chore(meta): Revamp and remove DNS for now
Some checks failed
Check meta / check_meta (push) Successful in 22s
Check meta / check_meta (pull_request) Successful in 21s
lint / check (push) Successful in 23s
lint / check (pull_request) Successful in 24s
build configuration / build_krz01 (pull_request) Failing after 3m26s

We don't have a dns server for the lab infra for now. Later we will
probably reintroduce the tooling for our dns server. This will be good
for people to get into understanding the main infra repository.
This commit is contained in:
sinavir 2024-10-17 13:03:15 +02:00
parent 3ce077f92c
commit 2ac0a35c5e
8 changed files with 6 additions and 539 deletions

View file

@ -15,11 +15,3 @@ jobs:
- name: Check the validity of meta options
run: nix-build meta/verify.nix -A meta
check_dns:
runs-on: nix
steps:
- uses: actions/checkout@v3
- name: Check the validity of the DNS configuration
run: nix-build meta/verify.nix -A dns --no-out-link

View file

@ -74,8 +74,6 @@ in
host: { site, ... }: "${host}.${site}.infra.dgnum.eu"
) (import ./meta/nodes.nix);
dns = import ./meta/dns.nix;
mkCacheSettings = import ./machines/storage01/tvix-cache/cache-settings.nix;
shells = {

View file

@ -1,136 +0,0 @@
{ lib, dns, ... }:
let
inherit (lib) mapAttrs' nameValuePair;
inherit (lib.extra) fuseAttrs mapSingleFuse;
inherit (dns.lib.combinators) mx spf ttl;
meta = (import ./.) lib;
mkCNAME = host: { CNAME = [ host ]; };
mkHosted =
server:
{
dual ? [ ],
v4 ? [ ],
v6 ? [ ],
}:
let
base = "${server}.${meta.nodes.${server}.site}.infra";
mkHost = host: mapSingleFuse (_: mkCNAME host);
in
fuseAttrs [
(mkHost base dual)
(mkHost "v4.${base}" v4)
(mkHost "v6.${base}" v6)
];
cnames = builtins.mapAttrs (_: to: { CNAME = [ to ]; }) {
"dev" = "dev.pages.codeberg.page.";
"irc" = "public.p.lahfa.xyz.";
"webmail" = "kurisu.dual.lahfa.xyz.";
# Transition to new site names
"web01.dmi01.infra" = "web01.rat01.infra";
"web02.dmi01.infra" = "web02.rat01.infra";
"compute01.par01.infra" = "compute01.pav01.infra";
"storage01.par01.infra" = "storage01.pav01.infra";
# Miscelleanous redirections
"traque" = "traque.katvayor.net.";
# Temporary redirection for the BDS
# FIXME: finish the django apps module
"gestiobds.dj" = "cof.ens.fr.";
};
hosted = fuseAttrs (builtins.attrValues (builtins.mapAttrs mkHosted { }));
kurisuDKIM = [
{
selector = "kurisu";
k = "rsa";
s = [ "email" ];
p = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDa5KuK6ry+Ss2VsKL0FsDpoBlc7dcXZyp62fGqFJFJv4/GEivPWiwbr2o5oLKjQVI4kIYjIZsyQJFtI/Xcu4BrtDdBknb5WvCN8V9EvIMh3pfXOBLVx4oqw4BR7wF8Rw1J9xyfgsfK+m2n0M39XlMHH0Nuy6kU48jH9vYpZs17ZQIDAQAB";
}
];
in
{
SOA = {
nameServer = "ns01.dgnum.eu.";
adminEmail = "dns.dgnum.eu";
retry = 3600;
minimum = 300;
};
# Primary DNS servers
NS = [
"ns01.dgnum.eu." # ns-03.hubrecht.ovh
"ns02.dgnum.eu." # kurisu.lahfa.xyz
];
# dgnum.codeberg.pages
# ALIAS = [ "codeberg.page" ];
A = [ "217.197.91.145" ];
AAAA = [ "2001:67c:1401:20f0::1" ];
MX = map (ttl 3600) [ (mx.mx 10 "kurisu.lahfa.xyz.") ];
SRV = [
{
service = "autodiscover";
proto = "tcp";
port = 443;
target = "autoconfig.mail.lahfa.xyz.";
}
];
TXT = [
"dgnum.codeberg.page"
(spf.strict [ "a:kurisu.lahfa.xyz" ])
];
DMARC = [ { p = "none"; } ];
DKIM = kurisuDKIM;
subdomains =
hosted
// cnames
// {
ns01 = {
A = [ "51.178.27.125" ];
AAAA = [ "2001:41d0:305:2100::542c" ];
};
ns02 = {
A = [ "163.172.69.160" ];
AAAA = [ "2001:bc8:38ee::1" ];
};
}
// {
infra = {
MX = map (ttl 3600) [ (mx.mx 10 "kurisu.lahfa.xyz.") ];
TXT = [ (spf.strict [ "a:kurisu.lahfa.xyz" ]) ];
DMARC = [ { p = "none"; } ];
DKIM = kurisuDKIM;
subdomains = mapAttrs' (
host:
{ site, ... }:
nameValuePair "${host}.${site}" (
with meta.network.${host}.addresses;
{
A = ipv4;
AAAA = ipv6;
subdomains = {
v4.A = ipv4;
v6.AAAA = ipv6;
};
}
)
) meta.nodes;
};
};
}

