diff --git a/data/zones/noc.eh22.intern.zone b/data/zones/noc.eh22.intern.zone index e53b328..1f6a657 100644 --- a/data/zones/noc.eh22.intern.zone +++ b/data/zones/noc.eh22.intern.zone @@ -2,7 +2,5 @@ $ORIGIN noc.eh22.intern. @ 0 IN SOA auth-dns noc.eh22.easterhegg.eu. 1 7200 3600 3600000 60 @ 0 IN NS 10.20.25.3. auth-dns 0 IN A 10.20.25.3 -grafana 0 IN A 10.20.25.4 proxmox 0 IN A 10.20.25.1 -resolv-dns 0 IN A 10.20.25.5 sketchy-router 0 IN A 10.20.25.2 diff --git a/systems/default.nix b/systems/default.nix index bac10f0..161bbda 100644 --- a/systems/default.nix +++ b/systems/default.nix @@ -6,11 +6,7 @@ let # call like `mkSystem "x86_64-linux" ".eh22.intern"` mkSystem = systemType: name: - let - lib = nixpkgs.lib; - systemModule = if lib.pathIsDirectory ./${name} then ./${name}/system.nix else ./${name}.nix; - in - lib.nixosSystem { + nixpkgs.lib.nixosSystem { system = systemType; specialArgs = flake.inputs; modules = [ @@ -21,7 +17,8 @@ let ../modules/base_system.nix ../modules/user_account.nix - systemModule + #../modules/mail_relay.nix + ./${name}.nix ( let @@ -42,7 +39,6 @@ in { # prod hosts "auth-dns.noc.eh22.intern" = mkSystem "x86_64-linux" "auth-dns.noc.eh22.intern"; - "resolv-dns.noc.eh22.intern" = mkSystem "x86_64-linux" "resolv-dns.noc.eh22.intern"; # staging temp infra "sketchy-router.noc.eh22.intern" = mkSystem "x86_64-linux" "sketchy-router.noc.eh22.intern"; diff --git a/systems/resolv-dns.noc.eh22.intern/kresd-config.lua b/systems/resolv-dns.noc.eh22.intern/kresd-config.lua deleted file mode 100644 index 52771e1..0000000 --- a/systems/resolv-dns.noc.eh22.intern/kresd-config.lua +++ /dev/null @@ -1,23 +0,0 @@ --- ref: https://www.knot-resolver.cz/documentation/stable/config-overview.html - --- load non-default modules -modules.load("view") -modules.load("prefill") - --- define list of internal-only domains -ehDomains = policy.todnames({'noc.eh22.intern'}) - --- for the mgmt-network, forward ehDomains to our authorative server -view:addr('10.20.25.0/24', policy.suffix(policy.FLAGS({'NO_CACHE'}), ehDomains)) -view:addr('10.20.25.0/24', policy.suffix(policy.STUB({'10.20.25.3'}), ehDomains)) - --- allow resolution from our internal network -view:addr('10.20.25.0/24', policy.all(policy.PASS)) - --- precache the root zone to reduce traffic load to it -prefill.config({ - ["."] = { - url = "https://www.internic.net/domain/root.zone", - interval = 24 * 60 * 60, - } -}) diff --git a/systems/resolv-dns.noc.eh22.intern/system.nix b/systems/resolv-dns.noc.eh22.intern/system.nix deleted file mode 100644 index c6fa428..0000000 --- a/systems/resolv-dns.noc.eh22.intern/system.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ - pkgs, - lib, - ... -}: -{ - imports = [ ]; - - # configure static IP address - networking.useDHCP = false; - systemd.network = { - enable = true; - networks = { - "10-mgmtNet" = { - matchConfig.MACAddress = "BC:24:11:61:E3:D9"; - address = [ "10.20.25.5/24" ]; - gateway = [ "10.20.25.2" ]; - }; - }; - }; - - # enable knot resolv server - # ref: https://search.nüschtos.de/?query=services.kresd - # https://www.knot-resolver.cz/documentation/stable/ - services.kresd = { - enable = true; - instances = 4; - listenPlain = [ "53" ]; - extraConfig = builtins.readFile ./kresd-config.lua; - }; - - # DO NOT CHANGE - # this defines the first version of NixOS that was installed on the machine so that programs with non-migratable data files are kept compatible - home-manager.users.noc.home.stateVersion = "24.11"; - system.stateVersion = "24.11"; -}