create global module for machine-independent custom configuration
parameterize various IP addresses
This commit is contained in:
parent
b189d061cb
commit
efe9b57867
9 changed files with 90 additions and 49 deletions
|
@ -2,6 +2,7 @@
|
|||
imports = [
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
./modules
|
||||
./lab.nix
|
||||
];
|
||||
|
||||
boot = {
|
||||
|
|
8
nixos/lab.nix
Normal file
8
nixos/lab.nix
Normal file
|
@ -0,0 +1,8 @@
|
|||
{
|
||||
lab.networking = {
|
||||
publicIPv4 = "192.145.57.90";
|
||||
dockerSwarmInternalIPv4 = "192.168.30.8";
|
||||
dmzRouterIPv4 = "192.168.30.1";
|
||||
dmzDHCPIPv4 = "192.168.30.7";
|
||||
};
|
||||
}
|
|
@ -23,23 +23,27 @@
|
|||
name = "atlas";
|
||||
hostName = "atlas.hyp";
|
||||
|
||||
nixosModule.lab = {
|
||||
networking = {
|
||||
staticDMZIpv4Address = "192.168.30.7/24";
|
||||
dmzServices.enable = true;
|
||||
};
|
||||
nixosModule = { config, ... }:
|
||||
let inherit (config.lab.networking) dmzDHCPIPv4; in
|
||||
{
|
||||
lab = {
|
||||
networking = {
|
||||
staticDMZIpv4Address = "${dmzDHCPIPv4}/24";
|
||||
dmzServices.enable = true;
|
||||
};
|
||||
|
||||
storage = {
|
||||
osDisk = "/dev/sda";
|
||||
dataPartition = "/dev/nvme0n1p1";
|
||||
};
|
||||
storage = {
|
||||
osDisk = "/dev/sda";
|
||||
dataPartition = "/dev/nvme0n1p1";
|
||||
};
|
||||
|
||||
ssh = {
|
||||
useCertificates = true;
|
||||
hostCert = builtins.readFile ./atlas_host_ed25519-cert.pub;
|
||||
userCert = builtins.readFile ./atlas_user_ed25519-cert.pub;
|
||||
ssh = {
|
||||
useCertificates = true;
|
||||
hostCert = builtins.readFile ./atlas_host_ed25519-cert.pub;
|
||||
userCert = builtins.readFile ./atlas_user_ed25519-cert.pub;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
lewis = {
|
||||
|
|
|
@ -76,7 +76,7 @@ in
|
|||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
environment.systemPackages = with pkgs; [ postgresql ];
|
||||
environment.systemPackages = with pkgs; [ borgbackup postgresql ];
|
||||
# Converted from:
|
||||
# https://github.com/borgmatic-collective/borgmatic/tree/84823dfb912db650936e3492f6ead7e0e0d32a0f/sample/systemd
|
||||
systemd.services.borgmatic = {
|
||||
|
|
|
@ -19,6 +19,34 @@ in {
|
|||
Assign a static IPv4 on the DMZ interface.
|
||||
'';
|
||||
};
|
||||
|
||||
publicIPv4 = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = ''
|
||||
Public IPv4 address of our home.
|
||||
'';
|
||||
};
|
||||
|
||||
dockerSwarmInternalIPv4 = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = ''
|
||||
Internal IPv4 address of the Docker Swarm.
|
||||
'';
|
||||
};
|
||||
|
||||
dmzRouterIPv4 = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = ''
|
||||
The router's IPv4 address on the DMZ network.
|
||||
'';
|
||||
};
|
||||
|
||||
dmzDHCPIPv4 = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = ''
|
||||
The IPv4 address of the DHCP server on the DMZ network.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
|
|
|
@ -1,15 +1,14 @@
|
|||
{ pkgs, lib, config, dns, ... }:
|
||||
{ pkgs, lib, config, dns, ... }@inputs:
|
||||
let
|
||||
cfg = config.lab.networking.dmzServices;
|
||||
publicIpv4 = "192.145.57.90";
|
||||
kunisZoneFile = pkgs.writeTextFile {
|
||||
name = "kunis-zone-file";
|
||||
text = (dns.lib.toString "kun.is" (import ./zones/kun.is.nix { inherit dns publicIpv4; }));
|
||||
text = (dns.lib.toString "kun.is" (import ./zones/kun.is.nix inputs));
|
||||
};
|
||||
|
||||
geokunis2nlZoneFile = pkgs.writeTextFile {
|
||||
name = "geokunis2nl-zone-file";
|
||||
