EH22/nox
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: EH22:78a1b6daa722f2b7afd410efb8f797946a0c73a0
Branches Tags
EH22:main
..
compare: EH22:05fbd7183c115099680b69bae327d81fdcedb036
Branches Tags
EH22:main

No commits in common. "78a1b6daa722f2b7afd410efb8f797946a0c73a0" and "05fbd7183c115099680b69bae327d81fdcedb036" have entirely different histories.
78a1b6daa7 ... 05fbd7183c

4 changed files with 3 additions and 68 deletions
Download patch file Download diff file Expand all files Collapse all files

2
data/zones/noc.eh22.intern.zone
View file

@ -2,7 +2,5 @@ $ORIGIN noc.eh22.intern.
@ 0 IN SOA auth-dns noc.eh22.easterhegg.eu. 1 7200 3600 3600000 60 @ 0 IN SOA auth-dns noc.eh22.easterhegg.eu. 1 7200 3600 3600000 60
@ 0 IN NS 10.20.25.3. @ 0 IN NS 10.20.25.3.
auth-dns 0 IN A 10.20.25.3 auth-dns 0 IN A 10.20.25.3
grafana 0 IN A 10.20.25.4
proxmox 0 IN A 10.20.25.1 proxmox 0 IN A 10.20.25.1
resolv-dns 0 IN A 10.20.25.5
sketchy-router 0 IN A 10.20.25.2 sketchy-router 0 IN A 10.20.25.2

10
systems/default.nix
View file

@ -6,11 +6,7 @@ let
# call like `mkSystem "x86_64-linux" "<hostname>.eh22.intern"` # call like `mkSystem "x86_64-linux" "<hostname>.eh22.intern"`
mkSystem = mkSystem =
systemType: name: systemType: name:
let nixpkgs.lib.nixosSystem {
lib = nixpkgs.lib;
systemModule = if lib.pathIsDirectory ./${name} then ./${name}/system.nix else ./${name}.nix;
in
lib.nixosSystem {
system = systemType; system = systemType;
specialArgs = flake.inputs; specialArgs = flake.inputs;
modules = [ modules = [
@ -21,7 +17,8 @@ let
../modules/base_system.nix ../modules/base_system.nix
../modules/user_account.nix ../modules/user_account.nix
systemModule #../modules/mail_relay.nix
./${name}.nix
( (
let let
@ -42,7 +39,6 @@ in
{ {
# prod hosts # prod hosts
"auth-dns.noc.eh22.intern" = mkSystem "x86_64-linux" "auth-dns.noc.eh22.intern"; "auth-dns.noc.eh22.intern" = mkSystem "x86_64-linux" "auth-dns.noc.eh22.intern";
"resolv-dns.noc.eh22.intern" = mkSystem "x86_64-linux" "resolv-dns.noc.eh22.intern";
# staging temp infra # staging temp infra
"sketchy-router.noc.eh22.intern" = mkSystem "x86_64-linux" "sketchy-router.noc.eh22.intern"; "sketchy-router.noc.eh22.intern" = mkSystem "x86_64-linux" "sketchy-router.noc.eh22.intern";

23
systems/resolv-dns.noc.eh22.intern/kresd-config.lua
View file

@ -1,23 +0,0 @@
-- ref: https://www.knot-resolver.cz/documentation/stable/config-overview.html
-- load non-default modules
modules.load("view")
modules.load("prefill")
-- define list of internal-only domains
ehDomains = policy.todnames({'noc.eh22.intern'})
-- for the mgmt-network, forward ehDomains to our authorative server
view:addr('10.20.25.0/24', policy.suffix(policy.FLAGS({'NO_CACHE'}), ehDomains))
view:addr('10.20.25.0/24', policy.suffix(policy.STUB({'10.20.25.3'}), ehDomains))
-- allow resolution from our internal network
view:addr('10.20.25.0/24', policy.all(policy.PASS))
-- precache the root zone to reduce traffic load to it
prefill.config({
["."] = {
url = "https://www.internic.net/domain/root.zone",
interval = 24 * 60 * 60,
}
})

36
systems/resolv-dns.noc.eh22.intern/system.nix
View file

@ -1,36 +0,0 @@
{
pkgs,
lib,
...
}:
{
imports = [ ];
# configure static IP address
networking.useDHCP = false;
systemd.network = {
enable = true;
networks = {
"10-mgmtNet" = {
matchConfig.MACAddress = "BC:24:11:61:E3:D9";
address = [ "10.20.25.5/24" ];
gateway = [ "10.20.25.2" ];
};
};
};
# enable knot resolv server
# ref: https://search.nüschtos.de/?query=services.kresd
# https://www.knot-resolver.cz/documentation/stable/
services.kresd = {
enable = true;
instances = 4;
listenPlain = [ "53" ];
extraConfig = builtins.readFile ./kresd-config.lua;
};
# DO NOT CHANGE
# this defines the first version of NixOS that was installed on the machine so that programs with non-migratable data files are kept compatible
home-manager.users.noc.home.stateVersion = "24.11";
system.stateVersion = "24.11";
}