Skip to content

Commit

Permalink
fix: ddns on nwk2 ddns on cf
Browse files Browse the repository at this point in the history 
Signed-off-by: Anthony Rabbito <[email protected]>
  • Loading branch information
@anthr76
anthr76 committed Jan 19, 2025
1 parent aa6e427 commit e1a629b
Show file tree
Hide file tree
Showing 4 changed files with 174 additions and 28 deletions.
190 changes: 168 additions & 22 deletions nixos/hosts/fw1-nwk2/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,10 @@
{ lib, inputs, pkgs, ... }:
{
lib,
inputs,
pkgs,
config,
...
}:
let
zoneSerial = toString inputs.self.lastModified;
in
Expand All @@ -10,7 +16,7 @@ in
];
networking.hostName = "fw1";
networking.domain = "nwk2.rabbito.tech";
services.cfdyndns.records = [
services.cloudflare-dyndns.domains = [
"fw-1.nwk2.rabbito.tech"
"nwk2.rabbito.tech"
];
Expand All @@ -34,11 +40,56 @@ in
'';

networking.interfaces = {
vlan8 = { ipv4 = { addresses = [{ address = "192.168.15.1"; prefixLength = 24; }]; }; };
vlan10 = { ipv4 = { addresses = [{ address = "192.168.7.1"; prefixLength = 24; }]; }; };
vlan99 = { ipv4 = { addresses = [{ address = "10.30.99.1"; prefixLength = 24; }]; }; };
vlan100 = { ipv4 = { addresses = [{ address = "192.168.11.1"; prefixLength = 24; }]; }; };
vlan101 = { ipv4 = { addresses = [{ address = "192.168.5.1"; prefixLength = 24; }]; }; };
vlan8 = {
ipv4 = {
addresses = [
{
address = "192.168.15.1";
prefixLength = 24;
}
];
};
};
vlan10 = {
ipv4 = {
addresses = [
{
address = "192.168.7.1";
prefixLength = 24;
}
];
};
};
vlan99 = {
ipv4 = {
addresses = [
{
address = "10.30.99.1";
prefixLength = 24;
}
];
};
};
vlan100 = {
ipv4 = {
addresses = [
{
address = "192.168.11.1";
prefixLength = 24;
}
];
};
};
vlan101 = {
ipv4 = {
addresses = [
{
address = "192.168.5.1";
prefixLength = 24;
}
];
};
};
};
services.tailscale.extraUpFlags = [
"--advertise-routes=192.168.11.0/24,10.30.99.0/24,192.168.7.0/24"
Expand Down Expand Up @@ -162,21 +213,116 @@ in
zones = {
"nwk2.rabbito.tech." = {
master = true;
file = pkgs.writeText "nwk2.rabbito.tech" (lib.strings.concatStrings [
''
$ORIGIN nwk2.rabbito.tech.
$TTL 86400
@ IN SOA nwk2.rabbito.tech. admin.rabbito.tech (
${zoneSerial} ; serial number
3600 ; refresh
900 ; retry
1209600 ; expire
1800 ; ttl
)
IN NS fw1.nwk2.rabbito.tech.
fw1 IN A 10.30.99.1
''
]);
file = pkgs.writeText "nwk2.rabbito.tech" (
lib.strings.concatStrings [
''
$ORIGIN nwk2.rabbito.tech.
$TTL 86400
@ IN SOA nwk2.rabbito.tech. admin.rabbito.tech (
${zoneSerial} ; serial number
3600 ; refresh
900 ; retry
1209600 ; expire
1800 ; ttl
)
IN NS fw1.nwk2.rabbito.tech.
fw1 IN A 10.30.99.1
''
]
);
};
"11.168.192.in-addr.arpa." = {
master = true;
extraConfig = ''
allow-update { key "dhcp-update-key"; };
journal "${config.services.bind.directory}/db.11.168.192.in-addr.arpa.jnl";
