home

My NixOS systems configurations.
Log | Files | Refs | LICENSE

commit 3b92a510e1c8345797d9b462643b591eb035597b
parent 605ec7a68ee9e9d1087d73fdd11a7f6dc6882477
Author: Vincent Demeester <vincent@sbr.pm>
Date:   Fri, 19 Nov 2021 16:49:56 +0100

system/modules: add a dns.nix and db files.

This reduce duplication in hosts.

Signed-off-by: Vincent Demeester <vincent@sbr.pm>

Diffstat:
Asecrets/db.10.100.0 | 23+++++++++++++++++++++++
Asecrets/db.192.168.1 | 58++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Asecrets/db.home | 73+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Asecrets/db.vpn | 24++++++++++++++++++++++++
Msystems/hosts/sakhalin.nix | 36+-----------------------------------
Msystems/hosts/wakasu.nix | 36+-----------------------------------
Msystems/modules/profiles/default.nix | 1+
Asystems/modules/profiles/dns.nix | 53+++++++++++++++++++++++++++++++++++++++++++++++++++++
8 files changed, 234 insertions(+), 70 deletions(-)

diff --git a/secrets/db.10.100.0 b/secrets/db.10.100.0 @@ -0,0 +1,23 @@ +$TTL 604800 +@ IN SOA ns1.vpn. admin.vpn. ( + 3 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 604800 ) ; Negative Cache TTL + +; name servers - NS records +@ IN NS ns1.vpn. +@ IN NS ns2.vpn. + +3 IN PTR california.vpn. +5 IN PTR hokkaido.vpn. +4 IN PTR honshu.vpn. +10 IN PTR kobe.vpn. +6 IN PTR massimo.vpn. +10 IN PTR ns1.vpn. +14 IN PTR ns2.vpn. +14 IN PTR okinawa.vpn. +2 IN PTR shikoku.vpn. +8 IN PTR wakasu.vpn. +17 IN PTR aomi.vpn. diff --git a/secrets/db.192.168.1 b/secrets/db.192.168.1 @@ -0,0 +1,58 @@ +$TTL 604800 +@ IN SOA ns1.home. admin.home. ( + 3 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 604800 ) ; Negative Cache TTL + +; name servers - NS records +@ IN NS ns1.home. +@ IN NS ns2.home. + +11 IN PTR hokkaido.home. +17 IN PTR honshu.home. +18 IN PTR kobe.home. +19 IN PTR ns1.home. +19 IN PTR okinawa.home. +70 IN PTR ns2.home. +70 IN PTR sakhalin.home. +20 IN PTR synodine.home. +77 IN PTR wakasu.home. +23 IN PTR aomi.home. +60 IN PTR dev.home. + +; OpenShift VM +;; Load Balancer +120 IN PTR vm0.home. +120 IN PTR api.ocp.home. +120 IN PTR api-int.ocp.home. + +;; Masters +121 IN PTR vm1.home. +121 IN PTR master0.ocp.home. +122 IN PTR vm2.home. +122 IN PTR master1.ocp.home. +123 IN PTR vm3.home. +123 IN PTR master2.ocp.home. + +;; Workers +124 IN PTR vm4.home. +124 IN PTR worker1.ocp.home. +125 IN PTR vm5.home. +125 IN PTR worker2.ocp.home. +126 IN PTR vm6.home. +126 IN PTR worker3.ocp.home. +127 IN PTR vm7.home. +127 IN PTR worker4.ocp.home. +128 IN PTR vm8.home. +128 IN PTR worker5.ocp.home. + +;; Bootstrap machine +129 IN PTR vm9.home. +129 IN PTR bootstrap.ocp.home. + +;; k8s nodes +130 IN PTR k8sn1.home. +131 IN PTR k8sn2.home. +132 IN PTR k8sn3.home. diff --git a/secrets/db.home b/secrets/db.home @@ -0,0 +1,72 @@ +$TTL 604800 +@ IN SOA ns1.home. admin.home. ( + 3 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 