diff --git a/machines/dns01/_configuration.nix b/machines/dns01/_configuration.nix new file mode 100644 index 0000000..897fd2b --- /dev/null +++ b/machines/dns01/_configuration.nix @@ -0,0 +1,39 @@ +{ lib, ... }: + +lib.extra.mkConfig { + enabledModules = [ + # List of modules to enable + ]; + + enabledServices = [ + # List of services to enable + "nsd" + ]; + + extraConfig = { + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDMBW7rTtfZL9wtrpCVgariKdpN60/VeAzXkh9w3MwbO julien@enigma" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKrijwPlb7KQkYPLznMPVzPPT69cLzhEsJzZi9tmxzTh cst1@x270" + ]; + systemd.network = { + config.routeTables = { + he = 100; + mwan = 110; + }; + networks = { + "10-ens18" = { + name = "ens18"; + + networkConfig = { + Description = "ENS uplink"; + Address = [ "129.199.146.102/24" ]; + Gateway = "129.199.146.254"; + LLDP = true; + }; + }; + }; + }; + }; + + root = ./.; +} diff --git a/machines/dns01/_hardware-configuration.nix b/machines/dns01/_hardware-configuration.nix new file mode 100644 index 0000000..8b0d66a --- /dev/null +++ b/machines/dns01/_hardware-configuration.nix @@ -0,0 +1,34 @@ +{ lib, modulesPath, ... }: + +{ + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + + boot = { + loader.systemd-boot.enable = true; + initrd.kernelModules = [ ]; + kernelModules = [ ]; + extraModulePackages = [ ]; + initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "virtio_pci" + "virtio_scsi" + "sd_mod" + "sr_mod" + ]; + }; + + fileSystems."/" = { + device = "/dev/disk/by-partlabel/disk-sda-root"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-partlabel/disk-sda-ESP"; + fsType = "vfat"; + }; + + networking.useDHCP = lib.mkDefault false; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/machines/dns01/beta.dgnum.eu.nix b/machines/dns01/beta.dgnum.eu.nix new file mode 100644 index 0000000..44d903d --- /dev/null +++ b/machines/dns01/beta.dgnum.eu.nix @@ -0,0 +1,22 @@ +{ dns, ... }: + +with dns.lib.combinators; +{ + SOA = { + nameServer = "ns1"; + adminEmail = "webmaster@dgnum.eu"; + serial = 2019030800; + }; + + NS = [ + # TODO: add nameservers with GLUE and everything + ]; + + #A = [ "203.0.113.1" ]; + #AAAA = [ "4321:0:1:2:3:4:567:89ab" ]; + + subdomains = { + photoprism = host "129.199.146.101" null; + immich = host "129.199.146.101" null; + }; +} diff --git a/machines/dns01/nsd.nix b/machines/dns01/nsd.nix new file mode 100644 index 0000000..41f4ec8 --- /dev/null +++ b/machines/dns01/nsd.nix @@ -0,0 +1,22 @@ +{ sources, ... }: + +let + dns = import sources.dns-nix { }; +in +{ + services.nsd = { + enable = true; + zones = { + "beta.dgnum.eu" = { + # provideXFR = [ ... ]; + # notify = [ ... ]; + data = dns.lib.toString "beta.dgnum.eu" (import ./beta.dgnum.eu.nix { inherit dns; }); + }; + }; + }; + networking = { + firewall = { + allowedUDPPorts = [ 53 ]; + }; + }; +} diff --git a/machines/dns01/secrets/secrets.nix b/machines/dns01/secrets/secrets.nix new file mode 100644 index 0000000..16bf5d3 --- /dev/null +++ b/machines/dns01/secrets/secrets.nix @@ -0,0 +1,3 @@ +(import ../../../keys).mkSecrets [ "dns01" ] [ + # List of secrets for router02 +] diff --git a/machines/photo01/_configuration.nix b/machines/photo01/_configuration.nix index 4da2284..5619a02 100644 --- a/machines/photo01/_configuration.nix +++ b/machines/photo01/_configuration.nix @@ -8,7 +8,6 @@ in imports = [ ./_hardware-configuration.nix - # NOTE: For now, only deploy the bare minimum ./immich.nix ./nginx.nix ./photoprism.nix diff --git a/machines/photo01/_hardware-configuration.nix b/machines/photo01/_hardware-configuration.nix index e87eb0d..8b0d66a 100644 --- a/machines/photo01/_hardware-configuration.nix +++ b/machines/photo01/_hardware-configuration.nix @@ -16,7 +16,6 @@ "sd_mod" "sr_mod" ]; - }; fileSystems."/" = { diff --git a/meta/network.nix b/meta/network.nix index ca31c69..62c03f2 100644 --- a/meta/network.nix +++ b/meta/network.nix @@ -1,4 +1,11 @@ { + dns01 = { + interfaces = { }; + + addresses.ipv4 = [ "129.199.146.102" ]; + + hostId = "1758233d"; + }; krz01 = { interfaces = { vmbr0 = { diff --git a/meta/nodes.nix b/meta/nodes.nix index f3fca44..c73f6c4 100644 --- a/meta/nodes.nix +++ b/meta/nodes.nix @@ -19,6 +19,15 @@ - luj01 -> VM de Luj */ { + dns01 = { + site = "pav01"; + + # TODO: + hashedPassword = "$y$j9T$eNZQgDN.J5y7KTG2hXgat1$J1i5tjx5dnSZu.C9B7swXi5zMFIkUnmRrnmyLHFAt8/"; + + stateVersion = "24.05"; + nixpkgs = "24.05"; + }; krz01 = { site = "pav01"; diff --git a/npins/sources.json b/npins/sources.json index 47a70d8..c8c103b 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -30,6 +30,21 @@ "url": "https://api.github.com/repos/nix-community/disko/tarball/v1.8.0", "hash": "06ifryv6rw25cz8zda4isczajdgrvcl3aqr145p8njxx5jya2d77" }, + "dns-nix": { + "type": "GitRelease", + "repository": { + "type": "GitHub", + "owner": "nix-community", + "repo": "dns.nix" + }, + "pre_releases": false, + "version_upper_bound": null, + "release_prefix": null, + "version": "v1.2.0", + "revision": "a3196708a56dee76186a9415c187473b94e6cbae", + "url": "https://api.github.com/repos/nix-community/dns.nix/tarball/v1.2.0", + "hash": "011b6ahj4qcf7jw009qgbf6k5dvjmgls88khwzgjr9kxlgbypb90" + }, "git-hooks": { "type": "Git", "repository": { @@ -185,4 +200,4 @@ } }, "version": 3 -} \ No newline at end of file +}