home/nixos-servers
home/nixos-servers
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

create global module for machine-independent custom configuration

Browse source 
parameterize various IP addresses
This commit is contained in:
Pim Kunis 2024-01-08 23:17:37 +01:00
parent b189d061cb
commit efe9b57867
9 changed files with 90 additions and 49 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
nixos/default.nix
View file

@ -2,6 +2,7 @@
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
./modules
./lab.nix
];
boot = {

8
nixos/lab.nix Normal file
View file

@ -0,0 +1,8 @@
{
lab.networking = {
publicIPv4 = "192.145.57.90";
dockerSwarmInternalIPv4 = "192.168.30.8";
dmzRouterIPv4 = "192.168.30.1";
dmzDHCPIPv4 = "192.168.30.7";
};
}

32
nixos/machines/default.nix
View file

@ -23,23 +23,27 @@
name = "atlas";
hostName = "atlas.hyp";
nixosModule.lab = {
networking = {
staticDMZIpv4Address = "192.168.30.7/24";
dmzServices.enable = true;
};
nixosModule = { config, ... }:
let inherit (config.lab.networking) dmzDHCPIPv4; in
{
lab = {
networking = {
staticDMZIpv4Address = "${dmzDHCPIPv4}/24";
dmzServices.enable = true;
};
storage = {
osDisk = "/dev/sda";
dataPartition = "/dev/nvme0n1p1";
};
storage = {
osDisk = "/dev/sda";
dataPartition = "/dev/nvme0n1p1";
};
ssh = {
useCertificates = true;
hostCert = builtins.readFile ./atlas_host_ed25519-cert.pub;
userCert = builtins.readFile ./atlas_user_ed25519-cert.pub;
ssh = {
useCertificates = true;
hostCert = builtins.readFile ./atlas_host_ed25519-cert.pub;
userCert = builtins.readFile ./atlas_user_ed25519-cert.pub;
};
};
};
};
};
lewis = {

2
nixos/modules/backups.nix
View file

@ -76,7 +76,7 @@ in
};
config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [ postgresql ];
environment.systemPackages = with pkgs; [ borgbackup postgresql ];
# Converted from:
# https://github.com/borgmatic-collective/borgmatic/tree/84823dfb912db650936e3492f6ead7e0e0d32a0f/sample/systemd
systemd.services.borgmatic = {

28
nixos/modules/networking/default.nix
View file

@ -19,6 +19,34 @@ in {
Assign a static IPv4 on the DMZ interface.
'';
};
publicIPv4 = lib.mkOption {
type = lib.types.str;
description = ''
Public IPv4 address of our home.
'';
};
dockerSwarmInternalIPv4 = lib.mkOption {
type = lib.types.str;
description = ''
Internal IPv4 address of the Docker Swarm.
'';
};
dmzRouterIPv4 = lib.mkOption {
type = lib.types.str;
description = ''
The router's IPv4 address on the DMZ network.
'';
};
dmzDHCPIPv4 = lib.mkOption {
type = lib.types.str;
description = ''
The IPv4 address of the DHCP server on the DMZ network.
'';
};
};
config = {

9
nixos/modules/networking/dmz/default.nix
View file

@ -1,15 +1,14 @@
{ pkgs, lib, config, dns, ... }:
{ pkgs, lib, config, dns, ... }@inputs:
let
cfg = config.lab.networking.dmzServices;
publicIpv4 = "192.145.57.90";
kunisZoneFile = pkgs.writeTextFile {
name = "kunis-zone-file";
text = (dns.lib.toString "kun.is" (import ./zones/kun.is.nix { inherit dns publicIpv4; }));
text = (dns.lib.toString "kun.is" (import ./zones/kun.is.nix inputs));
};
geokunis2nlZoneFile = pkgs.writeTextFile {
name = "geokunis2nl-zone-file";
text = (dns.lib.toString "geokunis2.nl" (import ./zones/geokunis2.nl.nix { inherit dns publicIpv4; }));
text = (dns.lib.toString "geokunis2.nl" (import ./zones/geokunis2.nl.nix inputs));
};
in
{
@ -65,7 +64,7 @@ in
dnsmasq = {
enable = true;
settings = import ./dnsmasq.nix;
settings = import ./dnsmasq.nix inputs;
};
};
};

