. IN CNAME track.smtp2go.net.
ns.kun.is. IN A 192.145.57.90
ns.kun.is. IN AAAA 2a0d:6e00:1a77:30::7
ns1.kun.is. IN A 192.145.57.90
ns1.kun.is. IN AAAA 2a0d:6e00:1a77:30::7
ns2.kun.is. IN A 192.145.57.90
ns2.kun.is. IN AAAA 2a0d:6e00:1a77:30::7
s670271._domainkey.kun.is. IN CNAME dkim.smtp2go.net.
wg.kun.is. IN A 192.145.57.90
wg.kun.is. IN AAAA 2a0d:6e00:1a77:30::1
'';
kunis-zone = kunisZone;
};
};
@ -121,7 +85,7 @@
services.bind9.spec = {
type = "LoadBalancer";
loadBalancerIP = "192.168.30.134";
loadBalancerIP = myLib.globals.bind9IPv4;
selector.app = "bind9";
ports = [{

45
kubenix-modules/bind9/kun.is.zone.nix Normal file
View file

@ -0,0 +1,45 @@
myLib: dns: with dns.lib.combinators; {
CAA = letsEncrypt "caa@kun.is";
SOA = {
nameServer = "ns1";
adminEmail = "webmaster@kun.is";
serial = 2024041300;
};
NS = [
"ns1.kun.is."
"ns2.kun.is."
];
MX = [
(mx.mx 10 "mail.kun.is.")
];
TXT = [
(with spf; soft [ "include:spf.glasnet.nl" ])
];
subdomains = rec {
"*".A = [ myLib.globals.routerPublicIPv4 ];
ns.A = [ myLib.globals.routerPublicIPv4 ];
ns1 = ns;
ns2 = ns;
wg = host myLib.globals.routerPublicIPv4 myLib.globals.routerPublicIPv6;
#for SMTP2GO to be able send emails from kun.is domain
em670271 = {
CNAME = [ "return.smtp2go.net." ];
};
"s670271._domainkey" = {
CNAME = [ "dkim.smtp2go.net." ];
};
link = {
CNAME = [ "track.smtp2go.net." ];
};
};
}

14
kubenix-modules/dnsmasq.nix
View file

@ -1,19 +1,19 @@
{
{ myLib, ... }: {
kubernetes.resources = {
# TODO: generate this with nix?
configMaps.dnsmasq-config.data.config = ''
address=/kms.kun.is/192.168.30.129
address=/ssh.git.kun.is/192.168.30.132
alias=192.145.57.90,192.168.30.128
address=/kms.kun.is/${myLib.globals.kmsIPv4}
address=/ssh.git.kun.is/${myLib.globals.gitIPv4}
alias=${myLib.globals.routerPublicIPv4},${myLib.globals.traefikIPv4}
expand-hosts
host-record=hermes.dmz,192.168.30.135
host-record=hermes.dmz,${myLib.globals.dnsmasqIPv4}
local=/dmz/
log-queries
no-hosts
no-resolv
port=53
server=192.168.30.1
server=/kun.is/192.168.30.134
server=/kun.is/${myLib.globals.bind9IPv4}
'';
deployments.dnsmasq = {
@ -52,7 +52,7 @@
services.dnsmasq.spec = {
type = "LoadBalancer";
loadBalancerIP = "192.168.30.135";
loadBalancerIP = myLib.globals.dnsmasqIPv4;
selector.app = "dnsmasq";
ports = [{

6
kubenix-modules/forgejo.nix
View file

@ -1,8 +1,8 @@
{
{ myLib, ... }: {
kubernetes.resources = {
configMaps = {
forgejo-config.data = {
# TODO: Generate from nix code.
# TODO: Generate from nix code?
config = ''
APP_NAME = Forgejo: Beyond coding. We forge.
RUN_MODE = prod
@ -200,7 +200,7 @@
forgejo-ssh.spec = {
type = "LoadBalancer";
loadBalancerIP = "192.168.30.132";
loadBalancerIP = myLib.globals.gitIPv4;
selector.app = "forgejo";
ports = [{

4
kubenix-modules/inbucket.nix
View file

@ -1,4 +1,4 @@
{
{ myLib, ... }: {
kubernetes.resources = {
deployments.inbucket = {
metadata.labels.app = "inbucket";
@ -43,7 +43,7 @@
inbucket-email.spec = {
type = "LoadBalancer";
loadBalancerIP = "192.168.30.130";
loadBalancerIP = myLib.globals.inbucketIPv4;
selector.app = "inbucket";
ports = [{

4
kubenix-modules/kms.nix
View file

@ -1,4 +1,4 @@
{
{ myLib, ... }: {
kubernetes.resources = {
deployments.kms = {
metadata.labels.app = "kms";
@ -23,7 +23,7 @@
services.kms.spec = {
type = "LoadBalancer";
loadBalancerIP = "192.168.30.129";
loadBalancerIP = myLib.globals.kmsIPv4;
selector.app = "kms";
ports = [{

4
kubenix-modules/media.nix
View file

@ -1,4 +1,4 @@
{
{ myLib, ... }: {
kubernetes.resources = {
configMaps = {
jellyfin-env.data.JELLYFIN_PublishedServerUrl = "https://media.kun.is";
@ -578,7 +578,7 @@
transmission-bittorrent.spec = {
type = "LoadBalancer";
loadBalancerIP = "192.168.30.133";
loadBalancerIP = myLib.globals.bittorrentIPv4;
selector = {
app = "media";

4
kubenix-modules/minecraft.nix
View file

@ -1,4 +1,4 @@
{
{ myLib, ... }: {
kubernetes.resources = {
configMaps.minecraft-env.data.EULA = "TRUE";
@ -55,7 +55,7 @@
services.minecraft.spec = {
type = "LoadBalancer";
loadBalancerIP = "192.168.30.136";
loadBalancerIP = myLib.globals.minecraftIPv4;
selector.app = "minecraft";
ports = [{

4
kubenix-modules/pihole.nix
View file

@ -1,4 +1,4 @@
{
{ myLib, ... }: {
kubernetes.resources = {
configMaps.pihole.data = {
TZ = "Europe/Amsterdam";
@ -120,7 +120,7 @@
pihole-dns.spec = {
type = "LoadBalancer";
loadBalancerIP = "192.168.30.131";
loadBalancerIP = myLib.globals.piholeIPv4;
selector.app = "pihole";
ports = [{

4
kubenix-modules/traefik.nix
View file

@ -1,4 +1,4 @@
{
{ myLib, ... }: {
kubernetes.resources.helmChartConfigs = {
traefik = {
metadata.namespace = "kube-system";
@ -9,7 +9,7 @@
spec.valuesContent = ''
service:
spec:
loadBalancerIP: "192.168.30.128"
loadBalancerIP: "${myLib.globals.traefikIPv4}"
ports:
localsecure:
port: 8444