diff --git a/ops/nixos/bvm-heptapod/default.nix b/ops/nixos/bvm-heptapod/default.nix new file mode 100644 index 0000000000..56adbd6570 --- /dev/null +++ b/ops/nixos/bvm-heptapod/default.nix @@ -0,0 +1,37 @@ +# SPDX-FileCopyrightText: 2020 Luke Granger-Brown +# +# SPDX-License-Identifier: Apache-2.0 + +{ config, depot, lib, pkgs, ... }: +let + inherit (depot.ops) secrets; +in { + imports = [ + ../lib/bvm.nix + ]; + + # Networking! + networking = { + hostName = "bvm-heptapod"; + hostId = "c30784de"; + tempAddresses = "disabled"; + + interfaces.enp1s0 = { + ipv4.addresses = [{ address = "10.100.0.208"; prefixLength = 23; }]; + }; + interfaces.enp2s0 = { + ipv4.addresses = [{ address = "92.118.28.10"; prefixLength = 24; }]; + ipv6.addresses = [{ address = "2a09:a441::10"; prefixLength = 32; }]; + }; + defaultGateway = { address = "92.118.28.1"; interface = "enp2s0"; }; + defaultGateway6 = { address = "2a09:a441::1"; interface = "enp2s0"; }; + + firewall = { + allowedTCPPorts = [ 80 443 ]; + allowedUDPPorts = [ 443 ]; + }; + }; + my.ip.tailscale = "100.94.23.105"; + + system.stateVersion = "21.11"; +} diff --git a/ops/nixos/default.nix b/ops/nixos/default.nix index 406c119f03..5ffa762ba0 100644 --- a/ops/nixos/default.nix +++ b/ops/nixos/default.nix @@ -41,6 +41,7 @@ let "bvm-minecraft" "bvm-netbox" "bvm-radius" + "bvm-heptapod" ]; rebuilder = system: (import ./lib/rebuilder.nix (args // { system = system; })); systemCfgs = lib.genAttrs systems diff --git a/ops/nixos/installcd/default.nix b/ops/nixos/installcd/default.nix index 7323228ccc..a7829cafdd 100644 --- a/ops/nixos/installcd/default.nix +++ b/ops/nixos/installcd/default.nix @@ -13,8 +13,8 @@ in { isoImage.isoName = lib.mkForce "nixos-${depot.version}-${pkgs.stdenv.hostPlatform.system}.iso"; isoImage.storeContents = [ - depot.ops.nixos.systems.bvm-radius + depot.ops.nixos.systems.bvm-heptapod ]; - system.stateVersion = "21.05"; + system.stateVersion = "21.11"; } diff --git a/ops/nixos/lib/coredns/zones/db.as205479.net b/ops/nixos/lib/coredns/zones/db.as205479.net index 044d9b56ae..c5d8d35747 100644 --- a/ops/nixos/lib/coredns/zones/db.as205479.net +++ b/ops/nixos/lib/coredns/zones/db.as205479.net @@ -3,7 +3,7 @@ ; SPDX-License-Identifier: Apache-2.0 ; MNAME RNAME SERIAL REFRESH RETRY EXPIRE TTL -@ 600 IN SOA frantech-lux01.as205479.net. hostmaster.lukegb.com. 40 600 450 3600 300 +@ 600 IN SOA frantech-lux01.as205479.net. hostmaster.lukegb.com. 41 600 450 3600 300 ; NB: this are also glue records in Google Domains. $INCLUDE tmpl.ns @@ -83,6 +83,7 @@ bvm-win10.int 3600 IN A 100.71.230.20 bvm-matrix.int 3600 IN A 100.74.197.67 bvm-netbox.int 3600 IN A 100.81.27.52 bvm-radius.int 3600 IN A 100.120.98.116 +bvm-heptapod.int 3600 IN A 100.94.23.105 mac-mini.int 3600 IN A 100.91.188.84 @@ -150,6 +151,7 @@ bvm-win10.blade 3600 IN A 10.100.0.204 bvm-matrix.blade 3600 IN A 10.100.0.205 bvm-netbox.blade 3600 IN A 10.100.0.206 bvm-radius.blade 3600 IN A 10.100.0.207 +bvm-heptapod.blade 3600 IN A 10.100.0.208 ; services ; ceph-mon: blade-tuvok, blade-janeway, blade-paris @@ -196,6 +198,9 @@ bvm-radius 3600 IN A 92.118.28.9 bvm-radius 3600 IN AAAA 2a09:a441::9 radius 3600 IN CNAME bvm-radius.as205479.net. @ 3600 IN NAPTR 100 10 "s" "x-eduroam:radius.tls" "" _radsec._tcp.roaming.ja.net. +bvm-heptapod.public 3600 IN CNAME bvm-heptapod.as205479.net. +bvm-heptapod 3600 IN A 92.118.28.10 +bvm-heptapod 3600 IN AAAA 2a09:a441::10 ; quadv inet-vip.quadv 6000 IN A 92.118.31.254