home/nixos-servers
home/nixos-servers
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

create global module for machine-independent custom configuration

Browse source 
parameterize various IP addresses
This commit is contained in:
Pim Kunis 2024-01-08 23:17:37 +01:00
parent b189d061cb
commit efe9b57867
9 changed files with 90 additions and 49 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
nixos/default.nix
View file

@ -2,6 +2,7 @@
imports = [ imports = [
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
./modules ./modules
./lab.nix
]; ];
boot = { boot = {

8
nixos/lab.nix Normal file
View file

@ -0,0 +1,8 @@
{
lab.networking = {
publicIPv4 = "192.145.57.90";
dockerSwarmInternalIPv4 = "192.168.30.8";
dmzRouterIPv4 = "192.168.30.1";
dmzDHCPIPv4 = "192.168.30.7";
};
}

32
nixos/machines/default.nix
View file

@ -23,23 +23,27 @@
name = "atlas"; name = "atlas";
hostName = "atlas.hyp"; hostName = "atlas.hyp";
nixosModule.lab = { nixosModule = { config, ... }:
networking = { let inherit (config.lab.networking) dmzDHCPIPv4; in
staticDMZIpv4Address = "192.168.30.7/24"; {
dmzServices.enable = true; lab = {
}; networking = {
staticDMZIpv4Address = "${dmzDHCPIPv4}/24";
dmzServices.enable = true;
};
storage = { storage = {
osDisk = "/dev/sda"; osDisk = "/dev/sda";
dataPartition = "/dev/nvme0n1p1"; dataPartition = "/dev/nvme0n1p1";
}; };
ssh = { ssh = {
useCertificates = true; useCertificates = true;
hostCert = builtins.readFile ./atlas_host_ed25519-cert.pub; hostCert = builtins.readFile ./atlas_host_ed25519-cert.pub;
userCert = builtins.readFile ./atlas_user_ed25519-cert.pub; userCert = builtins.readFile ./atlas_user_ed25519-cert.pub;
};
};
}; };
};
}; };
lewis = { lewis = {

2
nixos/modules/backups.nix
View file

@ -76,7 +76,7 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [ postgresql ]; environment.systemPackages = with pkgs; [ borgbackup postgresql ];
# Converted from: # Converted from:
# https://github.com/borgmatic-collective/borgmatic/tree/84823dfb912db650936e3492f6ead7e0e0d32a0f/sample/systemd # https://github.com/borgmatic-collective/borgmatic/tree/84823dfb912db650936e3492f6ead7e0e0d32a0f/sample/systemd
systemd.services.borgmatic = { systemd.services.borgmatic = {

28
nixos/modules/networking/default.nix
View file

@ -19,6 +19,34 @@ in {
Assign a static IPv4 on the DMZ interface. Assign a static IPv4 on the DMZ interface.
''; '';
}; };
publicIPv4 = lib.mkOption {
type = lib.types.str;
description = ''
Public IPv4 address of our home.
'';
};
dockerSwarmInternalIPv4 = lib.mkOption {
type = lib.types.str;
description = ''
Internal IPv4 address of the Docker Swarm.
'';
};
dmzRouterIPv4 = lib.mkOption {
type = lib.types.str;
description = ''
The router's IPv4 address on the DMZ network.
'';
};
dmzDHCPIPv4 = lib.mkOption {
type = lib.types.str;
description = ''
The IPv4 address of the DHCP server on the DMZ network.
'';
};
}; };
config = { config = {

9
nixos/modules/networking/dmz/default.nix
View file

@ -1,15 +1,14 @@
{ pkgs, lib, config, dns, ... }: { pkgs, lib, config, dns, ... }@inputs:
let let
cfg = config.lab.networking.dmzServices; cfg = config.lab.networking.dmzServices;
publicIpv4 = "192.145.57.90";
kunisZoneFile = pkgs.writeTextFile { kunisZoneFile = pkgs.writeTextFile {
name = "kunis-zone-file"; name = "kunis-zone-file";
text = (dns.lib.toString "kun.is" (import ./zones/kun.is.nix { inherit dns publicIpv4; })); text = (dns.lib.toString "kun.is" (import ./zones/kun.is.nix inputs));
}; };
geokunis2nlZoneFile = pkgs.writeTextFile { geokunis2nlZoneFile = pkgs.writeTextFile {
name = "geokunis2nl-zone-file"; name = "geokunis2nl-zone-file";
text = (dns.lib.toString "geokunis2.nl" (import ./zones/geokunis2.nl.nix { inherit dns publicIpv4; })); text = (dns.lib.toString "geokunis2.nl" (import ./zones/geokunis2.nl.nix inputs));
}; };
in in
{ {
@ -65,7 +64,7 @@ in
dnsmasq = { dnsmasq = {
enable = true; enable = true;
settings = import ./dnsmasq.nix; settings = import ./dnsmasq.nix inputs;
}; };
}; };
}; };

