From 13c3d637855f2f1a245eb0168eb4bfe59cb572cd Mon Sep 17 00:00:00 2001 From: Xavier Lagraula Date: Mon, 11 May 2026 11:31:41 +0200 Subject: [PATCH] feat: add centralized environment configuration - Add dns.nix: environment-specific DNS domain, name servers, forwarders - Add time.nix: NTP servers (gateway), timezone, hardware clock - Add proxy.nix: placeholder for future proxy settings (no proxy for now) - Add smtp.nix: SMTP relay configuration for system emails - Add default.nix: unified entry point for all network parameters These files allow environment-specific settings to be managed in one place and imported by host configurations. --- .../environments/dev/network/default.nix | 16 +++++++++++ nixos-infra/environments/dev/network/dns.nix | 23 ++++++++++++++++ .../environments/dev/network/proxy.nix | 27 +++++++++++++++++++ nixos-infra/environments/dev/network/smtp.nix | 22 +++++++++++++++ nixos-infra/environments/dev/network/time.nix | 16 +++++++++++ .../environments/stage/network/default.nix | 16 +++++++++++ .../environments/stage/network/dns.nix | 23 ++++++++++++++++ .../environments/stage/network/proxy.nix | 27 +++++++++++++++++++ .../environments/stage/network/smtp.nix | 22 +++++++++++++++ .../environments/stage/network/time.nix | 16 +++++++++++ 10 files changed, 208 insertions(+) create mode 100644 nixos-infra/environments/dev/network/default.nix create mode 100644 nixos-infra/environments/dev/network/dns.nix create mode 100644 nixos-infra/environments/dev/network/proxy.nix create mode 100644 nixos-infra/environments/dev/network/smtp.nix create mode 100644 nixos-infra/environments/dev/network/time.nix create mode 100644 nixos-infra/environments/stage/network/default.nix create mode 100644 nixos-infra/environments/stage/network/dns.nix create mode 100644 nixos-infra/environments/stage/network/proxy.nix create mode 100644 nixos-infra/environments/stage/network/smtp.nix create mode 100644 nixos-infra/environments/stage/network/time.nix diff --git a/nixos-infra/environments/dev/network/default.nix b/nixos-infra/environments/dev/network/default.nix new file mode 100644 index 0000000..342348f --- /dev/null +++ b/nixos-infra/environments/dev/network/default.nix @@ -0,0 +1,16 @@ +# Central network data source for the dev environment. +# +# Usage from a configuration.nix: +# network = import ../../network { }; +# network.dns.domain → "dev.lagraula.fr" +# network.time.timeZone → "Europe/Paris" +# +# Usage from a shell script (via `nix eval`): +# nix eval --json -f network/default.nix dns + +{ + dns = import ./dns.nix; + time = import ./time.nix; + proxy = import ./proxy.nix; + smtp = import ./smtp.nix; +} \ No newline at end of file diff --git a/nixos-infra/environments/dev/network/dns.nix b/nixos-infra/environments/dev/network/dns.nix new file mode 100644 index 0000000..1098f2f --- /dev/null +++ b/nixos-infra/environments/dev/network/dns.nix @@ -0,0 +1,23 @@ +{ config, pkgs, lib, ... }: + +{ + # Environment-specific DNS domain + domain = "dev.lagraula.fr"; + + # Default DNS servers for this environment + # These are the IPs of the DNS servers (e.g., dns-dev01, dns-dev02) + # that will be deployed in this environment. + defaultNameServers = [ "10.40.128.10" "10.40.128.11" ]; + + # Forwarders for this environment (e.g., upstream DNS) + forwarders = [ "1.1.1.1" "8.8.8.8" ]; + + # Allow zone transfers only to secondary DNS servers in this environment + allowZoneTransfer = [ "10.40.128.11" ]; + + # Recursion policy for this environment + recursion = "AllowOnlyForPrivateNetworks"; + + # Email for Let's Encrypt (Caddy) — can be environment-specific + letsEncryptEmail = "xavier@lagraula.fr"; +} \ No newline at end of file diff --git a/nixos-infra/environments/dev/network/proxy.nix b/nixos-infra/environments/dev/network/proxy.nix new file mode 100644 index 0000000..4a58c6c --- /dev/null +++ b/nixos-infra/environments/dev/network/proxy.nix @@ -0,0 +1,27 @@ +{ config, pkgs, lib, ... }: + +{ + # Proxy configuration for this environment + # Currently no proxy is used — direct access for all hosts + + # Workstations: no proxy + workstations = { + httpProxy = ""; + httpsProxy = ""; + noProxy = ""; + }; + + # Servers: no proxy + servers = { + httpProxy = ""; + httpsProxy = ""; + noProxy = ""; + }; + + # To enable a proxy later, uncomment and set the proxy URLs: + # workstations = { + # httpProxy = "http://proxy.dev.lagraula.fr:3128"; + # httpsProxy = "http://proxy.dev.lagraula.fr:3128"; + # noProxy = "localhost,127.0.0.1,::1,10.0.0.0/8"; + # }; +} \ No newline at end of file diff --git a/nixos-infra/environments/dev/network/smtp.nix b/nixos-infra/environments/dev/network/smtp.nix new file mode 100644 index 0000000..2102854 --- /dev/null +++ b/nixos-infra/environments/dev/network/smtp.nix @@ -0,0 +1,22 @@ +{ config, pkgs, lib, ... }: + +{ + # SMTP relay configuration for this environment + # Used by services that need to send email (e.g., monitoring alerts) + + # SMTP relay host — can be an internal relay or external service + relayHost = "smtp.lagraula.fr"; + relayPort = 587; + + # TLS