nixos/modules/corenet.nix

{config, numbers, pkgs, lib, ...}:

with lib;

let
hasIface = iface: elem iface (numbers.api.hostIfaces config.networking.hostName);
strIfHasIface = iface: s: if hasIface iface then s else "";
attrsetIfHasIface = iface: as: if hasIface iface then as else {};
eltIfHasIface = iface: elt: if hasIface iface then [ elt ] else [];

nameservers = filter (x: x != "") [
    "127.0.0.1"
    (if config.networking.hostName != "snorlax" then (numbers.api.hostIface "snorlax" "sec0").ip else "")
    (if config.networking.hostName != "sobble" then (numbers.api.hostIface "sobble" "sec0").ip else "")
    (if config.networking.hostName != "rowlet" then (numbers.api.hostIface "rowlet" "sec0").ip else "")
  ];

in

{
  imports = [
    #./pgpool.nix
    ./udp514.nix
  ];

  services.udp514-journal.enable = true;
  services.coredns = {
    enable = true;
    config = ''
      . {
        ${strIfHasIface "sxxxxec0" "bind sec0"}
        ${strIfHasIface "xxxxlan0" "bind lan0"}
        nsid ${config.networking.hostName}
        forward . 172.16.1.8
        template IN A server.dns {
          answer "{{ .Name }} 0 IN A ${(numbers.api.hostIface config.networking.hostName "sec0").ip}"
        }
      }
    '';
  };
  services.resolved.enable = false;
  #networking.resolvconf.enable = false;

  environment.etc."resolv.conf".text = foldl'
    (a: s: if s == "" then a else "${a}nameserver ${s}\n")
    "" nameservers;
  networking.nameservers = nameservers;


  system.activationScripts."corenet-flux" = mkIf true ''
    ln -sf ${./corenet-flux.yaml} /var/lib/rancher/k3s/server/manifests/corenet-flux.yaml
  '';

  services.k3s = {
    enable = true;
    tokenFile = mkIf (config.networking.hostName != "snorlax") "/etc/k3s.token";
    serverAddr =
      mkIf (config.networking.hostName != "snorlax")
        "https://${(numbers.api.hostIface "snorlax" "sec0").ip}:6443";
    clusterInit = config.networking.hostName == "snorlax";
    extraFlags = (
    #" --datastore-endpoint=nats://localhost:4222?noEmbed=true&bucket=k0-kine&replicas=2"+
    " --disable=traefik"+
    " --disable=local-storage"+
    " --cluster-cidr=10.128.0.0/16"+
    " --service-cidr=10.129.0.0/16"+
    " --flannel-backend=vxlan"+
    " --embedded-registry"+
    (strIfHasIface "sec0" " --node-ip=${(numbers.api.hostIface config.networking.hostName "sec0").ip}")+
    #(strIfHasIface "lan0" " --tls-san=${(numbers.api.hostIface config.networking.hostName "lan0").ip}")+
    "");
  };

  environment.etc."rancher/k3s/registries.yaml".text = ''
    mirrors:
      "*":
  '';

  networking.firewall.allowedUDPPorts = [
    53 80 443 5432 5001 9898 9999 6443 4222 6222 8222 2379 2380 8472 10250
  ];
  networking.firewall.allowedUDPPortRanges = [
    { from = 5000; to = 32767; }
  ];
  networking.firewall.allowedTCPPorts = [
    53 80 443 5432 5001 9898 9999 6443 4222 6222 8222 2379 2380 10250
  ];
  networking.firewall.allowedTCPPortRanges = [
    { from = 5000; to = 32767; }
  ];
}
add corenet module and basic coredns + Corefile 2024-07-17 04:40:44 +00:00			`{config, numbers, pkgs, lib, ...}:`

			`with lib;`

			`let`
			`hasIface = iface: elem iface (numbers.api.hostIfaces config.networking.hostName);`
			`strIfHasIface = iface: s: if hasIface iface then s else "";`
			`attrsetIfHasIface = iface: as: if hasIface iface then as else {};`
			`eltIfHasIface = iface: elt: if hasIface iface then [ elt ] else [];`

wip 2024-07-26 19:29:08 +00:00			`nameservers = filter (x: x != "") [`
			`"127.0.0.1"`
			`(if config.networking.hostName != "snorlax" then (numbers.api.hostIface "snorlax" "sec0").ip else "")`
			`(if config.networking.hostName != "sobble" then (numbers.api.hostIface "sobble" "sec0").ip else "")`
			`(if config.networking.hostName != "rowlet" then (numbers.api.hostIface "rowlet" "sec0").ip else "")`
			`];`

add corenet module and basic coredns + Corefile 2024-07-17 04:40:44 +00:00			`in`

