Commit bae1c86bf3d5
Changed files (6)
systems
athena
common
systems/athena/extra.nix
@@ -1,7 +1,7 @@
{ globals, ... }:
{
imports = [
- # ../common/services/bind.nix
+ ../common/services/bind.nix
../common/services/prometheus-exporters-node.nix
../common/services/prometheus-exporters-bind.nix
];
systems/common/services/bind.nix
@@ -0,0 +1,18 @@
+{ lib, globals, ... }:
+{
+ # FIXME move the "networks" to globals
+ services.bind = {
+ enable = true;
+ forwarders = [
+ "8.8.8.8"
+ "8.8.4.4"
+ ];
+ extraOptions = ''
+ dnssec-validation no;
+ '';
+ cacheNetworks = [
+ "127.0.0.0/8"
+ ] ++ globals.net.dns.cacheNetworks;
+ zones = globals.net.dns.zones;
+ };
+}
systems/common/services/prometheus-exporters-bind.nix
@@ -1,5 +1,5 @@
_: {
- services.prometheus-exporters.bind = {
+ services.prometheus.exporters.bind = {
enable = true;
port = 9009;
};
systems/common/services/prometheus-exporters-node.nix
@@ -18,10 +18,11 @@
};
config = {
- service.prometheus.exporters.node = {
+ services.prometheus.exporters.node = {
enable = true;
port = 9000;
enabledCollectors = config.prometheus-exporters-node.collectors;
extraFlags = config.prometheus-exporters-node.extraFlags;
};
};
+}
flake.nix
@@ -85,12 +85,12 @@
# };
# # Servers (unstable)
kobe = libx.mkHost { hostname = "kobe"; };
-
- # athena = libx.mkHost {
- # hostname = "athena";
- # pkgsInput = inputs.nixpkgs-24_11;
- # homeInput = inputs.home-manager-24_11;
- # };
+ athena = libx.mkHost {
+ hostname = "athena";
+ system = "aarch64-linux";
+ pkgsInput = inputs.nixpkgs-24_11;
+ homeInput = inputs.home-manager-24_11;
+ };
# shikoku = libx.mkHost { hostname = "shikoku"; };
# FIXME migrate to libx.mkHost
aomi = inputs.nixpkgs.lib.nixosSystem {
@@ -138,10 +138,10 @@
# };
# Raspberry PI
# athena
- athena = inputs.nixpkgs-24_11.lib.nixosSystem {
- system = "aarch64-linux";
- modules = commonModules ++ stableModules ++ [ ./systems/hosts/athena.nix ];
- };
+ # athena = inputs.nixpkgs-24_11.lib.nixosSystem {
+ # system = "aarch64-linux";
+ # modules = commonModules ++ stableModules ++ [ ./systems/hosts/athena.nix ];
+ # };
# demeter
demeter = inputs.nixpkgs-24_11.lib.nixosSystem {
system = "aarch64-linux";
globals.nix
@@ -1,12 +1,61 @@
{ lib, ... }:
{
net = {
+ dns = {
+ cacheNetworks = [ "192.168.1.0/24" "10.100.0.0/24" ];
+ zones = [
+ {
+ # sbr
+ name = "sbr.pm";
+ master = true;
+ slaves = [ ];
+ file = ./secrets/db.sbr.pm;
+ }
+ {
+ # home
+ name = "home";
+ master = true;
+ slaves = [ ];
+ file = ./secrets/db.home;
+ }
+ {
+ # home.reverse
+ name = "192.168.1.in-addr.arpa";
+ master = true;
+ slaves = [ ];
+ file = ./secrets/db.192.168.1;
+ }
+ {
+ # vpn
+ name = "vpn";
+ master = true;
+ slaves = [ ];
+ file = ./secrets/db.vpn;
+ }
+ {
+ # vpn.reverse
+ name = "10.100.0.in-addr.arpa";
+ master = true;
+ slaves = [ ];
+ file = ./secrets/db.10.100.0;
+ }
+ ];
+ };
vpn = {
endpoint = "167.99.17.238";
pubkey = "+H3fxErP9HoFUrPgU19ra9+GDLQw+VwvLWx3lMct7QI=";
};
};
machines = {
+ athena = {
+ net = {
+ ips = [ "192.168.1.183" ];
+ vpn = {
+ pubkey = "RWqH7RdIXg+YE9U1nlsNiOC7jH8eWjWQmikqBVDGSXU=";
+ ips = [ "10.100.0.83" ];
+ };
+ };
+ };
kyushu = {
net = {
ips = [