From a1a4eedd72ca264aea483dcd165d1a3d45f1d1d6 Mon Sep 17 00:00:00 2001 From: Constantin Gierczak--Galle Date: Fri, 22 Nov 2024 21:52:30 +0100 Subject: [PATCH 01/13] feat(dns01): add nodes subdomains --- machines/dns01/beta.dgnum.eu.nix | 35 ++++++++++++++++++++++++++++++-- 1 file changed, 33 insertions(+), 2 deletions(-) diff --git a/machines/dns01/beta.dgnum.eu.nix b/machines/dns01/beta.dgnum.eu.nix index 44d903d..d7129c3 100644 --- a/machines/dns01/beta.dgnum.eu.nix +++ b/machines/dns01/beta.dgnum.eu.nix @@ -3,9 +3,11 @@ with dns.lib.combinators; { SOA = { - nameServer = "ns1"; - adminEmail = "webmaster@dgnum.eu"; + nameServer = "ns01.beta.dgnum.eu"; + adminEmail = "dns@dgnum.eu"; serial = 2019030800; + retry = 3600; + minimum = 300; }; NS = [ @@ -16,7 +18,36 @@ with dns.lib.combinators; #AAAA = [ "4321:0:1:2:3:4:567:89ab" ]; subdomains = { + # Hosted services + # NOTE: for now manually supplied, in the future automatically filled in photoprism = host "129.199.146.101" null; immich = host "129.199.146.101" null; + + # Nameservers + # TODO: fill this in + ns01 = host "" null; + + # *.infra.beta.dgnum.eu + infra = { + subdomains = mapAttrs' ( + host: + { site, ... }: + # NOTE: Originally "${host}.${site}" + # I think it makes sense to ditch the site info in the case of the lab + nameValuePair "${host}" ( + with meta.network.${host}.addresses; + { + A = ipv4; + # FIXME: Enable ipv6 in all VM nodes + + #AAAA = ipv6; + subdomains = { + v4.A = ipv4; + #v6.AAAA = ipv6; + }; + } + ) + ) meta.nodes; + }; }; } -- 2.47.0 From 28c5c5998fa118b4d050df31082b3d9fca8c619e Mon Sep 17 00:00:00 2001 From: Constantin Gierczak--Galle Date: Fri, 22 Nov 2024 21:53:40 +0100 Subject: [PATCH 02/13] fix(dns01): fmt --- machines/dns01/beta.dgnum.eu.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/machines/dns01/beta.dgnum.eu.nix b/machines/dns01/beta.dgnum.eu.nix index d7129c3..0b14597 100644 --- a/machines/dns01/beta.dgnum.eu.nix +++ b/machines/dns01/beta.dgnum.eu.nix @@ -31,7 +31,7 @@ with dns.lib.combinators; infra = { subdomains = mapAttrs' ( host: - { site, ... }: + { ... }: # NOTE: Originally "${host}.${site}" # I think it makes sense to ditch the site info in the case of the lab nameValuePair "${host}" ( -- 2.47.0 From a87d2160d4ca9cc30121a92dbdaafcfe3e588825 Mon Sep 17 00:00:00 2001 From: Constantin Gierczak--Galle Date: Fri, 22 Nov 2024 21:54:00 +0100 Subject: [PATCH 03/13] fix(dns01): fmt --- machines/dns01/beta.dgnum.eu.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/machines/dns01/beta.dgnum.eu.nix b/machines/dns01/beta.dgnum.eu.nix index 0b14597..d57466b 100644 --- a/machines/dns01/beta.dgnum.eu.nix +++ b/machines/dns01/beta.dgnum.eu.nix @@ -31,7 +31,7 @@ with dns.lib.combinators; infra = { subdomains = mapAttrs' ( host: - { ... }: + { _ }: # NOTE: Originally "${host}.${site}" # I think it makes sense to ditch the site info in the case of the lab nameValuePair "${host}" ( -- 2.47.0 From 5ba783f724c7f2c5ee2a26ec00cb56b8668012b5 Mon Sep 17 00:00:00 2001 From: Constantin Gierczak--Galle Date: Fri, 22 Nov 2024 22:16:04 +0100 Subject: [PATCH 04/13] fix(dns01): import lib and meta --- machines/dns01/beta.dgnum.eu.nix | 14 ++++++++------ machines/dns01/nsd.nix | 5 +++-- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/machines/dns01/beta.dgnum.eu.nix b/machines/dns01/beta.dgnum.eu.nix index d57466b..804961b 100644 --- a/machines/dns01/beta.dgnum.eu.nix +++ b/machines/dns01/beta.dgnum.eu.nix @@ -1,5 +1,9 @@ -{ dns, ... }: +{ dns, lib, ... }: +let + inherit (lib) mapAttrs' nameValuePair; + meta = (import ./../../meta) lib; +in with dns.lib.combinators; { SOA = { @@ -25,16 +29,14 @@ with dns.lib.combinators; # Nameservers # TODO: fill this in - ns01 = host "" null; + #ns01 = host "" null; # *.infra.beta.dgnum.eu infra = { subdomains = mapAttrs' ( host: - { _ }: - # NOTE: Originally "${host}.