View file

@ -1,34 +1,4 @@
{
bridge01 = {
hostId = "f57f3ba0";
interfaces = { };
netbirdIp = null;
};
compute01 = {
interfaces = {
eno1 = {
ipv4 = [
{
address = "129.199.146.147";
prefixLength = 24;
}
{
address = "192.168.1.147";
prefixLength = 24;
}
];
gateways = [ "129.199.146.254" ];
enableDefaultDNS = true;
};
};
hostId = "8df60941";
netbirdIp = "100.80.75.197";
};
krz01 = {
interfaces = {
eno1 = {
@ -51,157 +21,4 @@
hostId = "bd11e8fc";
netbirdIp = "100.80.103.206";
};
geo01 = {
interfaces = {
eno1 = {
ipv4 = [
{
address = "129.199.210.194";
prefixLength = 24;
}
];
gateways = [ "129.199.210.254" ];
dns = [
"129.199.96.11"
"129.199.72.99"
];
};
};
hostId = "b88fee0c";
netbirdIp = "100.80.8.66";
};
geo02 = {
interfaces = {
eno1 = {
ipv4 = [
{
address = "129.199.210.69";
prefixLength = 24;
}
];
gateways = [ "129.199.210.254" ];
dns = [
"129.199.96.11"
"129.199.72.99"
];
};
};
hostId = "45d65237";
netbirdIp = "100.80.233.249";
};
storage01 = {
interfaces = {
eno1 = {
ipv4 = [
{
address = "129.199.146.148";
prefixLength = 24;
}
{
address = "192.168.1.148";
prefixLength = 24;
}
];
gateways = [ "129.199.146.254" ];
enableDefaultDNS = true;
};
};
hostId = "d4e7c369";
netbirdIp = "100.80.156.154";
};
vault01 = {
interfaces = {
vlan-uplink-cri = {
ipv4 = [
{
# see also machines/vault01/networking.nix
address = "129.199.195.129";
prefixLength = 32;
}
];
gateways = [ ];
enableDefaultDNS = true;
};
};
hostId = "e83b600d";
netbirdIp = "100.80.255.180";
};
web01 = {
interfaces = {
ens3 = {
ipv4 = [
{
address = "129.199.129.53";
prefixLength = 24;
}
];
gateways = [ "129.199.129.1" ];
enableDefaultDNS = true;
};
};
hostId = "050df79e";
netbirdIp = "100.80.77.90";
};
web02 = {
interfaces = {
ens3 = {
ipv4 = [
{
address = "129.199.129.235";
prefixLength = 24;
}
];
gateways = [ "129.199.129.1" ];
enableDefaultDNS = true;
};
};
hostId = "b431ca10";
netbirdIp = null; # web02 is not to be connected on the VPN
};
rescue01 = {
interfaces = {
ens18 = {
ipv6 = [
{
address = "2a01:e0a:de4:a0e1:2d73:2a7e:18db:5728";
prefixLength = 64;
}
];
ipv4 = [
{
address = "192.168.0.232";
prefixLength = 21;
}
];
gateways = [ "192.168.0.1" ];
enableDefaultDNS = true;
};
};
addresses.ipv4 = [ "82.67.34.230" ];
hostId = "007f0200";
netbirdIp = "100.80.97.140";
};
}

