use dns.nix for kun.is zone again

parameterize k8s' service IPs
This commit is contained in:
Pim Kunis 2024-04-13 23:25:48 +02:00
parent 76bd5c9276
commit 6e608e6ca8
13 changed files with 95 additions and 99 deletions

View file

@ -1,15 +1,13 @@
{ myLib, flake-utils, kubenix, nixhelm, ... }: flake-utils.lib.eachDefaultSystem { dns, myLib, flake-utils, kubenix, nixhelm, ... }: flake-utils.lib.eachDefaultSystem
(system: { (system:
# TODO: DRY let
kubenix = kubenix.packages.${system}.default.override mkKubenixPackage = module: kubenix.packages.${system}.default.override
{ {
specialArgs = { inherit myLib kubenix nixhelm system; }; specialArgs = { inherit myLib kubenix nixhelm system dns; };
module = { imports = [ ../kubenix-modules/all.nix ]; }; module = { imports = [ module ]; };
};
kubenix-bootstrap = kubenix.packages.${system}.default.override
{
specialArgs = { inherit myLib kubenix nixhelm system; };
module = { imports = [ ../kubenix-modules/base.nix ]; };
}; };
in
{
kubenix = mkKubenixPackage ../kubenix-modules/all.nix;
kubenix-bootstrap = mkKubenixPackage ../kubenix-modules/base.nix;
}) })

View file

@ -15,7 +15,7 @@
./kitchenowl.nix ./kitchenowl.nix
./forgejo.nix ./forgejo.nix
./media.nix ./media.nix
./bind9.nix ./bind9
./dnsmasq.nix ./dnsmasq.nix
./esrom.nix ./esrom.nix
./metallb.nix ./metallb.nix

View file

@ -1,3 +1,7 @@
{ myLib, dns, ... }:
let
kunisZone = dns.lib.toString "kun.is" (import ./kun.is.zone.nix myLib dns);
in
{ {
kubernetes.resources = { kubernetes.resources = {
configMaps = { configMaps = {
@ -33,47 +37,7 @@
}; };
''; '';
# TODO: replace with dns.nix kunis-zone = kunisZone;
kunis-zone = ''
$TTL 86400
kun.is. IN SOA ns1 webmaster.kun.is. (2024021702 86400 600 864000 60)
kun.is. IN CAA 0 issue "letsencrypt.org"
kun.is. IN CAA 0 issuewild ";"
kun.is. IN CAA 0 iodef "mailto:caa@kun.is"
kun.is. IN MX 10 mail.kun.is.
kun.is. IN NS ns1.kun.is.
kun.is. IN NS ns2.kun.is.
kun.is. IN TXT "v=spf1 include:spf.glasnet.nl ~all"
*.kun.is. IN A 192.145.57.90
em670271.kun.is. IN CNAME return.smtp2go.net.
link.kun.is. IN CNAME track.smtp2go.net.
ns.kun.is. IN A 192.145.57.90
ns.kun.is. IN AAAA 2a0d:6e00:1a77:30::7
ns1.kun.is. IN A 192.145.57.90
ns1.kun.is. IN AAAA 2a0d:6e00:1a77:30::7
ns2.kun.is. IN A 192.145.57.90
ns2.kun.is. IN AAAA 2a0d:6e00:1a77:30::7
s670271._domainkey.kun.is. IN CNAME dkim.smtp2go.net.
wg.kun.is. IN A 192.145.57.90
wg.kun.is. IN AAAA 2a0d:6e00:1a77:30::1
'';
}; };
}; };
@ -121,7 +85,7 @@
services.bind9.spec = { services.bind9.spec = {
type = "LoadBalancer"; type = "LoadBalancer";
loadBalancerIP = "192.168.30.134"; loadBalancerIP = myLib.globals.bind9IPv4;
selector.app = "bind9"; selector.app = "bind9";
ports = [{ ports = [{