${site}" - # I think it makes sense to ditch the site info in the case of the lab - nameValuePair "${host}" ( + { site, ... }: + nameValuePair "${host}.${site}" ( with meta.network.${host}.addresses; { A = ipv4; diff --git a/machines/dns01/nsd.nix b/machines/dns01/nsd.nix index 41f4ec8..a697d2f 100644 --- a/machines/dns01/nsd.nix +++ b/machines/dns01/nsd.nix @@ -1,4 +1,4 @@ -{ sources, ... }: +{ sources, lib, ... }: let dns = import sources.dns-nix { }; @@ -10,7 +10,8 @@ in "beta.dgnum.eu" = { # provideXFR = [ ... ]; # notify = [ ... ]; - data = dns.lib.toString "beta.dgnum.eu" (import ./beta.dgnum.eu.nix { inherit dns; }); + data = dns.lib.toString "beta.dgnum.eu" (import ./beta.dgnum.eu.nix { + inherit dns lib; }); }; }; }; -- 2.47.0 From 1456cf626ebea7d5aaaa8996e1db70f7d0ef4144 Mon Sep 17 00:00:00 2001 From: Constantin Gierczak--Galle Date: Fri, 22 Nov 2024 22:16:22 +0100 Subject: [PATCH 05/13] style(dns01): fmt --- machines/dns01/beta.dgnum.eu.nix | 2 +- machines/dns01/nsd.nix | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/machines/dns01/beta.dgnum.eu.nix b/machines/dns01/beta.dgnum.eu.nix index 804961b..9171c14 100644 --- a/machines/dns01/beta.dgnum.eu.nix +++ b/machines/dns01/beta.dgnum.eu.nix @@ -1,6 +1,6 @@ { dns, lib, ... }: -let +let inherit (lib) mapAttrs' nameValuePair; meta = (import ./../../meta) lib; in diff --git a/machines/dns01/nsd.nix b/machines/dns01/nsd.nix index a697d2f..323e417 100644 --- a/machines/dns01/nsd.nix +++ b/machines/dns01/nsd.nix @@ -10,8 +10,7 @@ in "beta.dgnum.eu" = { # provideXFR = [ ... ]; # notify = [ ... ]; - data = dns.lib.toString "beta.dgnum.eu" (import ./beta.dgnum.eu.nix { - inherit dns lib; }); + data = dns.lib.toString "beta.dgnum.eu" (import ./beta.dgnum.eu.nix { inherit dns lib; }); }; }; }; -- 2.47.0 From 5d424ea21708462ddd9ec8857d975adca9b2d6e0 Mon Sep 17 00:00:00 2001 From: Constantin Gierczak--Galle Date: Fri, 22 Nov 2024 23:50:21 +0100 Subject: [PATCH 06/13] feat(dns01): add beta NS --- machines/dns01/beta.dgnum.eu.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/machines/dns01/beta.dgnum.eu.nix b/machines/dns01/beta.dgnum.eu.nix index 9171c14..e08c248 100644 --- a/machines/dns01/beta.dgnum.eu.nix +++ b/machines/dns01/beta.dgnum.eu.nix @@ -15,7 +15,8 @@ with dns.lib.combinators; }; NS = [ - # TODO: add nameservers with GLUE and everything + "ns01.beta.dgnum.eu." + "ns02.beta.dgnum.eu." ]; #A = [ "203.0.113.1" ]; -- 2.47.0 From 45f573f917818c82aedbf678788577dba6b55da9 Mon Sep 17 00:00:00 2001 From: Constantin Gierczak--Galle Date: Fri, 6 Dec 2024 14:43:40 +0100 Subject: [PATCH 07/13] feat(dns01): enable ipv6 for all lab hosts --- machines/dns01/beta.dgnum.eu.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/machines/dns01/beta.dgnum.eu.nix b/machines/dns01/beta.dgnum.eu.nix index e08c248..7ab07c7 100644 --- a/machines/dns01/beta.dgnum.eu.nix +++ b/machines/dns01/beta.dgnum.eu.nix @@ -41,12 +41,11 @@ with dns.lib.combinators; with meta.network.