View file

@ -19,66 +19,6 @@
- luj01 -> VM de Luj
*/
{
bridge01 = {
site = "hyp01";
hashedPassword = "$y$j9T$EPJdz70kselouXAVUmAH01$8nYbUBY9NPTMfYigegY0qFSdxJwhqzW8sFacDqEYCP5";
stateVersion = "24.05";
adminGroups = [ "fai" ];
deployment = {
targetHost = "fd26:baf9:d250:8000::ffff";
sshOptions = [
"-J"
"root@vault01.hyp01.infra.dgnum.eu"
];
};
};
web01 = {
site = "rat01";
deployment.tags = [ "web" ];
hashedPassword = "$y$j9T$9YqXO93VJE/GP3z8Sh4h51$hrBsEPL2O1eP/wBZTrNT8XV906V4JKbQ0g04IWBcyd2";
stateVersion = "23.05";
vm-cluster = "Hyperviseur NPS";
nixpkgs = "24.05";
};
compute01 = {
site = "pav01";
hashedPassword = "$y$j9T$2nxZHq84G7fWvWMEaGavE/$0ADnmD9qMpXJJ.rWWH9086EakvZ3wAg0mSxZYugOf3C";
stateVersion = "23.05";
nix-modules = [ "services/stirling-pdf" ];
nixpkgs = "24.05";
};
geo01 = {
site = "oik01";
deployment.tags = [ "geo" ];
hashedPassword = "$y$j9T$2XmDpJu.QLhV57yYCh5Lf1$LK.X0HKB02Q0Ujvhj5nIofW2IRrIAL/Uxnvl9AXM1L8";
stateVersion = "24.05";
nixpkgs = "24.05";
};
geo02 = {
site = "oik01";
deployment.tags = [ "geo" ];
hashedPassword = "$y$j9T$Q4fbMpSm9beWu4DPNAR9t0$dx/1pH4GPY72LpS5ZiECXAZFDdxwmIywztsX.qo2VVA";
stateVersion = "24.05";
nixpkgs = "24.05";
};
krz01 = {
site = "pav01";
@ -87,51 +27,5 @@
stateVersion = "24.05";
nixpkgs = "unstable";
adminGroups = [ "lab" ];
};
storage01 = {
site = "pav01";
hashedPassword = "$y$j9T$tvRu1EJ9MwDSvEm0ogwe70$bKSw6nNteN0L3NOy2Yix7KlIvO/oROQmQ.Ynq002Fg8";
stateVersion = "23.11";
nixpkgs = "24.05";
nix-modules = [ "services/forgejo-nix-runners" ];
};
vault01 = {
site = "hyp01";
deployment.targetHost = "vault01.hyp01.infra.dgnum.eu";
hashedPassword = "$y$j9T$5osXVNxCDxu3jIndcyh7G.$UrjiDRpMu3W59tKHLGNdLWllZh.4p8IM4sBS5SrNrN1";
stateVersion = "23.11";
nixpkgs = "24.05";
adminGroups = [ "fai" ];
};
web02 = {
site = "rat01";
hashedPassword = "$y$j9T$p42UVNy78PykkQOjPwXNJ/$B/zCUOrHXVSFGUY63wnViMiSmU2vCWsiX0y62qqgNQ5";
stateVersion = "24.05";
nixpkgs = "24.05";
vm-cluster = "Hyperviseur NPS";
};
rescue01 = {
site = "luj01";
deployment.targetHost = "v6.rescue01.luj01.infra.dgnum.eu";
hashedPassword = "$y$j9T$nqoMMu/axrD0m8AlUFdbs.$UFVmIdPAOHBe2jJv5HJJTcDgINC7LTnSGRQNs9zS1mC";
stateVersion = "23.11";
vm-cluster = "Hyperviseur Luj";
};
}

View file

@ -70,39 +70,6 @@ in
Groups of the DGNum organization.
'';
};
external = mkOption {
type = attrsOf (listOf str);
description = ''
External services used by the DGNum organization.
'';
};
services = mkOption {
type = attrsOf (submodule {
options = {
admins = mkOption {
type = listOf str;
default = [ ];
description = ''
List of administrators of the service.
'';
};
adminGroups = mkOption {
type = listOf str;
default = [ ];
description = ''
List of administrator groups of the service.
'';
};
};
});
description = ''
Administrator access of the different DGNum services,
it is mainly indicative as most services cannot configure this statically.
'';
};
};
nodes = mkOption {
@ -360,21 +327,6 @@ in
extract "adminGroups" config.nodes
))
# Check that all services admins exist
(membersExists (name: "A member of the service ${name} admins was not found in the members list.") (
extract "admins" org.services
))
# Check that all services adminGroups exist
(groupsExists (
name: "A member of the service ${name} adminGroups was not found in the groups list."
) (extract "adminGroups" org.services))
# Check that all external services admins exist
(membersExists (
name: "A member of the external service ${name} admins was not found in the members list."
) org.external)
# Check that all members have ssh keys
(builtins.map (name: {
assertion = ((import ../keys)._keys.${name} or [ ]) != [ ];

View file

@ -10,6 +10,11 @@
email = "catvayor@dgnum.eu";
};
cst1 = {
name = "Constantin Gierczak--Galle";
email = "cst1@dgnum.eu";
};
ecoppens = {
name = "Elias Coppens";
email = "ecoppens@dgnum.eu";
@ -48,52 +53,10 @@
"raito"
"mdebray"
"luj"
];
# members of this group are root on the fai infrastructure
fai = [
"catvayor"
"ecoppens"
"cst1"
];
lab = [
"catvayor"
"ecoppens"
];
};
external = {
dns = [
"thubrecht"
"raito"
];
email = [ "raito" ];
irc = [ "raito" ];
};
services = {
# Démarches Normaliennes
ds-fr.admins = [
"thubrecht"
"jemagius"
];
# Cloud DGNum
nextcloud.admins = [
"thubrecht"
"raito"
];
# Netbox DGNum
netbox.adminGroups = [
"root"
"fai"
];
# Videos DGNum
peertube.admins = [ "thubrecht" ];
};
}

View file

@ -3,8 +3,6 @@
let
sources = import ../npins;
pkgs = import sources.nixpkgs { };
dns = import sources."dns.nix" { inherit pkgs; };
in
{
@ -22,15 +20,4 @@ in
else
pkgs.writers.writeJSON "meta.json" config;
dns = dns.util.writeZone "dgnum.eu" (
pkgs.lib.recursiveUpdate { SOA.serial = 0; } (
import ./dns.nix {
inherit dns;
lib = pkgs.lib // {
extra = import ../lib/nix-lib;
};
}
)
);
}