'';
file = pkgs.writeText "11.168.192.in-addr.arpa" (
lib.strings.concatStrings [
''
$ORIGIN 11.168.192.in-addr.arpa.
$TTL 86400
@ IN SOA nwk2.rabbito.tech. admin.rabbito.tech (
${zoneSerial} ; serial number
3600 ; refresh
900 ; retry
1209600 ; expire
1800 ; ttl
)
IN NS fw1.nwk2.rabbito.tech.
''
]
);
};
"7.168.192.in-addr.arpa." = {
master = true;
extraConfig = ''
allow-update { key "dhcp-update-key"; };
journal "${config.services.bind.directory}/db.7.168.192.in-addr.arpa.jnl";
'';
file = pkgs.writeText "7.168.192.in-addr.arpa" (
lib.strings.concatStrings [
''
$ORIGIN 7.168.192.in-addr.arpa.
$TTL 86400
@ IN SOA nwk2.rabbito.tech. admin.rabbito.tech (
${zoneSerial} ; serial number
3600 ; refresh
900 ; retry
1209600 ; expire
1800 ; ttl
)
IN NS fw1.nwk2.rabbito.tech.
''
]
);
};
"5.58.192.in-addr.arpa." = {
master = true;
extraConfig = ''
allow-update { key "dhcp-update-key"; };
journal "${config.services.bind.directory}/db.5.168.192.in-addr.arpa.jnl";
'';
file = pkgs.writeText "5.168.192.in-addr.arpa" (
lib.strings.concatStrings [
''
$ORIGIN 5.168.192.in-addr.arpa.
$TTL 86400
@ IN SOA nwk2.rabbito.tech. admin.rabbito.tech (
${zoneSerial} ; serial number
3600 ; refresh
900 ; retry
1209600 ; expire
1800 ; ttl
)
IN NS fw1.nwk2.rabbito.tech.
''
]
);
};
"99.30.10.in-addr.arpa." = {
master = true;
extraConfig = ''
allow-update { key "dhcp-update-key"; };
journal "${config.services.bind.directory}/db.99.30.10.in-addr.arpa.jnl";
'';
file = pkgs.writeText "99.30.10.in-addr.arpa" (
lib.strings.concatStrings [
''
$ORIGIN 99.30.10.in-addr.arpa.
$TTL 86400
@ IN SOA nwk2.rabbito.tech. admin.rabbito.tech (
${zoneSerial} ; serial number
3600 ; refresh
900 ; retry
1209600 ; expire
1800 ; ttl
)
IN NS fw1.nwk2.rabbito.tech.
1 IN PTR fw1.nwk2.rabbito.tech.
''
]
);
};
};
};
Expand Down
2 changes: 1 addition & 1 deletion nixos/hosts/fw1-nwk3/default.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ in
];
networking.hostName = "fw1";
networking.domain = "nwk3.rabbito.tech";
services.cfdyndns.records = [
services.cloudflare-dyndns.domains = [
"fw-1.nwk3.rabbito.tech"
"nwk3.rabbito.tech"
];
Expand Down
2 changes: 1 addition & 1 deletion nixos/personalities/server/router/ddns.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ in
owner = config.systemd.services.kea-dhcp-ddns-server.serviceConfig.User;
group = config.systemd.services.kea-dhcp-ddns-server.serviceConfig.User;
};
services.cfdyndns = {
services.cloudflare-dyndns = {
enable = true;
apiTokenFile = config.sops.secrets.cfApiToken.path;
};
Expand Down
8 changes: 4 additions & 4 deletions secrets/users.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ chromium-client-id: ENC[AES256_GCM,data:Rs3oOBRT9Efrp805fGzRGOJ6WhJAd1TApCiWYnBq
