home/nixos-servers
home/nixos-servers
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

use dns.nix for kun.is zone again

Browse source 
parameterize k8s' service IPs
This commit is contained in:
Pim Kunis 2024-04-13 23:25:48 +02:00
parent 76bd5c9276
commit 6e608e6ca8
13 changed files with 95 additions and 99 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
flake-parts/kubenix.nix
View file

@ -1,15 +1,13 @@
{ myLib, flake-utils, kubenix, nixhelm, ... }: flake-utils.lib.eachDefaultSystem
(system: {
# TODO: DRY
kubenix = kubenix.packages.${system}.default.override
{ dns, myLib, flake-utils, kubenix, nixhelm, ... }: flake-utils.lib.eachDefaultSystem
(system:
let
mkKubenixPackage = module: kubenix.packages.${system}.default.override
{
specialArgs = { inherit myLib kubenix nixhelm system; };
module = { imports = [ ../kubenix-modules/all.nix ]; };
};
kubenix-bootstrap = kubenix.packages.${system}.default.override
{
specialArgs = { inherit myLib kubenix nixhelm system; };
module = { imports = [ ../kubenix-modules/base.nix ]; };
specialArgs = { inherit myLib kubenix nixhelm system dns; };
module = { imports = [ module ]; };
};
in
{
kubenix = mkKubenixPackage ../kubenix-modules/all.nix;
kubenix-bootstrap = mkKubenixPackage ../kubenix-modules/base.nix;
})

2
kubenix-modules/all.nix
View file

@ -15,7 +15,7 @@
./kitchenowl.nix
./forgejo.nix
./media.nix
./bind9.nix
./bind9
./dnsmasq.nix
./esrom.nix
./metallb.nix

48
kubenix-modules/bind9.nix → kubenix-modules/bind9/default.nix
View file

@ -1,3 +1,7 @@
{ myLib, dns, ... }:
let
kunisZone = dns.lib.toString "kun.is" (import ./kun.is.zone.nix myLib dns);
in
{
kubernetes.resources = {
configMaps = {
@ -33,47 +37,7 @@
};
'';
# TODO: replace with dns.nix
kunis-zone = ''
$TTL 86400
kun.is. IN SOA ns1 webmaster.kun.is. (2024021702 86400 600 864000 60)
kun.is. IN CAA 0 issue "letsencrypt.org"
kun.is. IN CAA 0 issuewild ";"
kun.is. IN CAA 0 iodef "mailto:caa@kun.is"
kun.is. IN MX 10 mail.kun.is.
kun.is. IN NS ns1.kun.is.
kun.is. IN NS ns2.kun.is.
kun.is. IN TXT "v=spf1 include:spf.glasnet.nl ~all"
*.kun.is. IN A 192.145.57.90
em670271.kun.is. IN CNAME return.smtp2go.net.
link.kun.is. IN CNAME track.smtp2go.net.
ns.kun.is. IN A 192.145.57.90
ns.kun.is. IN AAAA 2a0d:6e00:1a77:30::7
ns1.kun.is. IN A 192.145.57.90
ns1.kun.is. IN AAAA 2a0d:6e00:1a77:30::7
ns2.kun.is. IN A 192.145.57.90
ns2.kun.is. IN AAAA 2a0d:6e00:1a77:30::7
s670271._domainkey.kun.is. IN CNAME dkim.smtp2go.net.
wg.kun.is. IN A 192.145.57.90
wg.kun.is. IN AAAA 2a0d:6e00:1a77:30::1
'';
kunis-zone = kunisZone;
};
};
@ -121,7 +85,7 @@
services.bind9.spec = {
type = "LoadBalancer";
loadBalancerIP = "192.168.30.134";
loadBalancerIP = myLib.globals.bind9IPv4;
selector.app = "bind9";
ports = [{

45
kubenix-modules/bind9/kun.is.zone.nix Normal file
View file

@ -0,0 +1,45 @@
myLib: dns: with dns.lib.combinators; {
CAA = letsEncrypt "caa@kun.is";
SOA = {
nameServer = "ns1";
adminEmail = "webmaster@kun.is";
serial = 2024041300;
};
NS = [
"ns1.kun.is."
"ns2.kun.is."
];
MX = [
(mx.mx 10 "mail.kun.is.")
];
TXT = [
(with spf; soft [ "include:spf.glasnet.nl" ])
];
subdomains = rec {
"*".A = [ myLib.globals.routerPublicIPv4 ];
ns.A = [ myLib.globals.routerPublicIPv4 ];
ns1 = ns;
ns2 = ns;
wg = host myLib.globals.routerPublicIPv4 myLib.globals.routerPublicIPv6;
#for SMTP2GO to be able send emails from kun.is domain
em670271 = {
CNAME = [ "return.smtp2go.net." ];
};
"s670271._domainkey" = {
CNAME = [ "dkim.smtp2go.net." ];
};
link = {
CNAME = [ "track.smtp2go.net." ];
};
};
}

