update to nixos 23.11

enable static IP for terraformed VMs
restructure legacy code
move hermes code to this repo
don't use data disk for hermes leases

legacy/projects/hermes/ansible/roles/dnsmasq/files/dnsmasq.conf

@@ -0,0 +1,51 @@
+# Disable /etc/resolv.conf
+no-resolv
+# Upstream DNS server
+server=192.168.30.1
+# Always serve .dmz locally
+local=/dmz/
+# Put all clients in the dmz domain
+dhcp-fqdn
+# Don't read /etc/hosts
+no-hosts
+# Domain is automatically added to if missing
+expand-hosts
+# Domain that is used for DHCP on this network
+domain=dmz
+# IPv4 DHCP range
+dhcp-authoritative
+dhcp-range=192.168.30.50,192.168.30.127,15m
+# Predefined DHCP hosts
+dhcp-host=b8:27:eb:b9:ab:e2,esrom
+dhcp-host=ca:fe:c0:ff:ee:03,max,192.168.30.3
+dhcp-host=ca:fe:c0:ff:ee:08,maestro,192.168.30.8
+dhcp-host=dc:a6:32:7b:e2:11,iris,192.168.30.9
+dhcp-host=ca:fe:c0:ff:ee:0a,thecloud,192.168.30.10
+dhcp-host=52:54:00:72:e0:9a,forum,192.168.30.11
+# Advertise router
+dhcp-option=3,192.168.30.1
+# Always send the IPv6 DNS server address (this machine)
+dhcp-option=option6:dns-server,[2a02:58:19a:f730::1]
+# Advertise SLAAC for the given prefix
+dhcp-range=2a02:58:19a:f730::, ra-stateless, ra-names
+# Do not advertise default gateway via DHCPv6
+ra-param=*,0,0
+# Alias public IP address to local
+alias=84.245.14.149,192.168.30.8
+# Override DNS servers for our domains
+server=/pizzapim.nl/192.168.30.7
+server=/geokunis2.nl/192.168.30.7
+server=/pim.kunis.nl/192.168.30.7
+server=/kun.is/192.168.30.7
+# Enable extended logging
+log-dhcp
+log-queries
+# Resolve hermes.dmz to addresses on main NIC
+interface-name=hermes.dmz,ens3
+# Non-conventional port because we also run nsd on this machine
+port=5353
+# Override addresses of name servers
+address=/ns.pizzapim.nl/ns.geokunis2.nl/ns.pim.kunis.nl/192.168.30.7
+address=/ns.pizzapim.nl/ns.geokunis2.nl/ns.pim.kunis.nl/2a02:58:19a:f730:c8fe:c0ff:feff:ee07
+# Advertise DNS server
+dhcp-option=option:dns-server,192.168.30.1