From 9b5c6848c0291ee3593034ffac7bd9dfb518be78 Mon Sep 17 00:00:00 2001 From: Constantin Gierczak--Galle Date: Wed, 4 Dec 2024 18:07:34 +0100 Subject: [PATCH 1/3] feat(dns01): use infra-wide network config (#6) Reviewed-on: https://git.dgnum.eu/DGNum/lab-infra/pulls/6 Co-authored-by: Constantin Gierczak--Galle Co-committed-by: Constantin Gierczak--Galle --- machines/dns01/_configuration.nix | 25 +------------------------ meta/network.nix | 16 ++++++++++++++-- 2 files changed, 15 insertions(+), 26 deletions(-) diff --git a/machines/dns01/_configuration.nix b/machines/dns01/_configuration.nix index 897fd2b..a0a1de7 100644 --- a/machines/dns01/_configuration.nix +++ b/machines/dns01/_configuration.nix @@ -10,30 +10,7 @@ lib.extra.mkConfig { "nsd" ]; - extraConfig = { - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDMBW7rTtfZL9wtrpCVgariKdpN60/VeAzXkh9w3MwbO julien@enigma" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKrijwPlb7KQkYPLznMPVzPPT69cLzhEsJzZi9tmxzTh cst1@x270" - ]; - systemd.network = { - config.routeTables = { - he = 100; - mwan = 110; - }; - networks = { - "10-ens18" = { - name = "ens18"; - - networkConfig = { - Description = "ENS uplink"; - Address = [ "129.199.146.102/24" ]; - Gateway = "129.199.146.254"; - LLDP = true; - }; - }; - }; - }; - }; + extraConfig = { }; root = ./.; } diff --git a/meta/network.nix b/meta/network.nix index 62c03f2..e1b8c2f 100644 --- a/meta/network.nix +++ b/meta/network.nix @@ -1,8 +1,20 @@ { dns01 = { - interfaces = { }; + interfaces = { + ens18 = { + ipv4 = [ + { + address = "129.199.146.102"; + prefixLength = 24; + } + ]; - addresses.ipv4 = [ "129.199.146.102" ]; + gateways = [ "129.199.146.254" ]; + enableDefaultDNS = true; + }; + }; + + #addresses.ipv4 = [ "129.199.146.102" ]; hostId = "1758233d"; }; From 51aaa9a80d521ee6cac4f4d55cd61aae5303b00b Mon Sep 17 00:00:00 2001 From: Constantin Gierczak--Galle Date: Thu, 5 Dec 2024 09:39:28 +0100 Subject: [PATCH 2/3] feat(dns01): switch to milkywan network (#7) Reviewed-on: https://git.dgnum.eu/DGNum/lab-infra/pulls/7 Co-authored-by: Constantin Gierczak--Galle Co-committed-by: Constantin Gierczak--Galle --- REGISTRY.md | 2 +- meta/network.nix | 12 +++++------- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/REGISTRY.md b/REGISTRY.md index 53abfb0..04d788a 100644 --- a/REGISTRY.md +++ b/REGISTRY.md @@ -22,7 +22,7 @@ Routé via SIIT sur le vlan mwan-siit (2520) | IP | Attribution | Mainteneur | |----|-------------|------------| | `.25` | `labcore01` | Maurice | -| `.26` | | | +| `.26` | `dns01` | cst1 | | `.27` | | | | `.28` | | | | `.29` | | | diff --git a/meta/network.nix b/meta/network.nix index e1b8c2f..a9dff58 100644 --- a/meta/network.nix +++ b/meta/network.nix @@ -2,20 +2,18 @@ dns01 = { interfaces = { ens18 = { - ipv4 = [ + ipv6 = [ { - address = "129.199.146.102"; - prefixLength = 24; + address = "2a0e:e701:1120:1000:ffff::45.13.104.26"; + prefixLength = 64; } ]; - gateways = [ "129.199.146.254" ]; - enableDefaultDNS = true; + gateways = [ "2a0e:e701:1120:1000::1" ]; + dns = [ "2a0e:e701:1120:1000::f:1" ]; }; }; - #addresses.ipv4 = [ "129.199.146.102" ]; - hostId = "1758233d"; }; krz01 = { From 1f82719dcb8c040bf91c3539565c2b4da4be73a7 Mon Sep 17 00:00:00 2001 From: Constantin Gierczak--Galle Date: Fri, 6 Dec 2024 14:29:26 +0100 Subject: [PATCH 3/3] feat(homebox01): init (#8) Reviewed-on: https://git.dgnum.eu/DGNum/lab-infra/pulls/8 Co-authored-by: Constantin Gierczak--Galle Co-committed-by: Constantin Gierczak--Galle --- machines/homebox01/_configuration.nix | 24 +++++++++++++ .../homebox01/_hardware-configuration.nix | 34 +++++++++++++++++++ machines/homebox01/homebox.nix | 14 ++++++++ machines/homebox01/nginx.nix | 10 ++++++ machines/homebox01/secrets/secrets.nix | 3 ++ meta/network.nix | 17 ++++++++++ meta/nodes.nix | 8 +++++ 7 files changed, 110 insertions(+) create mode 100644 machines/homebox01/_configuration.nix create mode 100644 machines/homebox01/_hardware-configuration.nix create mode 100644 machines/homebox01/homebox.nix create mode 100644 machines/homebox01/nginx.nix create mode 100644 machines/homebox01/secrets/secrets.nix diff --git a/machines/homebox01/_configuration.nix b/machines/homebox01/_configuration.nix new file mode 100644 index 0000000..f9617e1 --- /dev/null +++ b/machines/homebox01/_configuration.nix @@ -0,0 +1,24 @@ +{ lib, ... }: + +lib.extra.mkConfig { + enabledModules = [ + # List of modules to enable + ]; + + enabledServices = [ + # List of services to enable + "homebox" + "nginx" + ]; + + extraConfig = { + networking = { + firewall.allowedTCPPorts = [ + 80 + 443 + ]; + }; + }; + + root = ./.; +} diff --git a/machines/homebox01/_hardware-configuration.nix b/machines/homebox01/_hardware-configuration.nix new file mode 100644 index 0000000..8b0d66a --- /dev/null +++ b/machines/homebox01/_hardware-configuration.nix @@ -0,0 +1,34 @@ +{ lib, modulesPath, ... }: + +{ + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + + boot = { + loader.systemd-boot.enable = true; + initrd.kernelModules = [ ]; + kernelModules = [ ]; + extraModulePackages = [ ]; + initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "virtio_pci" + "virtio_scsi" + "sd_mod" + "sr_mod" + ]; + }; + + fileSystems."/" = { + device = "/dev/disk/by-partlabel/disk-sda-root"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-partlabel/disk-sda-ESP"; + fsType = "vfat"; + }; + + networking.useDHCP = lib.mkDefault false; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/machines/homebox01/homebox.nix b/machines/homebox01/homebox.nix new file mode 100644 index 0000000..566554c --- /dev/null +++ b/machines/homebox01/homebox.nix @@ -0,0 +1,14 @@ +{ + services.homebox = { + enable = true; + settings = { + HBOX_OPTIONS_ALLOW_REGISTRATION = "false"; + }; + }; + services.nginx.virtualHosts."homebox.cgiga.fr" = { + enableACME = true; + forceSSL = true; + serverAliases = [ ]; + locations."/".proxyPass = "http://localhost:7745/"; + }; +} diff --git a/machines/homebox01/nginx.nix b/machines/homebox01/nginx.nix new file mode 100644 index 0000000..b44aeaa --- /dev/null +++ b/machines/homebox01/nginx.nix @@ -0,0 +1,10 @@ +{ + services.nginx = { + enable = true; + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + recommendedProxySettings = true; + clientMaxBodySize = "500m"; + }; +} diff --git a/machines/homebox01/secrets/secrets.nix b/machines/homebox01/secrets/secrets.nix new file mode 100644 index 0000000..8167d7d --- /dev/null +++ b/machines/homebox01/secrets/secrets.nix @@ -0,0 +1,3 @@ +(import ../../../keys).mkSecrets [ "homebox01" ] [ + # List of secrets for router02 +] diff --git a/meta/network.nix b/meta/network.nix index a9dff58..9c4c3a1 100644 --- a/meta/network.nix +++ b/meta/network.nix @@ -16,6 +16,23 @@ hostId = "1758233d"; }; + homebox01 = { + interfaces = { + ens18 = { + ipv4 = [ + { + address = "129.199.146.102"; + prefixLength = 24; + } + ]; + + gateways = [ "129.199.146.254" ]; + enableDefaultDNS = true; + }; + }; + + hostId = "ef3bd5c0"; + }; krz01 = { interfaces = { vmbr0 = { diff --git a/meta/nodes.nix b/meta/nodes.nix index c73f6c4..1bdcafa 100644 --- a/meta/nodes.nix +++ b/meta/nodes.nix @@ -36,6 +36,14 @@ stateVersion = "24.05"; nixpkgs = "unstable"; }; + homebox01 = { + site = "pav01"; + + hashedPassword = "$y$j9T$eNZQgDN.J5y7KTG2hXgat1$J1i5tjx5dnSZu.C9B7swXi5zMFIkUnmRrnmyLHFAt8/"; + + stateVersion = "24.05"; + nixpkgs = "unstable"; + }; labcore01 = { site = "pav01";