chromium-client-secret: ENC[AES256_GCM,data:CrQUBfe8lZHdYkCbi7NfBUqqTK2BBe518OejzdWfJ3ozCy0=,iv:6bfQeF/6dggeMIssfAsdENHWSug81g4gswxao0sSveQ=,tag:BwUK/DQ4JIiBtCkV8MkZ5Q==,type:str]
tailscale-auth-key: ENC[AES256_GCM,data:bZlL8FYKJMOfj1RWHZFIgNkGY5G4qwBohZKf9aavYOelrIDjWb6kot3eLhGR6S3cJt+/pzFv75143AKrUNc=,iv:I3BAY57o8Bl7BIqRXzEmjDvNg1j6EPKS6KlDn0WXDLU=,tag:EP3KB3QOgqAVO8XXQ5Twog==,type:str]
nixbuild-ssh-key: ENC[AES256_GCM,data:CJoF+QvIYYBF82iRwqfFsvyTaGZf4zgZYpnppA9jYij6lGWee3LGA0lDp05oG6h3QY5Yrp8XB8lx4WUzALWHjYn9cY+762PxfRO8SwQYx1oJvfP8zZv02WgzctbyxHNNP3bn4yC1YyWDyvWTCU9uQgL+kWOjNpfSBqGJ7rGAuF+XypgmgFMbly4sl8Z3SbICFNVWQOCloemHS/kN2hNu+KlaWgoAPbgAWmLnYb9qndkQKiwapxfi0J4KyU/ryqXW98a+ig89e8u+mJmA8Q9p6XwkEYZ9DAqHg95dqPgjJYgrlmpy4dJ8UHpdFACD8cWQEu11n2O9dIy5pw/YpF89n2toFgDX1Kn/4FMXVaBg/uzJfF9IaOLLOEnqMTXrin+2DWmFDnS+/9w0ybcDPGhIL3+d9xSN8cWgYIB4dr2AVBajbwF3PezczWTg+UIC6fyT1QQAXkusL07pcntOy0g+fMkCXBYLTu84QPmXpRXJVdBDF2v3TF9gtpfc1tpOW0LWc+U0x0m5WALNUAJJ1MXk,iv:UmwIuZIvndyzPQvsm/3M+EwA3gyfyLxZfFcKK6tkkVg=,tag:hIDXKv3E+7SPDBPwSmyV4Q==,type:str]
cfApiToken: ENC[AES256_GCM,data:H58ODWo3uRm/V4MuNRXV/LxGq6eSX/Og+k95wyV3cLLy9GCVPJP/AA==,iv:z71Fyl6XjcOwl0mwu/sycYm6g3ZZ8HijeeILWXUwUII=,tag:BIXwlUfI7CywLga4+zF87g==,type:str]
cfApiToken: ENC[AES256_GCM,data:Ajy7NlkGlHeOoHN3xfl7Eo/mUNUYRGYQJrD/kTbWkLU0QxowGEJPO8oGaB9NrOhuT6R0pAuAugTWj+/Yxg==,iv:MmGlH8xw1Buy9w7mJlGG9/RbLgB36iCMc5/0uHz0qwA=,tag:0uSCWejKa4mn1yt+vGn88g==,type:str]
ddns-tsig-key: ENC[AES256_GCM,data:QstpuXoJUplS4BxvRmGIbGBk0+uiLtbyE5XV3CcCcJd6xz7CCIOpsb/YR7w=,iv:2eEL8mD49o9+Qd0VPGAkkudBZOv5YV9h5vuHnugJ8BY=,tag:nurtUr3nfPOmwAExybJsNQ==,type:str]
bind-ddns-tsig-file: ENC[AES256_GCM,data:VoZh19vnpVxad/PBJdIv8axpZfZZA/txPNESwwRk23YrJ2aSJ+I19LbLPPniEryFSUchyaDocgeLy0vTC/FElc2IQQoj4oEX8sUeskL6Mi57WsZYLAQfIVEr1R0vyja6f+XOUSwmI/suU3AHDhmkSu0=,iv:cUKG+55PQiaGYm3056ri5OsG10YFJMWyC9+rPg6e7DM=,tag:J2PNelxamFMaUTbfN4dWcw==,type:str]
sops:
Expand Down Expand Up @@ -94,8 +94,8 @@ sops:
aXVheUlzK3prQWR5bytPcmlWSC9qOFEKmLiEcU0rCyi7HnBlgG/WZESnqC8erjKa
jNXj+pFjHW8bq6DlC8lclufntBiu7GYyX73SAE3Tpa9vMTyooGlv0g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-13T01:37:56Z"
mac: ENC[AES256_GCM,data:8oW84vt/OyouzxAut+LD40tzfinoyXBMELsXuzDiQOPPXsj/GHf4kgAI0lFgjswGM6z8IWE1yvgpMryW59qTulbWnjfC753PQnmBvD2YGB1ASGq3OulursIGGtksWeUC3KDKcg4iAWeqXI6u7tTc+4hi5MTi7nPmQbjn1UrxZso=,iv:+r1IgqsV5402DU/ZmHTxgsS3wc0quSMfgyXGM/hScZE=,tag:nPE9vfoB94KJQcVQh+TeWQ==,type:str]
lastmodified: "2025-01-19T15:26:04Z"
mac: ENC[AES256_GCM,data:qU3HChCRp70wbNNfmQtkFoMWNTZQmDFVTATtOMU9PhBUBHF4Kxnyg5qnXgpfhyYtpbjs1kNFd+Gh5IsvRwI8GccsL+Q6dd1UT148ajpnBLNNZnRNS7kLK9Crh1Y0ganPul0WBHWJspzyyNBfRrigk4LMyoBXGnei6/zeRDJMvV4=,iv:BDbhV5kHxydzla3//HTNYllpTDH06CyJbsxYWLhnTHU=,tag:wSBlFyXFWOI8m+xdg8rPpA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2
version: 3.9.3

0 comments on commit e1a629b

Please sign in to comment.