settings + useTLS = true; + useSTARTTLS = true; + + # Authentication — currently none (open relay for internal use) + # To add authentication later: + # username = "noreply@dev.lagraula.fr"; + # passwordFile = config.age.secrets.smtp-password.path; + + # Default "From" address for system emails + fromAddress = "noreply@dev.lagraula.fr"; +} \ No newline at end of file diff --git a/nixos-infra/environments/dev/network/time.nix b/nixos-infra/environments/dev/network/time.nix new file mode 100644 index 0000000..8321cd5 --- /dev/null +++ b/nixos-infra/environments/dev/network/time.nix @@ -0,0 +1,16 @@ +{ config, pkgs, lib, ... }: + +{ + # NTP servers for this environment + # The gateway acts as the NTP server (IPv4 .1, IPv6 ::1) + ntpServers = [ + "10.10.128.1" # IPv4 gateway + "fd00::1" # IPv6 gateway + ]; + + # Time zone for this environment + timeZone = "Europe/Paris"; + + # Hardware clock setting + hardwareClock = "UTC"; +} \ No newline at end of file diff --git a/nixos-infra/environments/stage/network/default.nix b/nixos-infra/environments/stage/network/default.nix new file mode 100644 index 0000000..23ceb9f --- /dev/null +++ b/nixos-infra/environments/stage/network/default.nix @@ -0,0 +1,16 @@ +# Central network data source for the stage environment. +# +# Usage from a configuration.nix: +# network = import ../../network { }; +# network.dns.domain → "stage.lagraula.fr" +# network.time.timeZone → "Europe/Paris" +# +# Usage from a shell script (via `nix eval`): +# nix eval --json -f network/default.nix dns + +{ + dns = import ./dns.nix; + time = import ./time.nix; + proxy = import ./proxy.nix; + smtp = import ./smtp.nix; +} \ No newline at end of file diff --git a/nixos-infra/environments/stage/network/dns.nix b/nixos-infra/environments/stage/network/dns.nix new file mode 100644 index 0000000..2e79cd6 --- /dev/null +++ b/nixos-infra/environments/stage/network/dns.nix @@ -0,0 +1,23 @@ +{ config, pkgs, lib, ... }: + +{ + # Environment-specific DNS domain + domain = "stage.lagraula.fr"; + + # Default DNS servers for this environment + # These are the IPs of the DNS servers (e.g., dns-stage01, dns-stage02) + # that will be deployed in this environment. + defaultNameServers = [ "10.40.128.10" "10.40.128.11" ]; + + # Forwarders for this environment (e.g., upstream DNS) + forwarders = [ "1.1.1.1" "8.8.8.8" ]; + + # Allow zone transfers only to secondary DNS servers in this environment + allowZoneTransfer = [ "10.40.128.11" ]; + + # Recursion policy for this environment + recursion = "AllowOnlyForPrivateNetworks"; + + # Email for Let's Encrypt (Caddy) — can be environment-specific + letsEncryptEmail = "xavier@lagraula.fr"; +} \ No newline at end of file diff --git a/nixos-infra/environments/stage/network/proxy.nix b/nixos-infra/environments/stage/network/proxy.nix new file mode 100644 index 0000000..a1e9824 --- /dev/null +++ b/nixos-infra/environments/stage/network/proxy.nix @@ -0,0 +1,27 @@ +{ config, pkgs, lib, ... }: + +{ + # Proxy configuration for this environment + # Currently no proxy is used — direct access for all hosts + + # Workstations: no proxy + workstations = { + httpProxy = ""; + httpsProxy = ""; + noProxy = ""; + }; + + # Servers: no proxy + servers = { + httpProxy = ""; + httpsProxy = ""; + noProxy = ""; + }; + + # To enable a proxy later, uncomment and set the proxy URLs: + # workstations = { + # httpProxy = "http://proxy.stage.lagraula.fr:3128"; + # httpsProxy = "http://proxy.stage.lagraula.fr:3128"; + # noProxy = "localhost,127.0.0.1,::1,10.0.0.0/8"; + # }; +} \ No newline at end of file diff --git a/nixos-infra/environments/stage/network/smtp.nix b/nixos-infra/environments/stage/network/smtp.nix new file mode 100644 index 0000000..2af19d5 --- /dev/null +++ b/nixos-infra/environments/stage/network/smtp.nix @@ -0,0 +1,22 @@ +{ config, pkgs, lib, ... }: + +{ + # SMTP relay configuration for this environment + # Used by services that need to send email (e.g., monitoring alerts) + + # SMTP relay host — can be an internal relay or external service + relayHost = "smtp.lagraula.fr"; + relayPort = 587; + + # TLS settings + useTLS = true; + useSTARTTLS = true; + + # Authentication — currently none (open relay for internal use) + # To add authentication later: + # username = "noreply@stage.lagraula.fr"; + # passwordFile = config.age.secrets.smtp-password.path; + + # Default "From" address for system emails + fromAddress = "noreply@stage.lagraula.fr"; +} \ No newline at end of file diff --git a/nixos-infra/environments/stage/network/time.nix b/nixos-infra/environments/stage/network/time.nix new file mode 100644 index 0000000..8321cd5 --- /dev/null +++ b/nixos-infra/environments/stage/network/time.nix @@ -0,0 +1,16 @@ +{ config, pkgs, lib, ... }: + +{ + # NTP servers for this environment + # The gateway acts as the NTP server (IPv4 .1, IPv6 ::1) + ntpServers = [ + "10.10.128.1" # IPv4 gateway + "fd00::1" # IPv6 gateway + ]; + + # Time zone for this environment + timeZone = "Europe/Paris"; + + # Hardware clock setting + hardwareClock = "UTC"; +} \ No newline at end of file