29
nixos/modules/networking/dmz/dnsmasq.nix
View file

@ -1,9 +1,13 @@
{ config, ... }:
let
inherit (config.lab.networking) publicIPv4 dockerSwarmInternalIPv4 dmzDHCPIPv4 dmzRouterIPv4;
in
{
no-resolv = true;
server = [
"192.168.30.1"
"/geokunis2.nl/192.168.30.7"
"/kun.is/192.168.30.7"
dmzRouterIPv4
"/geokunis2.nl/${dmzDHCPIPv4}"
"/kun.is/${dmzDHCPIPv4}"
];
local = "/dmz/";
dhcp-fqdn = true;
@ -13,29 +17,22 @@
dhcp-authoritative = true;
dhcp-range = [
"192.168.30.50,192.168.30.127,15m"
"2a02:58:19a:f730::, ra-stateless, ra-names"
];
dhcp-host = [
"b8:27:eb:b9:ab:e2,esrom"
"ca:fe:c0:ff:ee:03,max,192.168.30.3"
"ca:fe:c0:ff:ee:08,maestro,192.168.30.8"
"dc:a6:32:7b:e2:11,iris,192.168.30.9"
"ca:fe:c0:ff:ee:0a,thecloud,192.168.30.10"
"52:54:00:72:e0:9a,forum,192.168.30.11"
"ca:fe:c0:ff:ee:08,maestro,${dockerSwarmInternalIPv4}"
];
dhcp-option = [
"3,192.168.30.1"
"option6:dns-server,[2a02:58:19a:f730::1]"
"option:dns-server,192.168.30.1"
"3,${dmzRouterIPv4}"
"option:dns-server,${dmzRouterIPv4}"
];
ra-param = "*,0,0";
alias = "192.145.57.90,192.168.30.8";
alias = "${publicIPv4},${dockerSwarmInternalIPv4}";
log-dhcp = true;
log-queries = true;
interface-name = "hermes.dmz,ens3";
# interface-name = "hermes.dmz,ens3";
port = "5353";
address = [
"/ns.pizzapim.nl/ns.geokunis2.nl/ns.pim.kunis.nl/192.168.30.7"
"/ns.pizzapim.nl/ns.geokunis2.nl/ns.pim.kunis.nl/2a02:58:19a:f730:c8fe:c0ff:feff:ee07"
"/ns.pizzapim.nl/ns.geokunis2.nl/${dmzDHCPIPv4}"
];
}

16
nixos/modules/networking/dmz/zones/geokunis2.nl.nix
View file

@ -1,6 +1,8 @@
{ publicIpv4, dns }:
{ config, dns, ... }:
with dns.lib.combinators;
let
inherit (config.lab.networking) publicIPv4;
in
{
SOA = {
nameServer = "ns";
@ -17,13 +19,13 @@ with dns.lib.combinators;
MX = [ (mx.mx 10 "mail.geokunis2.nl.") ];
A = [ publicIpv4 ];
A = [ publicIPv4 ];
CAA = letsEncrypt "caa@geokunis2.nl";
subdomains = {
ns.A = [ publicIpv4 ];
ns1.A = [ publicIpv4 ];
ns2.A = [ publicIpv4 ];
"*".A = [ publicIpv4 ];
ns.A = [ publicIPv4 ];
ns1.A = [ publicIPv4 ];
ns2.A = [ publicIPv4 ];
"*".A = [ publicIPv4 ];
};
}

14
nixos/modules/networking/dmz/zones/kun.is.nix
View file

@ -1,6 +1,8 @@
{ publicIpv4, dns }:
{ config, dns, ... }:
with dns.lib.combinators;
let
inherit (config.lab.networking) publicIPv4;
in
{
CAA = letsEncrypt "caa@kun.is";
@ -20,9 +22,9 @@ with dns.lib.combinators;
];
subdomains = {
ns.A = [ publicIpv4 ];
ns1.A = [ publicIpv4 ];
ns2.A = [ publicIpv4 ];
"*".A = [ publicIpv4 ];
ns.A = [ publicIPv4 ];
ns1.A = [ publicIPv4 ];
ns2.A = [ publicIPv4 ];
"*".A = [ publicIPv4 ];
};
}