feat(dns01): init zone config

2024-11-22 15:13:50 +01:00 · 2024-11-22 15:13:50 +01:00 · c428e0288a
commit c428e0288a
parent 1568689e73
7 changed files with 67 additions and 11 deletions
--- a/machines/dns01/_configuration.nix
+++ b/machines/dns01/_configuration.nix
@ -7,10 +7,15 @@ lib.extra.mkConfig {

  enabledServices = [
    # List of services to enable
-    "dns"
+    "nsd"
  ];

-  extraConfig = { };
+  extraConfig = {
+    users.users.root.openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDMBW7rTtfZL9wtrpCVgariKdpN60/VeAzXkh9w3MwbO julien@enigma"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKrijwPlb7KQkYPLznMPVzPPT69cLzhEsJzZi9tmxzTh cst1@x270"
+    ];
+  };

  root = ./.;
 }
--- a/machines/dns01/beta.dgnum.eu.nix
+++ b/machines/dns01/beta.dgnum.eu.nix
@ -0,0 +1,22 @@
+{ dns, ... }:
+
+with dns.lib.combinators;
+{
+  SOA = {
+    nameServer = "ns1";
+    adminEmail = "webmaster@dgnum.eu";
+    serial = 2019030800;
+  };
+
+  NS = [
+    # TODO: add nameservers with GLUE and everything
+  ];
+
+  #A = [ "203.0.113.1" ];
+  #AAAA = [ "4321:0:1:2:3:4:567:89ab" ];
+
+  subdomains = {
+    photoprism = host "129.199.146.101" "";
+    immich = host "129.199.146.101" "";
+  };
+}
--- a/machines/dns01/dns.nix
+++ b/machines/dns01/dns.nix
@ -1,8 +0,0 @@
-{
-  networking = {
-    firewall = {
-      allowedUDPPorts = [ 53 ];
-    };
-  };
-}
-
--- a/machines/dns01/nsd.nix
+++ b/machines/dns01/nsd.nix
@ -0,0 +1,21 @@
+{ dns, ... }:
+
+{
+  services.nsd = {
+    enable = true;
+    zones = {
+      "beta.dgnum.eu" = {
+        # provideXFR = [ ... ];
+        # notify = [ ... ];
+        data = dns.lib.toString "beta.dgnum.eu" (import ./beta.dgnum.eu.nix { inherit dns; });
+      };
+    };
+  };
+  networking = {
+    firewall = {
+      allowedUDPPorts = [
+        53
+      ];
+    };
+  };
+}
--- a/machines/dns01/secrets/secrets.nix
+++ b/machines/dns01/secrets/secrets.nix
@ -1,3 +1,3 @@
-(import ../../../keys).mkSecrets [ "router02" ] [
+(import ../../../keys).mkSecrets [ "dns01" ] [
  # List of secrets for router02
 ]
--- a/meta/network.nix
+++ b/meta/network.nix
@ -1,4 +1,11 @@
 {
+  dns01 = {
+    interfaces = { };
+
+    addresses.ipv4 = [ "129.199.146.102" ];
+
+    hostId = "1758233d";
+  };
  krz01 = {
    interfaces = {
      vmbr0 = {
--- a/meta/nodes.nix
+++ b/meta/nodes.nix
@ -19,6 +19,15 @@
  - luj01 -> VM de Luj
 */
 {
+  dns01 = {
+    site = "pav01";
+
+    # TODO: 
+    hashedPassword = "$y$j9T$eNZQgDN.J5y7KTG2hXgat1$J1i5tjx5dnSZu.C9B7swXi5zMFIkUnmRrnmyLHFAt8/";
+
+    stateVersion = "24.05";
+    nixpkgs = "24.05";
+  };
  krz01 = {
    site = "pav01";