diff --git a/flake.lock b/flake.lock index 47faa6b..a2b47a2 100644 --- a/flake.lock +++ b/flake.lock @@ -21,6 +21,27 @@ "type": "github" } }, + "dns": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1768143854, + "narHash": "sha256-E5/kyPz4zAZn/lZdvqlF83jMgCWNxmqYjjWuadngCbk=", + "owner": "kirelagin", + "repo": "dns.nix", + "rev": "a97cf4156e9f044fe4bed5be531061000dfabb07", + "type": "github" + }, + "original": { + "owner": "kirelagin", + "repo": "dns.nix", + "type": "github" + } + }, "ep3-bs": { "inputs": { "nixpkgs": [ @@ -43,6 +64,21 @@ } }, "flake-utils": { + "locked": { + "lastModified": 1614513358, + "narHash": "sha256-LakhOx3S1dRjnh0b5Dg3mbZyH0ToC9I8Y2wKSkBaTzU=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5466c5bbece17adaab2d82fae80b46e807611bf3", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { "inputs": { "systems": "systems_3" }, @@ -102,7 +138,7 @@ }, "microvm": { "inputs": { - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" ], @@ -225,6 +261,7 @@ "root": { "inputs": { "disko": "disko", + "dns": "dns", "ep3-bs": "ep3-bs", "home-manager": "home-manager", "mfsync": "mfsync", diff --git a/flake.nix b/flake.nix index 90300a6..decbc2c 100644 --- a/flake.nix +++ b/flake.nix @@ -13,6 +13,11 @@ disko.url = "github:nix-community/disko/latest"; disko.inputs.nixpkgs.follows = "nixpkgs"; + dns = { + url = "github:kirelagin/dns.nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + utils = { url = "github:numtide/flake-utils"; }; diff --git a/machines/hosts.nix b/machines/hosts.nix index 41dee83..4130a61 100644 --- a/machines/hosts.nix +++ b/machines/hosts.nix @@ -1,27 +1,53 @@ { ... }: { + #TODO: fix local 192.168.1.0/24 addresses they are just palceholders! malobeo = { hosts = { louise = { type = "host"; + network = { + local = true; + address = "192.168.1.11"; + }; }; bakunin = { type = "host"; + network = { + local = true; + address = "192.168.1.12"; + }; }; fanny = { type = "host"; + network = { + local = true; + address = "192.168.1.13"; + }; + }; + + ns1 = { + type = "host"; + network = { + local = true; + address = "192.168.1.14"; + }; }; lucia = { type = "rpi"; + network = { + local = true; + address = "192.168.1.15"; + }; }; durruti = { type = "microvm"; network = { + local = true; address = "10.0.0.5"; mac = "52:DA:0D:F9:EF:F9"; }; @@ -30,6 +56,7 @@ vpn = { type = "microvm"; network = { + local = true; address = "10.0.0.10"; mac = "D0:E5:CA:F0:D7:E6"; }; @@ -38,6 +65,7 @@ infradocs = { type = "microvm"; network = { + local = true; address = "10.0.0.11"; mac = "D0:E5:CA:F0:D7:E7"; }; @@ -46,6 +74,7 @@ uptimekuma = { type = "microvm"; network = { + local = true; address = "10.0.0.12"; mac = "D0:E5:CA:F0:D7:E8"; }; @@ -54,6 +83,7 @@ nextcloud = { type = "microvm"; network = { + local = true; address = "10.0.0.13"; mac = "D0:E5:CA:F0:D7:E9"; }; @@ -62,6 +92,7 @@ overwatch = { type = "microvm"; network = { + local = true; address = "10.0.0.14"; mac = "D0:E5:CA:F0:D7:E0"; }; @@ -70,14 +101,11 @@ zineshop = { type = "microvm"; network = { + local = true; address = "10.0.0.15"; mac = "D0:E5:CA:F0:D7:F1"; }; }; - - testvm = { - type = "host"; - }; }; }; } diff --git a/machines/modules/malobeo/zones.nix b/machines/modules/malobeo/zones.nix new file mode 100644 index 0000000..1affbdc --- /dev/null +++ b/machines/modules/malobeo/zones.nix @@ -0,0 +1,39 @@ +{ inputs }: + +let + vpnNS = "vpn"; + localNS = "hq"; + peers = import ./peers.nix; + hosts = ((import ../../hosts.nix ) {}).malobeo.hosts; + +in +{ + SOA = { + nameServer = "ns1"; + adminEmail = "admin@malobeo.org"; + serial = 2019030800; + }; + useOrigin = false; + + NS = [ + "ns1.malobeo.org." + ]; + + A = [ "23.23.23.23" ]; #TODO: update + AAAA = [ "4321:0:1:2:3:4:567:89ab" ]; #TODO: update + + subdomains = { + ${localNS} = { + subdomains = builtins.mapAttrs (name: value: if value.network.local == true then { + A = [ value.network.address ]; + } else {}) hosts; + }; + + ${vpnNS} = { + A = [ peers.vpn.address ]; + subdomains = builtins.mapAttrs (name: value: if value.role != "server" then { + A = [ value.address ]; + } else {}) peers; + }; + }; +} diff --git a/machines/ns1/configuration.nix b/machines/ns1/configuration.nix new file mode 100644 index 0000000..f64d578 --- /dev/null +++ b/machines/ns1/configuration.nix @@ -0,0 +1,34 @@ +{ config, self, lib, inputs, pkgs, ... }: + +with lib; +with inputs; + +let + dns = inputs.dns; +in +{ + networking = { + hostName = mkDefault "ns1"; + useDHCP = false; + }; + + imports = [ + ../modules/malobeo_user.nix + ../modules/sshd.nix + ../modules/minimal_tools.nix + ../modules/autoupdate.nix + ]; + + services.bind = { + enable = true; + zones = { + "malobeo.org" = { + master = true; + file = pkgs.writeText "zone-malobeo.org" (dns.lib.toString "malobeo.org" (import ../modules/malobeo/zones.nix { inherit inputs; })); + }; + }; + }; + + system.stateVersion = "22.11"; # Did you read the comment? +} +