commit 3b92a510e1c8345797d9b462643b591eb035597b
parent 605ec7a68ee9e9d1087d73fdd11a7f6dc6882477
Author: Vincent Demeester <vincent@sbr.pm>
Date: Fri, 19 Nov 2021 16:49:56 +0100
system/modules: add a dns.nix and db files.
This reduce duplication in hosts.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Diffstat:
8 files changed, 234 insertions(+), 70 deletions(-)
diff --git a/secrets/db.10.100.0 b/secrets/db.10.100.0
@@ -0,0 +1,23 @@
+$TTL 604800
+@ IN SOA ns1.vpn. admin.vpn. (
+ 3 ; Serial
+ 604800 ; Refresh
+ 86400 ; Retry
+ 2419200 ; Expire
+ 604800 ) ; Negative Cache TTL
+
+; name servers - NS records
+@ IN NS ns1.vpn.
+@ IN NS ns2.vpn.
+
+3 IN PTR california.vpn.
+5 IN PTR hokkaido.vpn.
+4 IN PTR honshu.vpn.
+10 IN PTR kobe.vpn.
+6 IN PTR massimo.vpn.
+10 IN PTR ns1.vpn.
+14 IN PTR ns2.vpn.
+14 IN PTR okinawa.vpn.
+2 IN PTR shikoku.vpn.
+8 IN PTR wakasu.vpn.
+17 IN PTR aomi.vpn.
diff --git a/secrets/db.192.168.1 b/secrets/db.192.168.1
@@ -0,0 +1,58 @@
+$TTL 604800
+@ IN SOA ns1.home. admin.home. (
+ 3 ; Serial
+ 604800 ; Refresh
+ 86400 ; Retry
+ 2419200 ; Expire
+ 604800 ) ; Negative Cache TTL
+
+; name servers - NS records
+@ IN NS ns1.home.
+@ IN NS ns2.home.
+
+11 IN PTR hokkaido.home.
+17 IN PTR honshu.home.
+18 IN PTR kobe.home.
+19 IN PTR ns1.home.
+19 IN PTR okinawa.home.
+70 IN PTR ns2.home.
+70 IN PTR sakhalin.home.
+20 IN PTR synodine.home.
+77 IN PTR wakasu.home.
+23 IN PTR aomi.home.
+60 IN PTR dev.home.
+
+; OpenShift VM
+;; Load Balancer
+120 IN PTR vm0.home.
+120 IN PTR api.ocp.home.
+120 IN PTR api-int.ocp.home.
+
+;; Masters
+121 IN PTR vm1.home.
+121 IN PTR master0.ocp.home.
+122 IN PTR vm2.home.
+122 IN PTR master1.ocp.home.
+123 IN PTR vm3.home.
+123 IN PTR master2.ocp.home.
+
+;; Workers
+124 IN PTR vm4.home.
+124 IN PTR worker1.ocp.home.
+125 IN PTR vm5.home.
+125 IN PTR worker2.ocp.home.
+126 IN PTR vm6.home.
+126 IN PTR worker3.ocp.home.
+127 IN PTR vm7.home.
+127 IN PTR worker4.ocp.home.
+128 IN PTR vm8.home.
+128 IN PTR worker5.ocp.home.
+
+;; Bootstrap machine
+129 IN PTR vm9.home.
+129 IN PTR bootstrap.ocp.home.
+
+;; k8s nodes
+130 IN PTR k8sn1.home.
+131 IN PTR k8sn2.home.
+132 IN PTR k8sn3.home.
diff --git a/secrets/db.home b/secrets/db.home
@@ -0,0 +1,72 @@
+$TTL 604800
+@ IN SOA ns1.home. admin.home. (
+ 3 ; Serial
+ 604800 ; Refresh
+ 86400 ; Retry
+ 2419200 ; Expire
+ 604800 ) ; Negative Cache TTL
+
+; name servers - NS records
+@ IN NS ns1.home.
+@ IN NS ns2.home.
