change networking config structuring

2024-01-31 21:58:23 +01:00 · 2024-01-31 21:58:23 +01:00 · 929d20a7d6
commit 929d20a7d6
parent c58d6c89b3
12 changed files with 264 additions and 241 deletions
--- a/nixos/modules/networking/dmz_services/zones/geokunis2.nl.nix
+++ b/nixos/modules/networking/dmz_services/zones/geokunis2.nl.nix
@ -0,0 +1,68 @@
+{ config, dns, ... }:
+with dns.lib.combinators;
+let
+  cfg = config.lab.networking;
+in
+{
+  SOA = {
+    nameServer = "ns";
+    adminEmail = "hostmaster@geokunis2.nl";
+    serial = 2024011401;
+  };
+
+  NS = [
+    "ns.geokunis2.nl."
+    "ns0.transip.net."
+    "ns1.transip.nl."
+    "ns2.transip.eu."
+  ];
+
+  MX = [ (mx.mx 10 "mail.geokunis2.nl.") ];
+
+  A = [ cfg.public.ipv4.router ];
+  AAAA = [ cfg.dmz.ipv6.dockerSwarm ];
+  CAA = letsEncrypt "caa@geokunis2.nl";
+
+  subdomains = {
+    "*" = {
+      A = [ cfg.public.ipv4.router ];
+      AAAA = [ cfg.dmz.ipv6.dockerSwarm ];
+    };
+
+    ns = {
+      A = [ cfg.public.ipv4.router ];
+      AAAA = [ cfg.dmz.ipv6.services ];
+    };
+
+    ns1 = {
+      A = [ cfg.public.ipv4.router ];
+      AAAA = [ cfg.dmz.ipv6.services ];
+    };
+
+    ns2 = {
+      A = [ cfg.public.ipv4.router ];
+      AAAA = [ cfg.dmz.ipv6.services ];
+    };
+
+    # Override because we don't support IPv6 for KMS.
+    kms = {
+      A = [ cfg.public.ipv4.router ];
+      AAAA = [ ];
+    };
+
+    wg = {
+      A = [ cfg.public.ipv4.router ];
+      AAAA = [ cfg.public.ipv6.router ];
+    };
+
+    wg4 = {
+      A = [ cfg.public.ipv4.router ];
+      AAAA = [ ];
+    };
+
+    wg6 = {
+      A = [ ];
+      AAAA = [ cfg.public.ipv6.router ];
+    };
+  };
+}
--- a/nixos/modules/networking/dmz_services/zones/kun.is.nix
+++ b/nixos/modules/networking/dmz_services/zones/kun.is.nix
@ -0,0 +1,64 @@
+{ config, dns, ... }:
+with dns.lib.combinators;
+let
+  cfg = config.lab.networking;
+in
+{
+  CAA = letsEncrypt "caa@kun.is";
+
+  SOA = {
+    nameServer = "ns1";
+    adminEmail = "webmaster@kun.is";
+    serial = 2024011401;
+  };
+
+  NS = [
+    "ns1.kun.is."
+    "ns2.kun.is."
+  ];
+
+  MX = [
+    (mx.mx 10 "mail.kun.is.")
+  ];
+
+  subdomains = {
+    "*" = {
+      A = [ cfg.public.ipv4.router ];
+      AAAA = [ cfg.dmz.ipv6.dockerSwarm ];
+    };
+
+    ns = {
+      A = [ cfg.public.ipv4.router ];
+      AAAA = [ cfg.dmz.ipv6.services ];
+    };
+
+    ns1 = {
+      A = [ cfg.public.ipv4.router ];
+      AAAA = [ cfg.dmz.ipv6.services ];
+    };
+
+    ns2 = {
+      A = [ cfg.public.ipv4.router ];
+      AAAA = [ cfg.dmz.ipv6.services ];
+    };
+
+    # Override because we don't support IPv6 for Git SSH.
+    git = {
+      A = [ cfg.public.ipv4.router ];
+      AAAA = [ ];
+    };
+
+    # Override because we don't support IPv6 for KMS.
+    kms = {
+      A = [ cfg.public.ipv4.router ];
+      AAAA = [ ];
+    };
+
+    # Override because wg is on opnsense so ipv6 differs from "cfg.dmz.ipv6.services"
+    wg = {
+      A = [ cfg.public.ipv4.router ];
+      AAAA = [ cfg.dmz.ipv6.router ];
+    };
+
+  };
+}