View file

@ -0,0 +1,45 @@
myLib: dns: with dns.lib.combinators; {
CAA = letsEncrypt "caa@kun.is";
SOA = {
nameServer = "ns1";
adminEmail = "webmaster@kun.is";
serial = 2024041300;
};
NS = [
"ns1.kun.is."
"ns2.kun.is."
];
MX = [
(mx.mx 10 "mail.kun.is.")
];
TXT = [
(with spf; soft [ "include:spf.glasnet.nl" ])
];
subdomains = rec {
"*".A = [ myLib.globals.routerPublicIPv4 ];
ns.A = [ myLib.globals.routerPublicIPv4 ];
ns1 = ns;
ns2 = ns;
wg = host myLib.globals.routerPublicIPv4 myLib.globals.routerPublicIPv6;
#for SMTP2GO to be able send emails from kun.is domain
em670271 = {
CNAME = [ "return.smtp2go.net." ];
};
"s670271._domainkey" = {
CNAME = [ "dkim.smtp2go.net." ];
};
link = {
CNAME = [ "track.smtp2go.net." ];
};
};
}

View file

@ -1,19 +1,19 @@
{ { myLib, ... }: {
kubernetes.resources = { kubernetes.resources = {
# TODO: generate this with nix? # TODO: generate this with nix?
configMaps.dnsmasq-config.data.config = '' configMaps.dnsmasq-config.data.config = ''
address=/kms.kun.is/192.168.30.129 address=/kms.kun.is/${myLib.globals.kmsIPv4}
address=/ssh.git.kun.is/192.168.30.132 address=/ssh.git.kun.is/${myLib.globals.gitIPv4}
alias=192.145.57.90,192.168.30.128 alias=${myLib.globals.routerPublicIPv4},${myLib.globals.traefikIPv4}
expand-hosts expand-hosts
host-record=hermes.dmz,192.168.30.135 host-record=hermes.dmz,${myLib.globals.dnsmasqIPv4}
local=/dmz/ local=/dmz/
log-queries log-queries
no-hosts no-hosts
no-resolv no-resolv
port=53 port=53
server=192.168.30.1 server=192.168.30.1
server=/kun.is/192.168.30.134 server=/kun.is/${myLib.globals.bind9IPv4}
''; '';
deployments.dnsmasq = { deployments.dnsmasq = {
@ -52,7 +52,7 @@
services.dnsmasq.spec = { services.dnsmasq.spec = {
type = "LoadBalancer"; type = "LoadBalancer";
loadBalancerIP = "192.168.30.135"; loadBalancerIP = myLib.globals.dnsmasqIPv4;
selector.app = "dnsmasq"; selector.app = "dnsmasq";
ports = [{ ports = [{

View file

@ -1,8 +1,8 @@
{ { myLib, ... }: {
kubernetes.resources = { kubernetes.resources = {
configMaps = { configMaps = {
forgejo-config.data = { forgejo-config.data = {
# TODO: Generate from nix code. # TODO: Generate from nix code?
config = '' config = ''
APP_NAME = Forgejo: Beyond coding. We forge. APP_NAME = Forgejo: Beyond coding. We forge.
RUN_MODE = prod RUN_MODE = prod
@ -200,7 +200,7 @@
forgejo-ssh.spec = { forgejo-ssh.spec = {
type = "LoadBalancer"; type = "LoadBalancer";
loadBalancerIP = "192.168.30.132"; loadBalancerIP = myLib.globals.gitIPv4;
selector.app = "forgejo"; selector.app = "forgejo";
ports = [{ ports = [{

View file

@ -1,4 +1,4 @@
{ { myLib, ... }: {
kubernetes.resources = { kubernetes.resources = {
deployments.inbucket = { deployments.inbucket = {
metadata.labels.app = "inbucket"; metadata.labels.app = "inbucket";
@ -43,7 +43,7 @@
inbucket-email.spec = { inbucket-email.spec = {
type = "LoadBalancer"; type = "LoadBalancer";
loadBalancerIP = "192.168.30.130"; loadBalancerIP = myLib.globals.inbucketIPv4;
selector.app = "inbucket"; selector.app = "inbucket";
ports = [{ ports = [{