+
+*.cache.home. IN A 192.168.1.70
+*.okinawa.home. IN A 192.168.1.19
+hokkaido.home. IN A 192.168.1.11
+honshu.home. IN A 192.168.1.17
+kobe.home. IN A 192.168.1.18
+ns1.home. IN A 192.168.1.19
+ns2.home. IN A 192.168.1.70
+okinawa.home. IN A 192.168.1.19
+sakhalin.home. IN A 192.168.1.70
+*.sakhalin.home IN A 192.168.1.70
+synodine.home. IN A 192.168.1.20
+wakasu.home. IN A 192.168.1.77
+*.wakasu.home IN A 192.168.1.77
+aomi.home. IN A 192.168.1.23
+*.aomi.home. IN A 192.168.1.23
+dev.home. IN A 192.168.1.60
+
+; OpenShift VMs
+;; Load balancer
+vm0.home. IN A 192.168.1.120
+api.ocp.home. IN A 192.168.1.120
+api-int.ocp.home. IN A 192.168.1.120
+*.apps.ocp.home. IN A 192.168.1.120
+
+;; Masters
+vm1.home. IN A 192.168.1.121
+master0.ocp.home. IN A 192.168.1.121
+vm2.home. IN A 192.168.1.122
+master1.ocp.home. IN A 192.168.1.122
+vm3.home. IN A 192.168.1.123
+master3.ocp.home. IN A 192.168.1.123
+
+;; Workers
+vm4.home. IN A 192.168.1.124
+worker1.ocp.home. IN A 192.168.1.124
+vm5.home. IN A 192.168.1.125
+worker2.ocp.home. IN A 192.168.1.125
+vm6.home. IN A 192.168.1.126
+worker3.ocp.home. IN A 192.168.1.126
+vm7.home. IN A 192.168.1.127
+worker4.ocp.home. IN A 192.168.1.127
+vm8.home. IN A 192.168.1.128
+worker5.ocp.home. IN A 192.168.1.128
+
+;; Bootstrap machine
+vm9.home. IN A 192.168.1.129
+bootstrap.ocp.home. IN A 192.168.1.129
+
+;; etcd records
+etcd-0.ocp.home. IN A 192.168.1.121
+etcd-1.ocp.home. IN A 192.168.1.122
+etcd-2.ocp.home. IN A 192.168.1.123
+_etcd-server-ssl._tcp.ocp.home. IN SRV 0 10 2380 etcd-0.ocp.home.
+_etcd-server-ssl._tcp.ocp.home. IN SRV 0 10 2380 etcd-1.ocp.home.
+_etcd-server-ssl._tcp.ocp.home. IN SRV 0 10 2380 etcd-2.ocp.home.
+
+;; k8s nodes
+k8sn1.home. IN A 192.168.1.130
+k8sn2.home. IN A 192.168.1.131
+k8sn3.home. IN A 192.168.1.132+
\ No newline at end of file
diff --git a/secrets/db.vpn b/secrets/db.vpn
@@ -0,0 +1,24 @@
+$TTL 604800
+@ IN SOA ns1.vpn. admin.vpn. (
+ 3 ; Serial
+ 604800 ; Refresh
+ 86400 ; Retry
+ 2419200 ; Expire
+ 604800 ) ; Negative Cache TTL
+
+; name servers - NS records
+@ IN NS ns1.vpn.
+@ IN NS ns2.vpn.