604800 ) ; Negative Cache TTL + +; name servers - NS records +@ IN NS ns1.home. +@ IN NS ns2.home. + +*.cache.home. IN A 192.168.1.70 +*.okinawa.home. IN A 192.168.1.19 +hokkaido.home. IN A 192.168.1.11 +honshu.home. IN A 192.168.1.17 +kobe.home. IN A 192.168.1.18 +ns1.home. IN A 192.168.1.19 +ns2.home. IN A 192.168.1.70 +okinawa.home. IN A 192.168.1.19 +sakhalin.home. IN A 192.168.1.70 +*.sakhalin.home IN A 192.168.1.70 +synodine.home. IN A 192.168.1.20 +wakasu.home. IN A 192.168.1.77 +*.wakasu.home IN A 192.168.1.77 +aomi.home. IN A 192.168.1.23 +*.aomi.home. IN A 192.168.1.23 +dev.home. IN A 192.168.1.60 + +; OpenShift VMs +;; Load balancer +vm0.home. IN A 192.168.1.120 +api.ocp.home. IN A 192.168.1.120 +api-int.ocp.home. IN A 192.168.1.120 +*.apps.ocp.home. IN A 192.168.1.120 + +;; Masters +vm1.home. IN A 192.168.1.121 +master0.ocp.home. IN A 192.168.1.121 +vm2.home. IN A 192.168.1.122 +master1.ocp.home. IN A 192.168.1.122 +vm3.home. IN A 192.168.1.123 +master3.ocp.home. IN A 192.168.1.123 + +;; Workers +vm4.home. IN A 192.168.1.124 +worker1.ocp.home. IN A 192.168.1.124 +vm5.home. IN A 192.168.1.125 +worker2.ocp.home. IN A 192.168.1.125 +vm6.home. IN A 192.168.1.126 +worker3.ocp.home. IN A 192.168.1.126 +vm7.home. IN A 192.168.1.127 +worker4.ocp.home. IN A 192.168.1.127 +vm8.home. IN A 192.168.1.128 +worker5.ocp.home. IN A 192.168.1.128 + +;; Bootstrap machine +vm9.home. IN A 192.168.1.129 +bootstrap.ocp.home. IN A 192.168.1.129 + +;; etcd records +etcd-0.ocp.home. IN A 192.168.1.121 +etcd-1.ocp.home. IN A 192.168.1.122 +etcd-2.ocp.home. IN A 192.168.1.123 +_etcd-server-ssl._tcp.ocp.home. IN SRV 0 10 2380 etcd-0.ocp.home. +_etcd-server-ssl._tcp.ocp.home. IN SRV 0 10 2380 etcd-1.ocp.home. +_etcd-server-ssl._tcp.ocp.home. IN SRV 0 10 2380 etcd-2.ocp.home. + +;; k8s nodes +k8sn1.home. IN A 192.168.1.130 +k8sn2.home. IN A 192.168.1.131 +k8sn3.home. IN A 192.168.1.132+ \ No newline at end of file diff --git a/secrets/db.vpn b/secrets/db.vpn @@ -0,0 +1,24 @@ +$TTL 604800 +@ IN SOA ns1.vpn. admin.vpn. ( + 3 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 604800 ) ; Negative Cache TTL + +; name servers - NS records +@ IN NS ns1.vpn. +@ IN NS ns2.vpn. + +*.cache.vpn. IN A 10.100.0.6 +*.massimo.vpn. IN A 10.100.0.6 +*.svc.vpn. IN A 10.100.0.6 +california.vpn. IN A 10.100.0.3 +hokkaido.vpn. IN A 10.100.0.5 +honshu.vpn. IN A 10.100.0.4 +kobe.vpn. IN A 10.100.0.10 +ns1.vpn. IN A 10.100.0.10 +ns2.vpn. IN A 10.100.0.14 +okinawa.vpn. IN A 10.100.0.14 +wakasu.vpn. IN A 10.100.0.8 +aomi.vpn. IN A 10.100.0.17 diff --git a/systems/hosts/sakhalin.nix b/systems/hosts/sakhalin.nix @@ -58,6 +58,7 @@ in }; profiles = { + bind.enable = true; home = true; avahi.enable = true; git.enable = true; @@ -108,41 +109,6 @@ in listenAddress = "0.0.0.0"; enableGarbageCollect = true; }; - bind = { - enable = true; - forwarders = [ "8.8.8.8" "8.8.4.4" ]; - cacheNetworks = [ "192.168.1.0/24" "127.0.0.0/8" "10.100.0.0/24" ]; - zones = [ - { - # home - name = "home"; - master = true; - slaves = [ ]; - file = pkgs.mkSecret ../../secrets/db.home; - } - { - # home.reverse - name = "192.168.1.in-addr.arpa"; - master = true; - slaves = [ ]; - file = pkgs.mkSecret ../../secrets/db.192.168.1; - } - { - # vpn - name = "vpn"; - master = true; - slaves = [ ]; - file = pkgs.mkSecret ../../secrets/db.vpn; - } - { - # vpn.reverse - name = "10.100.0.in-addr.arpa"; - master = true; - slaves = [ ]; - file = pkgs.mkSecret ../../secrets/db.10.100.0; - } - ]; - }; syncthing.guiAddress = "0.0.0.0:8384"; wireguard = { enable = true; diff --git a/systems/hosts/wakasu.nix b/systems/hosts/wakasu.nix @@ -61,6 +61,7 @@ in swapDevices = [{ device = "/dev/disk/by-uuid/720200fc-8f27-49a7-85bb-a406b6119d31"; }]; profiles = { + bind.enable = true; home = true; dev.enable = false; desktop.enable = lib.mkForce false; @@ -81,41 +82,6 @@ in HandleLidSwitchExternalPower=ignore HandleLidSwitchDocked=ignore ''; - bind = { - enable = true; - forwarders = [ "8.8.8.8" "8.8.4.4" ]; - cacheNetworks = [ "192.168.1.0/24" "127.0.0.0/8" "10.100.0.0/24" ]; - zones = [ - { - # home - name = "home"; - master = true; - slaves = [ ]; - file = pkgs.mkSecret ../../secrets/db.home; - } - { - # home.reverse - name = "192.168.1.in-addr.arpa"; - master = true; - slaves = [ ]; - file = pkgs.mkSecret ../../secrets/db.192.168.1; - } - { - # vpn - name = "vpn"; - master = true; - slaves = [ ]; - file = pkgs.mkSecret ../../secrets/db.vpn; - } - { - # vpn.reverse - name = "10.100.0.in-addr.arpa"; - master = true; - slaves = [ ]; - file = pkgs.mkSecret ../../secrets/db.10.100.0; - } - ]; - }; syncthing.guiAddress = "${ip}:8384"; smartd = { enable = true; diff --git a/systems/modules/profiles/default.nix b/systems/modules/profiles/default.nix @@ -5,6 +5,7 @@ ./builder.nix ./desktop.nix ./dev.nix + ./dns.nix ./docker.nix ./gaming.nix ./git.nix diff --git a/systems/modules/profiles/dns.nix b/systems/modules/profiles/dns.nix @@ -0,0 +1,53 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkEnableOption; + cfg = config.profiles.bind; +in +{ + options = { + profiles.bind = { + enable = mkEnableOption "Enable bind profile"; + }; + }; + config = mkIf cfg.enable { + + services = { + bind = { + enable = true; + forwarders = [ "8.8.8.8" "8.8.4.4" ]; + cacheNetworks = [ "192.168.1.0/24" "127.0.0.0/8" "10.100.0.0/24" ]; + zones = [ + { + # home + name = "home"; + master = true; + slaves = [ ]; + file = ../../../secrets/db.home; + } + { + # home.reverse + name = "192.168.1.in-addr.arpa"; + master = true; + slaves = [ ]; + file = ../../../secrets/db.192.168.1; + } + { + # vpn + name = "vpn"; + master = true; + slaves = [ ]; + file = ../../../secrets/db.vpn; + } + { + # vpn.reverse + name = "10.100.0.in-addr.arpa"; + master = true; + slaves = [ ]; + file = ../../../secrets/db.10.100.0; + } + ]; + }; + }; + }; +}