14
kubenix-modules/dnsmasq.nix
View file

@ -1,19 +1,19 @@
{
{ myLib, ... }: {
kubernetes.resources = {
# TODO: generate this with nix?
configMaps.dnsmasq-config.data.config = ''
address=/kms.kun.is/192.168.30.129
address=/ssh.git.kun.is/192.168.30.132
alias=192.145.57.90,192.168.30.128
address=/kms.kun.is/${myLib.globals.kmsIPv4}
address=/ssh.git.kun.is/${myLib.globals.gitIPv4}
alias=${myLib.globals.routerPublicIPv4},${myLib.globals.traefikIPv4}
expand-hosts
host-record=hermes.dmz,192.168.30.135
host-record=hermes.dmz,${myLib.globals.dnsmasqIPv4}
local=/dmz/
log-queries
no-hosts
no-resolv
port=53
server=192.168.30.1
server=/kun.is/192.168.30.134
server=/kun.is/${myLib.globals.bind9IPv4}
'';
deployments.dnsmasq = {
@ -52,7 +52,7 @@
services.dnsmasq.spec = {
type = "LoadBalancer";
loadBalancerIP = "192.168.30.135";
loadBalancerIP = myLib.globals.dnsmasqIPv4;
selector.app = "dnsmasq";
ports = [{

6
kubenix-modules/forgejo.nix
View file

@ -1,8 +1,8 @@
{
{ myLib, ... }: {
kubernetes.resources = {
configMaps = {
forgejo-config.data = {
# TODO: Generate from nix code.
# TODO: Generate from nix code?
config = ''
APP_NAME = Forgejo: Beyond coding. We forge.
RUN_MODE = prod
@ -200,7 +200,7 @@
forgejo-ssh.spec = {
type = "LoadBalancer";
loadBalancerIP = "192.168.30.132";
loadBalancerIP = myLib.globals.gitIPv4;
selector.app = "forgejo";
ports = [{

4
kubenix-modules/inbucket.nix
View file

@ -1,4 +1,4 @@
{
{ myLib, ... }: {
kubernetes.resources = {
deployments.inbucket = {
metadata.labels.app = "inbucket";
@ -43,7 +43,7 @@
inbucket-email.spec = {
type = "LoadBalancer";
loadBalancerIP = "192.168.30.130";
loadBalancerIP = myLib.globals.inbucketIPv4;
selector.app = "inbucket";
ports = [{

4
kubenix-modules/kms.nix
View file

@ -1,4 +1,4 @@
{
{ myLib, ... }: {
kubernetes.resources = {
deployments.kms = {
metadata.labels.app = "kms";
@ -23,7 +23,7 @@
services.kms.spec = {
type = "LoadBalancer";
loadBalancerIP = "192.168.30.129";
loadBalancerIP = myLib.globals.kmsIPv4;
selector.app = "kms";
ports = [{

4
kubenix-modules/media.nix
View file

@ -1,4 +1,4 @@
{
{ myLib, ... }: {
kubernetes.resources = {
configMaps = {
jellyfin-env.data.JELLYFIN_PublishedServerUrl = "https://media.kun.is";
@ -578,7 +578,7 @@
transmission-bittorrent.spec = {
type = "LoadBalancer";
loadBalancerIP = "192.168.30.133";
loadBalancerIP = myLib.globals.bittorrentIPv4;
selector = {
app = "media";

4
kubenix-modules/minecraft.nix
View file

@ -1,4 +1,4 @@
{
{ myLib, ... }: {
kubernetes.resources = {
configMaps.minecraft-env.data.EULA = "TRUE";
@ -55,7 +55,7 @@
services.minecraft.spec = {
type = "LoadBalancer";
loadBalancerIP = "192.168.30.136";
loadBalancerIP = myLib.globals.minecraftIPv4;
selector.app = "minecraft";
ports = [{

4
kubenix-modules/pihole.nix
View file

@ -1,4 +1,4 @@
{
{ myLib, ... }: {
kubernetes.resources = {
configMaps.pihole.data = {
TZ = "Europe/Amsterdam";
@ -120,7 +120,7 @@
pihole-dns.spec = {
type = "LoadBalancer";
loadBalancerIP = "192.168.30.131";
loadBalancerIP = myLib.globals.piholeIPv4;
selector.app = "pihole";
ports = [{

4
kubenix-modules/traefik.nix
View file

@ -1,4 +1,4 @@
{
{ myLib, ... }: {
kubernetes.resources.helmChartConfigs = {
traefik = {
metadata.namespace = "kube-system";
@ -9,7 +9,7 @@
spec.valuesContent = ''
service:
spec:
loadBalancerIP: "192.168.30.128"
loadBalancerIP: "${myLib.globals.traefikIPv4}"
ports:
localsecure:
port: 8444

33
my-lib/globals.nix
View file

@ -1,24 +1,13 @@
{
networking = {
public = {
ipv4.router = "192.145.57.90";
ipv6.router = "2a0d:6e00:1a77::1";
};
dmz = {
ipv4 = {
prefixLength = "24";
dockerSwarm = "192.168.30.8";
router = "192.168.30.1";
services = "192.168.30.7";
};
ipv6 = {
prefixLength = "64";
dockerSwarm = "2a0d:6e00:1a77:30:c8fe:c0ff:feff:ee08";
router = "2a0d:6e00:1a77:30::1";
services = "2a0d:6e00:1a77:30::7";
};
};
};
routerPublicIPv4 = "192.145.57.90";
routerPublicIPv6 = "2a0d:6e00:1a77::1";
minecraftIPv4 = "192.168.30.136";
dnsmasqIPv4 = "192.168.30.135";
bind9IPv4 = "192.168.30.134";
bittorrentIPv4 = "192.168.30.133";
gitIPv4 = "192.168.30.132";
piholeIPv4 = "192.168.30.131";
inbucketIPv4 = "192.168.30.130";
kmsIPv4 = "192.168.30.129";
traefikIPv4 = "192.168.30.128";
}