+
+*.cache.vpn. IN A 10.100.0.6
+*.massimo.vpn. IN A 10.100.0.6
+*.svc.vpn. IN A 10.100.0.6
+california.vpn. IN A 10.100.0.3
+hokkaido.vpn. IN A 10.100.0.5
+honshu.vpn. IN A 10.100.0.4
+kobe.vpn. IN A 10.100.0.10
+ns1.vpn. IN A 10.100.0.10
+ns2.vpn. IN A 10.100.0.14
+okinawa.vpn. IN A 10.100.0.14
+wakasu.vpn. IN A 10.100.0.8
+aomi.vpn. IN A 10.100.0.17
diff --git a/systems/hosts/sakhalin.nix b/systems/hosts/sakhalin.nix
@@ -58,6 +58,7 @@ in
};
profiles = {
+ bind.enable = true;
home = true;
avahi.enable = true;
git.enable = true;
@@ -108,41 +109,6 @@ in
listenAddress = "0.0.0.0";
enableGarbageCollect = true;
};
- bind = {
- enable = true;
- forwarders = [ "8.8.8.8" "8.8.4.4" ];
- cacheNetworks = [ "192.168.1.0/24" "127.0.0.0/8" "10.100.0.0/24" ];
- zones = [
- {
- # home
- name = "home";
- master = true;
- slaves = [ ];
- file = pkgs.mkSecret ../../secrets/db.home;
- }
- {
- # home.reverse
- name = "192.168.1.in-addr.arpa";
- master = true;
- slaves = [ ];
- file = pkgs.mkSecret ../../secrets/db.192.168.1;
- }
- {
- # vpn
- name = "vpn";
- master = true;
- slaves = [ ];
- file = pkgs.mkSecret ../../secrets/db.vpn;
- }
- {
- # vpn.reverse
- name = "10.100.0.in-addr.arpa";
- master = true;
- slaves = [ ];
- file = pkgs.mkSecret ../../secrets/db.10.100.0;
- }
- ];
- };
syncthing.guiAddress = "0.0.0.0:8384";
wireguard = {
enable = true;
diff --git a/systems/hosts/wakasu.nix b/systems/hosts/wakasu.nix
@@ -61,6 +61,7 @@ in
swapDevices = [{ device = "/dev/disk/by-uuid/720200fc-8f27-49a7-85bb-a406b6119d31"; }];
profiles = {
+ bind.enable = true;
home = true;
dev.enable = false;
desktop.enable = lib.mkForce false;
@@ -81,41 +82,6 @@ in
HandleLidSwitchExternalPower=ignore
HandleLidSwitchDocked=ignore
'';
- bind = {
- enable = true;
- forwarders = [ "8.8.8.8" "8.8.4.4" ];
- cacheNetworks = [ "192.168.1.0/24" "127.0.0.0/8" "10.100.0.0/24" ];
- zones = [
- {
- # home
- name = "home";
- master = true;
- slaves = [ ];
- file = pkgs.mkSecret ../../secrets/db.home;
- }
- {
- # home.reverse
- name = "192.168.1.in-addr.arpa";
- master = true;
- slaves = [ ];
- file = pkgs.mkSecret ../../secrets/db.192.168.1;
- }
- {
- # vpn
- name = "vpn";
- master = true;
- slaves = [ ];
- file = pkgs.mkSecret ../../secrets/db.vpn;
- }
- {
- # vpn.reverse
- name = "10.100.0.in-addr.arpa";
- master = true;
- slaves = [ ];
- file = pkgs.mkSecret ../../secrets/db.10.100.0;
- }
- ];
- };
syncthing.guiAddress = "${ip}:8384";
smartd = {
enable = true;
diff --git a/systems/modules/profiles/default.nix b/systems/modules/profiles/default.nix
@@ -5,6 +5,7 @@
./builder.nix
./desktop.nix
./dev.nix
+ ./dns.nix
./docker.nix
./gaming.nix
./git.nix
diff --git a/systems/modules/profiles/dns.nix b/systems/modules/profiles/dns.nix
@@ -0,0 +1,53 @@
+{ config, lib, pkgs, ... }:
+
+let
+ inherit (lib) mkIf mkEnableOption;
+ cfg = config.profiles.bind;
+in
+{
+ options = {
+ profiles.bind = {
+ enable = mkEnableOption "Enable bind profile";
+ };
+ };
+ config = mkIf cfg.enable {
+
+ services = {
+ bind = {
+ enable = true;
+ forwarders = [ "8.8.8.8" "8.8.4.4" ];
+ cacheNetworks = [ "192.168.1.0/24" "127.0.0.0/8" "10.100.0.0/24" ];
+ zones = [
+ {
+ # home
+ name = "home";
+ master = true;
+ slaves = [ ];
+ file = ../../../secrets/db.home;
+ }
+ {
+ # home.reverse
+ name = "192.168.1.in-addr.arpa";
+ master = true;
+ slaves = [ ];
+ file = ../../../secrets/db.192.168.1;
+ }
+ {
+ # vpn
+ name = "vpn";
+ master = true;
+ slaves = [ ];
+ file = ../../../secrets/db.vpn;
+ }
+ {
+ # vpn.reverse
+ name = "10.100.0.in-addr.arpa";
+ master = true;
+ slaves = [ ];
+ file = ../../../secrets/db.10.100.0;
+ }
+ ];
+ };
+ };
+ };
+}