text = (dns.lib.toString "geokunis2.nl" (import ./zones/geokunis2.nl.nix { inherit dns publicIpv4; }));
|
||||
text = (dns.lib.toString "geokunis2.nl" (import ./zones/geokunis2.nl.nix inputs));
|
||||
};
|
||||
in
|
||||
{
|
||||
|
@ -65,7 +64,7 @@ in
|
|||
|
||||
dnsmasq = {
|
||||
enable = true;
|
||||
settings = import ./dnsmasq.nix;
|
||||
settings = import ./dnsmasq.nix inputs;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,9 +1,13 @@
|
|||
{ config, ... }:
|
||||
let
|
||||
inherit (config.lab.networking) publicIPv4 dockerSwarmInternalIPv4 dmzDHCPIPv4 dmzRouterIPv4;
|
||||
in
|
||||
{
|
||||
no-resolv = true;
|
||||
server = [
|
||||
"192.168.30.1"
|
||||
"/geokunis2.nl/192.168.30.7"
|
||||
"/kun.is/192.168.30.7"
|
||||
dmzRouterIPv4
|
||||
"/geokunis2.nl/${dmzDHCPIPv4}"
|
||||
"/kun.is/${dmzDHCPIPv4}"
|
||||
];
|
||||
local = "/dmz/";
|
||||
dhcp-fqdn = true;
|
||||
|
@ -13,29 +17,22 @@
|
|||
dhcp-authoritative = true;
|
||||
dhcp-range = [
|
||||
"192.168.30.50,192.168.30.127,15m"
|
||||
"2a02:58:19a:f730::, ra-stateless, ra-names"
|
||||
];
|
||||
dhcp-host = [
|
||||
"b8:27:eb:b9:ab:e2,esrom"
|
||||
"ca:fe:c0:ff:ee:03,max,192.168.30.3"
|
||||
"ca:fe:c0:ff:ee:08,maestro,192.168.30.8"
|
||||
"dc:a6:32:7b:e2:11,iris,192.168.30.9"
|
||||
"ca:fe:c0:ff:ee:0a,thecloud,192.168.30.10"
|
||||
"52:54:00:72:e0:9a,forum,192.168.30.11"
|
||||
"ca:fe:c0:ff:ee:08,maestro,${dockerSwarmInternalIPv4}"
|
||||
];
|
||||
dhcp-option = [
|
||||
"3,192.168.30.1"
|
||||
"option6:dns-server,[2a02:58:19a:f730::1]"
|
||||
"option:dns-server,192.168.30.1"
|
||||
"3,${dmzRouterIPv4}"
|
||||
"option:dns-server,${dmzRouterIPv4}"
|
||||
];
|
||||
ra-param = "*,0,0";
|
||||
alias = "192.145.57.90,192.168.30.8";
|
||||
alias = "${publicIPv4},${dockerSwarmInternalIPv4}";
|
||||
log-dhcp = true;
|
||||
log-queries = true;
|
||||
interface-name = "hermes.dmz,ens3";
|
||||
# interface-name = "hermes.dmz,ens3";
|
||||
port = "5353";
|
||||
address = [
|
||||
"/ns.pizzapim.nl/ns.geokunis2.nl/ns.pim.kunis.nl/192.168.30.7"
|
||||
"/ns.pizzapim.nl/ns.geokunis2.nl/ns.pim.kunis.nl/2a02:58:19a:f730:c8fe:c0ff:feff:ee07"
|
||||
"/ns.pizzapim.nl/ns.geokunis2.nl/${dmzDHCPIPv4}"
|
||||
];
|
||||
}
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
{ publicIpv4, dns }:
|
||||
{ config, dns, ... }:
|
||||
with dns.lib.combinators;
|
||||
|
||||
let
|
||||
inherit (config.lab.networking) publicIPv4;
|
||||
in
|
||||
{
|
||||
SOA = {
|
||||
nameServer = "ns";
|
||||
|
@ -17,13 +19,13 @@ with dns.lib.combinators;
|
|||
|
||||
MX = [ (mx.mx 10 "mail.geokunis2.nl.") ];
|
||||
|
||||
A = [ publicIpv4 ];
|
||||
A = [ publicIPv4 ];
|
||||
CAA = letsEncrypt "caa@geokunis2.nl";
|
||||
|
||||
subdomains = {
|
||||
ns.A = [ publicIpv4 ];
|
||||
ns1.A = [ publicIpv4 ];
|
||||
ns2.A = [ publicIpv4 ];
|
||||
"*".A = [ publicIpv4 ];
|
||||
ns.A = [ publicIPv4 ];
|
||||
ns1.A = [ publicIPv4 ];
|
||||
ns2.A = [ publicIPv4 ];
|
||||
"*".A = [ publicIPv4 ];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
{ publicIpv4, dns }:
|
||||
{ config, dns, ... }:
|
||||
with dns.lib.combinators;
|
||||
|
||||
let
|
||||
inherit (config.lab.networking) publicIPv4;
|
||||
in
|
||||
{
|
||||
CAA = letsEncrypt "caa@kun.is";
|
||||
|
||||
|
@ -20,9 +22,9 @@ with dns.lib.combinators;
|
|||
];
|
||||
|
||||
subdomains = {
|
||||
ns.A = [ publicIpv4 ];
|
||||
ns1.A = [ publicIpv4 ];
|
||||
ns2.A = [ publicIpv4 ];
|
||||
"*".A = [ publicIpv4 ];
|
||||
ns.A = [ publicIPv4 ];
|
||||
ns1.A = [ publicIPv4 ];
|
||||
ns2.A = [ publicIPv4 ];
|
||||
"*".A = [ publicIPv4 ];
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue