added clunk

fudo/sites/default.nix

@@ -4,6 +4,7 @@
   imports = [
     ./joes.nix
     ./portage.nix
+    ./russell.nix
     ./seattle.nix
   ];
 }

fudo/sites/russell.nix

@@ -0,0 +1,34 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+  admin = "admin@fudo.org";
+
+  nameservers = [
+    "1.1.1.1"
+    "8.8.8.8"
+  ];
+
+  hostname = config.networking.hostName;
+
+in {
+  config = mkIf (config.fudo.common.site == "russell") {
+    time.timeZone = "America/Winnipeg";
+
+    services.cron = {
+      mailto = admin;
+    };
+
+    networking = {
+      domain = "fudo.org";
+      search = ["fudo.org"];
+      firewall.enable = false;
+      nameservers = nameservers;
+    };
+
+    # fudo.node-exporter = {
+    #   enable = true;
+    #   hostname = hostname;
+    # };
+  };
+}

hosts/clunk.nix

@@ -0,0 +1,126 @@
+{ lib, config, pkgs, ... }:
+
+let
+  hostname = "clunk";
+  host-internal-ip = "10.0.0.1";
+  inherit (lib.strings) concatStringsSep;
+
+in {
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  hardware.bluetooth.enable = false;
+
+  imports = [
+    ../defaults.nix
+    ../hardware-configuration.nix
+  ];
+
+  fudo.common = {
+    profile = "server";
+    site = "russell";
+  };
+
+  # fudo.local-network = {
+  #   enable = true;
+  #   dns-servers = [ host-internal-ip ];
+  #   gateway = host-internal-ip;
+  #   dhcp-interfaces = [ "intif0" ];
+  #   dns-serve-ips = [ host-internal-ip "127.0.0.1" "127.0.1.1" ];
+  #   # Using a pihole running in docker, see below
+  #   recursive-resolver = "${host-internal-ip} port 5353";
+  #   # recursive-resolver = "1.1.1.1";
+  #   server-ip = host-internal-ip;
+  # };
+
+  networking = {
+    hostName = hostname;
+
+    nameservers = [ host-internal-ip ];
+
+    # Create a bridge for VMs to use
+    macvlans = {
+      intif0 = {
+        interface = "enp2s0";
+        mode = "bridge";
+      };
+    };
+
+    interfaces = {
+      enp2s0.useDHCP = false;
+      enp3s0.useDHCP = false;
+      enp4s0.useDHCP = false;
+
+      enp1s0.useDHCP = true;
+
+      intif0 = {
+        useDHCP = false;
+      	# Result of:
+        # echo clunk-intif0|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/'
+        macAddress = "02:44:d1:eb:c3:6b";
+        ipv4.addresses = [
+          {
+            address = host-internal-ip;
+            prefixLength = 22;
+          }
+        ];
+      };
+    };
+
+    nat = {
+      enable = true;
+      externalInterface = "enp1s0";
+      internalInterfaces = ["intif0"];
+    };
+  };
+
+  fudo = {
+    secure-dns-proxy = {
+      enable = true;
+      port = 3535;
+      upstream-dns = [
+        "https://cloudflare-dns.com/dns-query"
+      ];
+      bootstrap-dns = "1.1.1.1";
+    };
+  };
+
+  environment.systemPackages = with pkgs; [
+    dnsproxy
+  ];
+
+  virtualisation = {
+    docker = {
+      enable = true;
+      autoPrune.enable = true;
+      enableOnBoot = true;
+    };
+  };
+
+  docker-containers = {
+    pihole = {
+      image = "pihole/pihole:4.3.2-1";
+      ports = [
+        "5353:53/tcp"
+        "5353:53/udp"
+        "3080:80/tcp"
+      ];
+      environment = {
+        ServerIP = host-internal-ip;
+        VIRTUAL_HOST = "dns-hole.sea.fudo.org";
+        DNS1 = "1.1.1.1";
+        DNS2 = "8.8.8.8";
+      };
+      volumes = [
+        "/srv/pihole/etc-pihole/:/etc/pihole/"
+        "/srv/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/"
+      ];
+      # TODO: DNS-over-HTTPS via cloudflared
+      # extraDockerOptions = [
+      #   "--dns=1.1.1.1"
+      # ];
+    };
+  };
+}