From aba16d3fd10ace801030edee97976582ea618a9c Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Sun, 7 Jan 2024 23:06:27 +0100 Subject: [PATCH] restructure modules --- nixos/machines/default.nix | 7 +-- nixos/modules/default.nix | 3 +- .../default.nix} | 2 + .../{dns => networking/dmz}/default.nix | 47 ++----------------- nixos/modules/networking/dmz/dnsmasq.nix | 41 ++++++++++++++++ .../dmz}/zones/geokunis2.nl.nix | 0 .../{dns => networking/dmz}/zones/kun.is.nix | 0 7 files changed, 51 insertions(+), 49 deletions(-) rename nixos/modules/{networking.nix => networking/default.nix} (98%) rename nixos/modules/{dns => networking/dmz}/default.nix (52%) create mode 100644 nixos/modules/networking/dmz/dnsmasq.nix rename nixos/modules/{dns => networking/dmz}/zones/geokunis2.nl.nix (100%) rename nixos/modules/{dns => networking/dmz}/zones/kun.is.nix (100%) diff --git a/nixos/machines/default.nix b/nixos/machines/default.nix index cce5f37..c75664c 100644 --- a/nixos/machines/default.nix +++ b/nixos/machines/default.nix @@ -24,8 +24,10 @@ hostName = "atlas.hyp"; nixosModule.lab = { - dns.enable = true; - networking.staticDMZIpv4Address = "192.168.30.7/24"; + networking = { + staticDMZIpv4Address = "192.168.30.7/24"; + dmzServices.enable = true; + }; storage = { osDisk = "/dev/sda"; @@ -46,7 +48,6 @@ nixosModule.lab = { dataHost.enable = true; - # dns.enable = true; storage = { osDisk = "/dev/sda"; diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index 8388026..58ff038 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -9,9 +9,8 @@ in ./ssh-certificates.nix ./k3s ./backups.nix - ./networking.nix + ./networking ./data-sharing.nix - ./dns ]; options.lab.dataHost.enable = lib.mkOption { diff --git a/nixos/modules/networking.nix b/nixos/modules/networking/default.nix similarity index 98% rename from nixos/modules/networking.nix rename to nixos/modules/networking/default.nix index b06fea9..bd19fe0 100644 --- a/nixos/modules/networking.nix +++ b/nixos/modules/networking/default.nix @@ -1,6 +1,8 @@ { lib, config, ... }: let cfg = config.lab.networking; in { + imports = [ ./dmz ]; + options.lab.networking = { allowDMZConnectivity = lib.mkOption { default = false; diff --git a/nixos/modules/dns/default.nix b/nixos/modules/networking/dmz/default.nix similarity index 52% rename from nixos/modules/dns/default.nix rename to nixos/modules/networking/dmz/default.nix index 84baf7c..8e4e2e5 100644 --- a/nixos/modules/dns/default.nix +++ b/nixos/modules/networking/dmz/default.nix @@ -1,6 +1,6 @@ { pkgs, lib, config, dns, ... }: let - cfg = config.lab.dns; + cfg = config.lab.networking.dmzServices; publicIpv4 = "192.145.57.90"; kunisZoneFile = pkgs.writeTextFile { name = "kunis-zone-file"; @@ -13,7 +13,7 @@ let }; in { - options.lab.dns.enable = lib.mkOption { + options.lab.networking.dmzServices.enable = lib.mkOption { default = false; type = lib.types.bool; description = '' @@ -65,48 +65,7 @@ in dnsmasq = { enable = true; - - settings = { - no-resolv = true; - server = [ - "192.168.30.1" - "/geokunis2.nl/192.168.30.7" - "/kun.is/192.168.30.7" - ]; - local = "/dmz/"; - dhcp-fqdn = true; - no-hosts = true; - expand-hosts = true; - domain = "dmz"; - dhcp-authoritative = true; - dhcp-range = [ - "192.168.30.50,192.168.30.127,15m" - "2a02:58:19a:f730::, ra-stateless, ra-names" - ]; - dhcp-host = [ - "b8:27:eb:b9:ab:e2,esrom" - "ca:fe:c0:ff:ee:03,max,192.168.30.3" - "ca:fe:c0:ff:ee:08,maestro,192.168.30.8" - "dc:a6:32:7b:e2:11,iris,192.168.30.9" - "ca:fe:c0:ff:ee:0a,thecloud,192.168.30.10" - "52:54:00:72:e0:9a,forum,192.168.30.11" - ]; - dhcp-option = [ - "3,192.168.30.1" - "option6:dns-server,[2a02:58:19a:f730::1]" - "option:dns-server,192.168.30.1" - ]; - ra-param = "*,0,0"; - alias = "192.145.57.90,192.168.30.8"; - log-dhcp = true; - log-queries = true; - interface-name = "hermes.dmz,ens3"; - port = "5353"; - address = [ - "/ns.pizzapim.nl/ns.geokunis2.nl/ns.pim.kunis.nl/192.168.30.7" - "/ns.pizzapim.nl/ns.geokunis2.nl/ns.pim.kunis.nl/2a02:58:19a:f730:c8fe:c0ff:feff:ee07" - ]; - }; + settings = import ./dnsmasq.nix; }; }; }; diff --git a/nixos/modules/networking/dmz/dnsmasq.nix b/nixos/modules/networking/dmz/dnsmasq.nix new file mode 100644 index 0000000..532464d --- /dev/null +++ b/nixos/modules/networking/dmz/dnsmasq.nix @@ -0,0 +1,41 @@ +{ + no-resolv = true; + server = [ + "192.168.30.1" + "/geokunis2.nl/192.168.30.7" + "/kun.is/192.168.30.7" + ]; + local = "/dmz/"; + dhcp-fqdn = true; + no-hosts = true; + expand-hosts = true; + domain = "dmz"; + dhcp-authoritative = true; + dhcp-range = [ + "192.168.30.50,192.168.30.127,15m" + "2a02:58:19a:f730::, ra-stateless, ra-names" + ]; + dhcp-host = [ + "b8:27:eb:b9:ab:e2,esrom" + "ca:fe:c0:ff:ee:03,max,192.168.30.3" + "ca:fe:c0:ff:ee:08,maestro,192.168.30.8" + "dc:a6:32:7b:e2:11,iris,192.168.30.9" + "ca:fe:c0:ff:ee:0a,thecloud,192.168.30.10" + "52:54:00:72:e0:9a,forum,192.168.30.11" + ]; + dhcp-option = [ + "3,192.168.30.1" + "option6:dns-server,[2a02:58:19a:f730::1]" + "option:dns-server,192.168.30.1" + ]; + ra-param = "*,0,0"; + alias = "192.145.57.90,192.168.30.8"; + log-dhcp = true; + log-queries = true; + interface-name = "hermes.dmz,ens3"; + port = "5353"; + address = [ + "/ns.pizzapim.nl/ns.geokunis2.nl/ns.pim.kunis.nl/192.168.30.7" + "/ns.pizzapim.nl/ns.geokunis2.nl/ns.pim.kunis.nl/2a02:58:19a:f730:c8fe:c0ff:feff:ee07" + ]; +} diff --git a/nixos/modules/dns/zones/geokunis2.nl.nix b/nixos/modules/networking/dmz/zones/geokunis2.nl.nix similarity index 100% rename from nixos/modules/dns/zones/geokunis2.nl.nix rename to nixos/modules/networking/dmz/zones/geokunis2.nl.nix diff --git a/nixos/modules/dns/zones/kun.is.nix b/nixos/modules/networking/dmz/zones/kun.is.nix similarity index 100% rename from nixos/modules/dns/zones/kun.is.nix rename to nixos/modules/networking/dmz/zones/kun.is.nix