From bbf4a90e46b0b0ef518511be6bcab0304df49f8e Mon Sep 17 00:00:00 2001 From: Niten Date: Fri, 16 Oct 2020 11:17:50 -0500 Subject: [PATCH] added clunk --- fudo/sites/default.nix | 1 + fudo/sites/russell.nix | 34 +++++++++++ hosts/clunk.nix | 126 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 161 insertions(+) create mode 100644 fudo/sites/russell.nix create mode 100644 hosts/clunk.nix diff --git a/fudo/sites/default.nix b/fudo/sites/default.nix index fd59359..63a6ab0 100644 --- a/fudo/sites/default.nix +++ b/fudo/sites/default.nix @@ -4,6 +4,7 @@ imports = [ ./joes.nix ./portage.nix + ./russell.nix ./seattle.nix ]; } diff --git a/fudo/sites/russell.nix b/fudo/sites/russell.nix new file mode 100644 index 0000000..e10a3c4 --- /dev/null +++ b/fudo/sites/russell.nix @@ -0,0 +1,34 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + admin = "admin@fudo.org"; + + nameservers = [ + "1.1.1.1" + "8.8.8.8" + ]; + + hostname = config.networking.hostName; + +in { + config = mkIf (config.fudo.common.site == "russell") { + time.timeZone = "America/Winnipeg"; + + services.cron = { + mailto = admin; + }; + + networking = { + domain = "fudo.org"; + search = ["fudo.org"]; + firewall.enable = false; + nameservers = nameservers; + }; + + # fudo.node-exporter = { + # enable = true; + # hostname = hostname; + # }; + }; +} diff --git a/hosts/clunk.nix b/hosts/clunk.nix new file mode 100644 index 0000000..b1fb4fb --- /dev/null +++ b/hosts/clunk.nix @@ -0,0 +1,126 @@ +{ lib, config, pkgs, ... }: + +let + hostname = "clunk"; + host-internal-ip = "10.0.0.1"; + inherit (lib.strings) concatStringsSep; + +in { + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + hardware.bluetooth.enable = false; + + imports = [ + ../defaults.nix + ../hardware-configuration.nix + ]; + + fudo.common = { + profile = "server"; + site = "russell"; + }; + + # fudo.local-network = { + # enable = true; + # dns-servers = [ host-internal-ip ]; + # gateway = host-internal-ip; + # dhcp-interfaces = [ "intif0" ]; + # dns-serve-ips = [ host-internal-ip "127.0.0.1" "127.0.1.1" ]; + # # Using a pihole running in docker, see below + # recursive-resolver = "${host-internal-ip} port 5353"; + # # recursive-resolver = "1.1.1.1"; + # server-ip = host-internal-ip; + # }; + + networking = { + hostName = hostname; + + nameservers = [ host-internal-ip ]; + + # Create a bridge for VMs to use + macvlans = { + intif0 = { + interface = "enp2s0"; + mode = "bridge"; + }; + }; + + interfaces = { + enp2s0.useDHCP = false; + enp3s0.useDHCP = false; + enp4s0.useDHCP = false; + + enp1s0.useDHCP = true; + + intif0 = { + useDHCP = false; + # Result of: + # echo clunk-intif0|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/' + macAddress = "02:44:d1:eb:c3:6b"; + ipv4.addresses = [ + { + address = host-internal-ip; + prefixLength = 22; + } + ]; + }; + }; + + nat = { + enable = true; + externalInterface = "enp1s0"; + internalInterfaces = ["intif0"]; + }; + }; + + fudo = { + secure-dns-proxy = { + enable = true; + port = 3535; + upstream-dns = [ + "https://cloudflare-dns.com/dns-query" + ]; + bootstrap-dns = "1.1.1.1"; + }; + }; + + environment.systemPackages = with pkgs; [ + dnsproxy + ]; + + virtualisation = { + docker = { + enable = true; + autoPrune.enable = true; + enableOnBoot = true; + }; + }; + + docker-containers = { + pihole = { + image = "pihole/pihole:4.3.2-1"; + ports = [ + "5353:53/tcp" + "5353:53/udp" + "3080:80/tcp" + ]; + environment = { + ServerIP = host-internal-ip; + VIRTUAL_HOST = "dns-hole.sea.fudo.org"; + DNS1 = "1.1.1.1"; + DNS2 = "8.8.8.8"; + }; + volumes = [ + "/srv/pihole/etc-pihole/:/etc/pihole/" + "/srv/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/" + ]; + # TODO: DNS-over-HTTPS via cloudflared + # extraDockerOptions = [ + # "--dns=1.1.1.1" + # ]; + }; + }; +}