View file

@ -1,4 +1,4 @@
{ { myLib, ... }: {
kubernetes.resources = { kubernetes.resources = {
deployments.kms = { deployments.kms = {
metadata.labels.app = "kms"; metadata.labels.app = "kms";
@ -23,7 +23,7 @@
services.kms.spec = { services.kms.spec = {
type = "LoadBalancer"; type = "LoadBalancer";
loadBalancerIP = "192.168.30.129"; loadBalancerIP = myLib.globals.kmsIPv4;
selector.app = "kms"; selector.app = "kms";
ports = [{ ports = [{

View file

@ -1,4 +1,4 @@
{ { myLib, ... }: {
kubernetes.resources = { kubernetes.resources = {
configMaps = { configMaps = {
jellyfin-env.data.JELLYFIN_PublishedServerUrl = "https://media.kun.is"; jellyfin-env.data.JELLYFIN_PublishedServerUrl = "https://media.kun.is";
@ -578,7 +578,7 @@
transmission-bittorrent.spec = { transmission-bittorrent.spec = {
type = "LoadBalancer"; type = "LoadBalancer";
loadBalancerIP = "192.168.30.133"; loadBalancerIP = myLib.globals.bittorrentIPv4;
selector = { selector = {
app = "media"; app = "media";

View file

@ -1,4 +1,4 @@
{ { myLib, ... }: {
kubernetes.resources = { kubernetes.resources = {
configMaps.minecraft-env.data.EULA = "TRUE"; configMaps.minecraft-env.data.EULA = "TRUE";
@ -55,7 +55,7 @@
services.minecraft.spec = { services.minecraft.spec = {
type = "LoadBalancer"; type = "LoadBalancer";
loadBalancerIP = "192.168.30.136"; loadBalancerIP = myLib.globals.minecraftIPv4;
selector.app = "minecraft"; selector.app = "minecraft";
ports = [{ ports = [{

View file

@ -1,4 +1,4 @@
{ { myLib, ... }: {
kubernetes.resources = { kubernetes.resources = {
configMaps.pihole.data = { configMaps.pihole.data = {
TZ = "Europe/Amsterdam"; TZ = "Europe/Amsterdam";
@ -120,7 +120,7 @@
pihole-dns.spec = { pihole-dns.spec = {
type = "LoadBalancer"; type = "LoadBalancer";
loadBalancerIP = "192.168.30.131"; loadBalancerIP = myLib.globals.piholeIPv4;
selector.app = "pihole"; selector.app = "pihole";
ports = [{ ports = [{

View file

@ -1,4 +1,4 @@
{ { myLib, ... }: {
kubernetes.resources.helmChartConfigs = { kubernetes.resources.helmChartConfigs = {
traefik = { traefik = {
metadata.namespace = "kube-system"; metadata.namespace = "kube-system";
@ -9,7 +9,7 @@
spec.valuesContent = '' spec.valuesContent = ''
service: service:
spec: spec:
loadBalancerIP: "192.168.30.128" loadBalancerIP: "${myLib.globals.traefikIPv4}"
ports: ports:
localsecure: localsecure:
port: 8444 port: 8444

View file

@ -1,24 +1,13 @@
{ {
networking = { routerPublicIPv4 = "192.145.57.90";
public = { routerPublicIPv6 = "2a0d:6e00:1a77::1";
ipv4.router = "192.145.57.90"; minecraftIPv4 = "192.168.30.136";
ipv6.router = "2a0d:6e00:1a77::1"; dnsmasqIPv4 = "192.168.30.135";
}; bind9IPv4 = "192.168.30.134";
bittorrentIPv4 = "192.168.30.133";
dmz = { gitIPv4 = "192.168.30.132";
ipv4 = { piholeIPv4 = "192.168.30.131";
prefixLength = "24"; inbucketIPv4 = "192.168.30.130";
dockerSwarm = "192.168.30.8"; kmsIPv4 = "192.168.30.129";
router = "192.168.30.1"; traefikIPv4 = "192.168.30.128";
services = "192.168.30.7";
};
ipv6 = {
prefixLength = "64";
dockerSwarm = "2a0d:6e00:1a77:30:c8fe:c0ff:feff:ee08";
router = "2a0d:6e00:1a77:30::1";
services = "2a0d:6e00:1a77:30::7";
};
};
};
} }