nixos/machines/vigil.nix

93 lines
2 KiB
Nix
Raw Normal View History

2023-01-25 11:48:44 +00:00
/*
Name: https://masseffect.fandom.com/wiki/Vigil
Why: Counterpart to Vendetta
Type: VM
Hardware: -
From: 2023
Role: DNS Server
Notes:
*/
{ pkgs, lib, nodes, ... }:
let
name = "vigil";
ip_pub = "193.1.99.109";
ip_priv = "172.20.20.4";
# hostname = "${name}.skynet.ie";
hostname = ip_pub;
# sets which nameserver it is
ns = "ns2";
in {
imports = [
# applications for this particular server
../applications/firewall.nix
../applications/dns.nix
];
deployment = {
targetHost = hostname;
targetPort = 22;
targetUser = "root";
};
networking = {
firewall = {
allowedTCPPorts = [22 53];
allowedUDPPorts = [53];
};
};
# open the firewall for this
skynet_firewall.forward = [
"ip daddr ${ip_pub} tcp dport 53 counter packets 0 bytes 0 accept"
"ip daddr ${ip_pub} udp dport 53 counter packets 0 bytes 0 accept"
2023-01-25 11:48:44 +00:00
];
skynet_dns = {
enable = true;
# this server will have to have dns records
own = {
nameserver = ns;
external = [
"${name} A ${ip_pub}"
"${ns} A ${ip_pub}"
];
cname = [
#"misc CNAME vendetta"
];
};
records = {
# using the same logic as the firewall, comments there
external = builtins.concatLists (
lib.attrsets.mapAttrsToList (key: value:
if builtins.hasAttr "skynet_dns" value.config
then (
if value.config.skynet_dns.enable
then value.config.skynet_dns.own.external
else value.config.skynet_dns.records.external
)
else []
) nodes
);
cname = builtins.concatLists (
lib.attrsets.mapAttrsToList (key: value:
if builtins.hasAttr "skynet_dns" value.config
then (
if value.config.skynet_dns.enable
then value.config.skynet_dns.own.cname
else value.config.skynet_dns.records.cname
)
else []
) nodes
);
};
};
}