29
nixos/modules/networking/dmz/dnsmasq.nix
View file

@ -1,9 +1,13 @@
{ config, ... }:
let
inherit (config.lab.networking) publicIPv4 dockerSwarmInternalIPv4 dmzDHCPIPv4 dmzRouterIPv4;
in
{ {
no-resolv = true; no-resolv = true;
server = [ server = [
"192.168.30.1" dmzRouterIPv4
"/geokunis2.nl/192.168.30.7" "/geokunis2.nl/${dmzDHCPIPv4}"
"/kun.is/192.168.30.7" "/kun.is/${dmzDHCPIPv4}"
]; ];
local = "/dmz/"; local = "/dmz/";
dhcp-fqdn = true; dhcp-fqdn = true;
@ -13,29 +17,22 @@
dhcp-authoritative = true; dhcp-authoritative = true;
dhcp-range = [ dhcp-range = [
"192.168.30.50,192.168.30.127,15m" "192.168.30.50,192.168.30.127,15m"
"2a02:58:19a:f730::, ra-stateless, ra-names"
]; ];
dhcp-host = [ dhcp-host = [
"b8:27:eb:b9:ab:e2,esrom" "b8:27:eb:b9:ab:e2,esrom"
"ca:fe:c0:ff:ee:03,max,192.168.30.3" "ca:fe:c0:ff:ee:08,maestro,${dockerSwarmInternalIPv4}"
"ca:fe:c0:ff:ee:08,maestro,192.168.30.8"
"dc:a6:32:7b:e2:11,iris,192.168.30.9"
"ca:fe:c0:ff:ee:0a,thecloud,192.168.30.10"
"52:54:00:72:e0:9a,forum,192.168.30.11"
]; ];
dhcp-option = [ dhcp-option = [
"3,192.168.30.1" "3,${dmzRouterIPv4}"
"option6:dns-server,[2a02:58:19a:f730::1]" "option:dns-server,${dmzRouterIPv4}"
"option:dns-server,192.168.30.1"
]; ];
ra-param = "*,0,0"; ra-param = "*,0,0";
alias = "192.145.57.90,192.168.30.8"; alias = "${publicIPv4},${dockerSwarmInternalIPv4}";
log-dhcp = true; log-dhcp = true;
log-queries = true; log-queries = true;
interface-name = "hermes.dmz,ens3"; # interface-name = "hermes.dmz,ens3";
port = "5353"; port = "5353";
address = [ address = [
"/ns.pizzapim.nl/ns.geokunis2.nl/ns.pim.kunis.nl/192.168.30.7" "/ns.pizzapim.nl/ns.geokunis2.nl/${dmzDHCPIPv4}"
"/ns.pizzapim.nl/ns.geokunis2.nl/ns.pim.kunis.nl/2a02:58:19a:f730:c8fe:c0ff:feff:ee07"
]; ];
} }

16
nixos/modules/networking/dmz/zones/geokunis2.nl.nix
View file

@ -1,6 +1,8 @@
{ publicIpv4, dns }: { config, dns, ... }:
with dns.lib.combinators; with dns.lib.combinators;
let
inherit (config.lab.networking) publicIPv4;
in
{ {
SOA = { SOA = {
nameServer = "ns"; nameServer = "ns";
@ -17,13 +19,13 @@ with dns.lib.combinators;
MX = [ (mx.mx 10 "mail.geokunis2.nl.") ]; MX = [ (mx.mx 10 "mail.geokunis2.nl.") ];
A = [ publicIpv4 ]; A = [ publicIPv4 ];
CAA = letsEncrypt "caa@geokunis2.nl"; CAA = letsEncrypt "caa@geokunis2.nl";
subdomains = { subdomains = {
ns.A = [ publicIpv4 ]; ns.A = [ publicIPv4 ];
ns1.A = [ publicIpv4 ]; ns1.A = [ publicIPv4 ];
ns2.A = [ publicIpv4 ]; ns2.A = [ publicIPv4 ];
"*".A = [ publicIpv4 ]; "*".A = [ publicIPv4 ];
}; };
} }

14
nixos/modules/networking/dmz/zones/kun.is.nix
View file

@ -1,6 +1,8 @@
{ publicIpv4, dns }: { config, dns, ... }:
with dns.lib.combinators; with dns.lib.combinators;
let
inherit (config.lab.networking) publicIPv4;
in
{ {
CAA = letsEncrypt "caa@kun.is"; CAA = letsEncrypt "caa@kun.is";
@ -20,9 +22,9 @@ with dns.lib.combinators;
]; ];
subdomains = { subdomains = {
ns.A = [ publicIpv4 ]; ns.A = [ publicIPv4 ];
ns1.A = [ publicIpv4 ]; ns1.A = [ publicIPv4 ];
ns2.A = [ publicIpv4 ]; ns2.A = [ publicIPv4 ];
"*".A = [ publicIpv4 ]; "*".A = [ publicIPv4 ];
}; };
} }