			`{`
			`imports = [`
			`#./pgpool.nix`
			`./udp514.nix`
			`];`

			`services.udp514-journal.enable = true;`
			`services.coredns = {`
			`enable = true;`
			`config = ''`
			`. {`
wip 2024-07-26 19:29:08 +00:00			`${strIfHasIface "sxxxxec0" "bind sec0"}`
			`${strIfHasIface "xxxxlan0" "bind lan0"}`
updates. (from the past :/) 2025-02-19 01:09:15 +00:00			`nsid ${config.networking.hostName}`
make coredns do something useful instead of harmful 2024-07-25 18:24:16 +00:00			`forward . 172.16.1.8`
updates. (from the past :/) 2025-02-19 01:09:15 +00:00			`template IN A server.dns {`
			`answer "{{ .Name }} 0 IN A ${(numbers.api.hostIface config.networking.hostName "sec0").ip}"`
			`}`
add corenet module and basic coredns + Corefile 2024-07-17 04:40:44 +00:00			`}`
			`'';`
			`};`
wip 2024-07-26 19:29:08 +00:00			`services.resolved.enable = false;`
			`#networking.resolvconf.enable = false;`
add corenet module and basic coredns + Corefile 2024-07-17 04:40:44 +00:00
wip 2024-07-26 19:29:08 +00:00			`environment.etc."resolv.conf".text = foldl'`
			`(a: s: if s == "" then a else "${a}nameserver ${s}\n")`
			`"" nameservers;`
			`networking.nameservers = nameservers;`
add corenet module and basic coredns + Corefile 2024-07-17 04:40:44 +00:00

wip 2024-07-26 19:29:08 +00:00			`system.activationScripts."corenet-flux" = mkIf true ''`
			`ln -sf ${./corenet-flux.yaml} /var/lib/rancher/k3s/server/manifests/corenet-flux.yaml`
			`'';`
add corenet module and basic coredns + Corefile 2024-07-17 04:40:44 +00:00
			`services.k3s = {`
			`enable = true;`
wip 2024-07-26 19:29:08 +00:00			`tokenFile = mkIf (config.networking.hostName != "snorlax") "/etc/k3s.token";`
			`serverAddr =`
			`mkIf (config.networking.hostName != "snorlax")`
			`"https://${(numbers.api.hostIface "snorlax" "sec0").ip}:6443";`
			`clusterInit = config.networking.hostName == "snorlax";`
add corenet module and basic coredns + Corefile 2024-07-17 04:40:44 +00:00			`extraFlags = (`
wip 2024-07-26 19:29:08 +00:00			`#" --datastore-endpoint=nats://localhost:4222?noEmbed=true&bucket=k0-kine&replicas=2"+`
add corenet module and basic coredns + Corefile 2024-07-17 04:40:44 +00:00			`" --disable=traefik"+`
			`" --disable=local-storage"+`
			`" --cluster-cidr=10.128.0.0/16"+`
wip 2024-07-26 19:29:08 +00:00			`" --service-cidr=10.129.0.0/16"+`
			`" --flannel-backend=vxlan"+`
			`" --embedded-registry"+`
add corenet module and basic coredns + Corefile 2024-07-17 04:40:44 +00:00			`(strIfHasIface "sec0" " --node-ip=${(numbers.api.hostIface config.networking.hostName "sec0").ip}")+`
wip 2024-07-26 19:29:08 +00:00			`#(strIfHasIface "lan0" " --tls-san=${(numbers.api.hostIface config.networking.hostName "lan0").ip}")+`
add corenet module and basic coredns + Corefile 2024-07-17 04:40:44 +00:00			`"");`
			`};`

wip 2024-07-26 19:29:08 +00:00			`environment.etc."rancher/k3s/registries.yaml".text = ''`
			`mirrors:`
			`"*":`
			`'';`
add corenet module and basic coredns + Corefile 2024-07-17 04:40:44 +00:00
wip 2024-07-26 19:29:08 +00:00			`networking.firewall.allowedUDPPorts = [`
			`53 80 443 5432 5001 9898 9999 6443 4222 6222 8222 2379 2380 8472 10250`
			`];`
			`networking.firewall.allowedUDPPortRanges = [`
updates. (from the past :/) 2025-02-19 01:09:15 +00:00			`{ from = 5000; to = 32767; }`
wip 2024-07-26 19:29:08 +00:00			`];`
			`networking.firewall.allowedTCPPorts = [`
			`53 80 443 5432 5001 9898 9999 6443 4222 6222 8222 2379 2380 10250`
			`];`
			`networking.firewall.allowedTCPPortRanges = [`
updates. (from the past :/) 2025-02-19 01:09:15 +00:00			`{ from = 5000; to = 32767; }`
wip 2024-07-26 19:29:08 +00:00			`];`
add corenet module and basic coredns + Corefile 2024-07-17 04:40:44 +00:00			`}`