${host}.addresses; { A = ipv4; - # FIXME: Enable ipv6 in all VM nodes + AAAA = ipv6; - #AAAA = ipv6; subdomains = { v4.A = ipv4; - #v6.AAAA = ipv6; + v6.AAAA = ipv6; }; } ) -- 2.47.0 From a13acaedffc6cafe4afdd4f44308c6330df7f6d2 Mon Sep 17 00:00:00 2001 From: Constantin Gierczak--Galle Date: Fri, 6 Dec 2024 14:44:40 +0100 Subject: [PATCH 08/13] feat(dns01): switch to lab.dgnum.eu subdomain --- machines/dns01/{beta.dgnum.eu.nix => lab.dgnum.eu.nix} | 6 +++--- machines/dns01/nsd.nix | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) rename machines/dns01/{beta.dgnum.eu.nix => lab.dgnum.eu.nix} (91%) diff --git a/machines/dns01/beta.dgnum.eu.nix b/machines/dns01/lab.dgnum.eu.nix similarity index 91% rename from machines/dns01/beta.dgnum.eu.nix rename to machines/dns01/lab.dgnum.eu.nix index 7ab07c7..4fb137c 100644 --- a/machines/dns01/beta.dgnum.eu.nix +++ b/machines/dns01/lab.dgnum.eu.nix @@ -7,7 +7,7 @@ in with dns.lib.combinators; { SOA = { - nameServer = "ns01.beta.dgnum.eu"; + nameServer = "ns01.lab.dgnum.eu"; adminEmail = "dns@dgnum.eu"; serial = 2019030800; retry = 3600; @@ -15,8 +15,8 @@ with dns.lib.combinators; }; NS = [ - "ns01.beta.dgnum.eu." - "ns02.beta.dgnum.eu." + "ns01.lab.dgnum.eu." + "ns02.lab.dgnum.eu." ]; #A = [ "203.0.113.1" ]; diff --git a/machines/dns01/nsd.nix b/machines/dns01/nsd.nix index 323e417..3bd7752 100644 --- a/machines/dns01/nsd.nix +++ b/machines/dns01/nsd.nix @@ -7,10 +7,10 @@ in services.nsd = { enable = true; zones = { - "beta.dgnum.eu" = { + "lab.dgnum.eu" = { # provideXFR = [ ... ]; # notify = [ ... ]; - data = dns.lib.toString "beta.dgnum.eu" (import ./beta.dgnum.eu.nix { inherit dns lib; }); + data = dns.lib.toString "lab.dgnum.eu" (import ./lab.dgnum.eu.nix { inherit dns lib; }); }; }; }; -- 2.47.0 From a920521527cf60ca3d45df2942ad3609edb4f8db Mon Sep 17 00:00:00 2001 From: Constantin Gierczak--Galle Date: Sat, 7 Dec 2024 10:44:26 +0100 Subject: [PATCH 09/13] fix(dns01): override deployment target to ipv4 --- machines/dns01/_configuration.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/machines/dns01/_configuration.nix b/machines/dns01/_configuration.nix index a0a1de7..7531250 100644 --- a/machines/dns01/_configuration.nix +++ b/machines/dns01/_configuration.nix @@ -10,7 +10,10 @@ lib.extra.mkConfig { "nsd" ]; - extraConfig = { }; + extraConfig = { + # TODO: retrieve this address from meta/network.nix + deployment.targetHost = "45.13.104.26"; + }; root = ./.; } -- 2.47.0 From 3e39ba8862125edfdeae98426e0e7d69a8a1c652 Mon Sep 17 00:00:00 2001 From: Constantin Gierczak--Galle Date: Sat, 7 Dec 2024 10:45:52 +0100 Subject: [PATCH 10/13] fixup! fix(dns01): override deployment target to ipv4 --- machines/dns01/_configuration.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/machines/dns01/_configuration.nix b/machines/dns01/_configuration.nix index 7531250..0a3c5f5 100644 --- a/machines/dns01/_configuration.nix +++ b/machines/dns01/_configuration.nix @@ -10,8 +10,8 @@ lib.extra.mkConfig { "nsd" ]; - extraConfig = { - # TODO: retrieve this address from meta/network.nix + extraConfig = { + # TODO : retrieve this address from meta/network.nix deployment.targetHost = "45.13.104.26"; }; -- 2.47.0 From e7ed143c7b6309d596645c74f17476ce999eb482 Mon Sep 17 00:00:00 2001 From: Constantin Gierczak--Galle Date: Sat, 7 Dec 2024 11:06:30 +0100 Subject: [PATCH 11/13] feat(dns01): setup NS address --- machines/dns01/lab.dgnum.eu.nix | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/machines/dns01/lab.dgnum.eu.nix b/machines/dns01/lab.dgnum.eu.nix index 4fb137c..ddd7d8f 100644 --- a/machines/dns01/lab.dgnum.eu.nix +++ b/machines/dns01/lab.dgnum.eu.nix @@ -7,7 +7,7 @@ in with dns.lib.combinators; { SOA = { - nameServer = "ns01.lab.dgnum.eu"; + nameServer = "dns01.lab.dgnum.eu"; adminEmail = "dns@dgnum.eu"; serial = 2019030800; retry = 3600; @@ -15,8 +15,7 @@ with dns.lib.combinators; }; NS = [ - "ns01.lab.dgnum.eu." - "ns02.lab.dgnum.eu." + "dns01.lab.dgnum.eu." ]; #A = [ "203.0.113.1" ]; @@ -29,8 +28,7 @@ with dns.lib.combinators; immich = host "129.199.146.101" null; # Nameservers - # TODO: fill this in - #ns01 = host "" null; + dns01 = host "45.13.104.26" "2a0e:e701:1120:1000:ffff::45.13.104.26"; # *.infra.beta.dgnum.eu infra = { -- 2.47.0 From 3f67794ffafd3dc095d2d412ebbd9497eeaa971a Mon Sep 17 00:00:00 2001 From: Constantin Gierczak--Galle Date: Sat, 7 Dec 2024 12:52:17 +0100 Subject: [PATCH 12/13] fix(dns01): open ports and bind to interface --- machines/dns01/_configuration.nix | 7 +++++++ machines/dns01/lab.dgnum.eu.nix | 6 +++--- machines/dns01/nsd.nix | 7 ++----- 3 files changed, 12 insertions(+), 8 deletions(-) diff --git a/machines/dns01/_configuration.nix b/machines/dns01/_configuration.nix index 0a3c5f5..2c5066d 100644 --- a/machines/dns01/_configuration.nix +++ b/machines/dns01/_configuration.nix @@ -13,6 +13,13 @@ lib.extra.mkConfig { extraConfig = { # TODO : retrieve this address from meta/network.nix deployment.targetHost = "45.13.104.26"; + networking.firewall = { + enable = true; + logRefusedConnections = lib.mkForce true; + logRefusedPackets = lib.mkForce true; + allowedTCPPorts = [ 53 ]; + allowedUDPPorts = [ 53 ]; + }; }; root = ./.; diff --git a/machines/dns01/lab.dgnum.eu.nix b/machines/dns01/lab.dgnum.eu.nix index ddd7d8f..2ba4aec 100644 --- a/machines/dns01/lab.dgnum.eu.nix +++ b/machines/dns01/lab.dgnum.eu.nix @@ -7,7 +7,7 @@ in with dns.lib.combinators; { SOA = { - nameServer = "dns01.lab.dgnum.eu"; + nameServer = "ns01.lab.dgnum.eu"; adminEmail = "dns@dgnum.eu"; serial = 2019030800; retry = 3600; @@ -15,7 +15,7 @@ with dns.lib.combinators; }; NS = [ - "dns01.lab.dgnum.eu." + "ns01.lab.dgnum.eu." ]; #A = [ "203.0.113.1" ]; @@ -28,7 +28,7 @@ with dns.lib.combinators; immich = host "129.199.146.101" null; # Nameservers - dns01 = host "45.13.104.26" "2a0e:e701:1120:1000:ffff::45.13.104.26"; + ns01 = host "45.13.104.26" "2a0e:e701:1120:1000:ffff::45.13.104.26"; # *.infra.beta.dgnum.eu infra = { diff --git a/machines/dns01/nsd.nix b/machines/dns01/nsd.nix index 3bd7752..4ec0a00 100644 --- a/machines/dns01/nsd.nix +++ b/machines/dns01/nsd.nix @@ -6,6 +6,8 @@ in { services.nsd = { enable = true; + verbosity = 1000; + interfaces = [ "2a0e:e701:1120:1000:ffff::45.13.104.26" ]; zones = { "lab.dgnum.eu" = { # provideXFR = [ ... ]; @@ -14,9 +16,4 @@ in }; }; }; - networking = { - firewall = { - allowedUDPPorts = [ 53 ]; - }; - }; } -- 2.47.0 From 2121417eab451b8239e36c3c05bf8ea2ae4f690b Mon Sep 17 00:00:00 2001 From: Constantin Gierczak--Galle Date: Sat, 7 Dec 2024 12:52:37 +0100 Subject: [PATCH 13/13] fixup! fix(dns01): open ports and bind to interface --- machines/dns01/lab.dgnum.eu.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/machines/dns01/lab.dgnum.eu.nix b/machines/dns01/lab.dgnum.eu.nix index 2ba4aec..054ae9d 100644 --- a/machines/dns01/lab.dgnum.eu.nix +++ b/machines/dns01/lab.dgnum.eu.nix @@ -14,9 +14,7 @@ with dns.lib.combinators; minimum = 300; }; - NS = [ - "ns01.lab.dgnum.eu." - ]; + NS = [ "ns01.lab.dgnum.eu." ]; #A = [ "203.0.113.1" ]; #AAAA = [ "4321:0:1:2:3:4:567:89ab" ]; -- 2.47.0